hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use TLS for connector connections

Browse Source 
The monitors and services didn't use TLS when they connected to the
backend servers. Since there has been no proof of instability, TLS should
be enabled.
This commit is contained in:
Markus Makela 2016-11-08 15:21:58 +02:00
parent 83f3245f75
commit 5d930585f9
1 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/core/mysql_utils.c
View File

@ -161,15 +161,7 @@ MYSQL *mxs_mysql_real_connect(MYSQL *con, SERVER *server, const char *user, cons
if (listener)
{
#ifdef CONNECTOR_C_SSL_AND_OPENSSL_INTERFERENCE_SORTED_OUT
// TODO: No conclusive evidence yet, but tentatively it seems that when OpenSSL is
// TODO: used explicitly (backend SSL) and in conjunction with Connector-C, the
// TODO: latter SSL becomes unstable. So for the time being the monitors and
// TODO: services (fetch users) do not use SSL when connecting to the backend.
// mysql_ssl_set always returns true.
mysql_ssl_set(con, listener->ssl_key, listener->ssl_cert, listener->ssl_ca_cert, NULL, NULL);
#endif
}
return mysql_real_connect(con, server->name, user, passwd, NULL, server->port, NULL, 0);