hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1019: Make peer certificate verification configurable

Browse Source 
The new `ssl_verify_peer_certificate` parameter controls whether the peer
certificate is verified. This allows self-signed certificates to be
properly used with MaxScale.
This commit is contained in:
Markus Mäkelä
2017-11-14 13:21:40 +02:00
parent 925fff4abc
commit 63ae436bd5
7 changed files with 87 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/modules/routing/binlogrouter/blr.c
View File

@ -712,6 +712,7 @@ createInstance(SERVICE *service, char **options)
ssl_cfg->ssl_init_done = false;
ssl_cfg->ssl_method_type = SERVICE_SSL_TLS_MAX;
ssl_cfg->ssl_cert_verify_depth = 9;
ssl_cfg->ssl_verify_peer_certificate = true;
/** Set SSL pointer in in server struct */
server->server_ssl = ssl_cfg;

1
server/modules/routing/binlogrouter/blr_slave.c
View File

@ -5766,6 +5766,7 @@ blr_set_master_ssl(ROUTER_INSTANCE *router, CHANGE_MASTER_OPTIONS config, char *
server_ssl->ssl_init_done = false;
server_ssl->ssl_method_type = SERVICE_SSL_TLS_MAX;
server_ssl->ssl_cert_verify_depth = 9;
server_ssl->ssl_verify_peer_certificate = true;
/* Set the pointer */
router->service->dbref->server->server_ssl = server_ssl;