From 5d930585f9d8c6b8eb93cbfd23e1e1fd5d94869d Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Tue, 8 Nov 2016 15:21:58 +0200 Subject: [PATCH] Use TLS for connector connections The monitors and services didn't use TLS when they connected to the backend servers. Since there has been no proof of instability, TLS should be enabled. --- server/core/mysql_utils.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/server/core/mysql_utils.c b/server/core/mysql_utils.c index 137c73898..db92ab592 100644 --- a/server/core/mysql_utils.c +++ b/server/core/mysql_utils.c @@ -161,15 +161,7 @@ MYSQL *mxs_mysql_real_connect(MYSQL *con, SERVER *server, const char *user, cons if (listener) { -#ifdef CONNECTOR_C_SSL_AND_OPENSSL_INTERFERENCE_SORTED_OUT - // TODO: No conclusive evidence yet, but tentatively it seems that when OpenSSL is - // TODO: used explicitly (backend SSL) and in conjunction with Connector-C, the - // TODO: latter SSL becomes unstable. So for the time being the monitors and - // TODO: services (fetch users) do not use SSL when connecting to the backend. - - // mysql_ssl_set always returns true. mysql_ssl_set(con, listener->ssl_key, listener->ssl_cert, listener->ssl_ca_cert, NULL, NULL); -#endif } return mysql_real_connect(con, server->name, user, passwd, NULL, server->port, NULL, 0);