hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix server TLS regression

Browse Source 
The code in 2.3 was changed to allow "empty" SSL definitions now that the
system CA is used. The code in 2.4 did not allow this which caused non-TLS
connections to be created when only ssl=true was defined.
This commit is contained in:
Markus Mäkelä
2020-02-17 16:44:06 +02:00
parent 5842242e94
commit 405b10ad50
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/core/mysql_utils.cc
View File

@ -36,8 +36,8 @@
MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, const char* passwd)
{
auto ssl = server->ssl().config();
bool have_ssl = ssl && !ssl->empty();
if (have_ssl)
if (ssl)
{
char enforce_tls = 1;
mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE, (void*)&enforce_tls);
@ -89,7 +89,7 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
/** Copy the server charset */
server->charset = mxs_mysql_get_character_set(mysql);
if (have_ssl && mysql_get_ssl_cipher(con) == NULL)
if (ssl && mysql_get_ssl_cipher(con) == NULL)
{
if (server->warn_ssl_not_enabled)
{