MXS-2857: Disable peer verification by default

The fix to the bug where peer certificates were validated but not required caused the default behavior to change. The default should've changed at the same time the fix was made.
2020-01-29 11:30:56 +02:00
parent a3fd5a0218
commit f53faba795
2 changed files with 9 additions and 6 deletions
--- a/server/core/config.cc
+++ b/server/core/config.cc
@ -342,7 +342,7 @@ const MXS_MODULE_PARAM config_listener_params[] =
     MXS_MODULE_OPT_ENUM_UNIQUE,
     ssl_version_values},
    {CN_SSL_CERT_VERIFY_DEPTH,       MXS_MODULE_PARAM_COUNT,   "9"},
-    {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL,    "true"},
+    {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL,    "false"},
    {NULL}
 };

@ -421,7 +421,7 @@ const MXS_MODULE_PARAM config_server_params[] =
     MXS_MODULE_OPT_ENUM_UNIQUE,
     ssl_version_values},
    {CN_SSL_CERT_VERIFY_DEPTH,       MXS_MODULE_PARAM_COUNT,  "9"},
-    {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL,   "true"},
+    {CN_SSL_VERIFY_PEER_CERTIFICATE, MXS_MODULE_PARAM_BOOL,   "false"},
    {CN_DISK_SPACE_THRESHOLD,        MXS_MODULE_PARAM_STRING},
    {NULL}
 };