hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.3' into 2.4

Browse Source
This commit is contained in:
Markus Mäkelä
2019-11-29 16:41:07 +02:00
parent 521c75505b cd9b82ba09
commit 7a5e50f980
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -2022,10 +2022,14 @@ This parameter controls the level of encryption used. Accepted values are:
* TLSv10 * TLSv10
* TLSv11 * TLSv11
* TLSv12 * TLSv12
* TLSv13
* MAX * MAX
The default is to use the highest level of encryption available. For OpenSSL 1.0 The default is to use the highest level of encryption available that both the
and newer this is TLSv1.2. client and server support. MaxScale supports TLSv1.0, TLSv1.1, TLSv1.2 and
TLSv1.3 depending on the OpenSSL library version.
The `TLSv13` value was added in MaxScale 2.3.15 ([MXS-2762](https://jira.mariadb.org/browse/MXS-2762)).
### `ssl_cert_verify_depth` ### `ssl_cert_verify_depth`

6
server/core/ssl.cc
View File

@ -245,7 +245,7 @@ bool SSLContext::init()
case SERVICE_TLS11: case SERVICE_TLS11:
#ifdef OPENSSL_1_0 #if defined (OPENSSL_1_0) || defined (OPENSSL_1_1)
m_method = (SSL_METHOD*)TLSv1_1_method(); m_method = (SSL_METHOD*)TLSv1_1_method();
#else #else
MXS_ERROR("TLSv1.1 is not supported on this system."); MXS_ERROR("TLSv1.1 is not supported on this system.");
@ -254,7 +254,7 @@ bool SSLContext::init()
break; break;
case SERVICE_TLS12: case SERVICE_TLS12:
#ifdef OPENSSL_1_0 #if defined (OPENSSL_1_0) || defined (OPENSSL_1_1)
m_method = (SSL_METHOD*)TLSv1_2_method(); m_method = (SSL_METHOD*)TLSv1_2_method();
#else #else
MXS_ERROR("TLSv1.2 is not supported on this system."); MXS_ERROR("TLSv1.2 is not supported on this system.");
@ -340,7 +340,7 @@ bool SSLContext::init()
/* Load the CA certificate into the SSL_CTX structure */ /* Load the CA certificate into the SSL_CTX structure */
if (!SSL_CTX_load_verify_locations(m_ctx, m_cfg.ca.c_str(), NULL)) if (!SSL_CTX_load_verify_locations(m_ctx, m_cfg.ca.c_str(), NULL))
{ {
MXS_ERROR("Failed to set Certificate Authority file"); MXS_ERROR("Failed to set Certificate Authority file: %s", get_ssl_errors());
return false; return false;
} }

3
server/modules/authenticator/MariaDBAuth/dbusers.cc
View File

@ -77,7 +77,7 @@ const char* mariadb_102_users_query =
"), users AS (" "), users AS ("
// Select the root row, the actual user // Select the root row, the actual user
" SELECT t.user, t.host, t.db, t.select_priv, t.password, t.default_role AS role FROM t" " SELECT t.user, t.host, t.db, t.select_priv, t.password, t.default_role AS role FROM t"
" WHERE t.is_role <> 'Y'" " WHERE t.is_role = 'N'"
" UNION" " UNION"
// Recursively select all roles for the users // Recursively select all roles for the users
" SELECT u.user, u.host, t.db, t.select_priv, u.password, r.role FROM t" " SELECT u.user, u.host, t.db, t.select_priv, u.password, r.role FROM t"
@ -85,6 +85,7 @@ const char* mariadb_102_users_query =
" ON (t.user = u.role)" " ON (t.user = u.role)"
" LEFT JOIN mysql.roles_mapping AS r" " LEFT JOIN mysql.roles_mapping AS r"
" ON (t.user = r.user)" " ON (t.user = r.user)"
" WHERE t.is_role = 'Y'"
")" ")"
"SELECT DISTINCT t.user, t.host, t.db, t.select_priv, t.password FROM users AS t %s"; "SELECT DISTINCT t.user, t.host, t.db, t.select_priv, t.password FROM users AS t %s";