Skip to content

MDEV-28239: rsync and mariabackup SST scripts handle sst ssl_mode option differently#5315

Open
hemantdangi-gc wants to merge 1 commit into
MariaDB:10.6from
mariadb-corporation:10.6-MDEV-28239
Open

MDEV-28239: rsync and mariabackup SST scripts handle sst ssl_mode option differently#5315
hemantdangi-gc wants to merge 1 commit into
MariaDB:10.6from
mariadb-corporation:10.6-MDEV-28239

Conversation

@hemantdangi-gc

Copy link
Copy Markdown
Contributor

Issue:
The mariabackup SST script enabled a peer certificate name check for any ssl-mode starting with VERIFY, so VERIFY_CA behaved like VERIFY_IDENTITY, unlike the rsync script.

Solution:
For VERIFY_CA verify the chain only - drop the socat "commonname" check in mariabackup and gate the rsync checkHost/checkIP on VERIFY_IDENTITY.

…ion differently

Issue:
The mariabackup SST script enabled a peer certificate name check
for any ssl-mode starting with VERIFY, so VERIFY_CA behaved like
VERIFY_IDENTITY, unlike the rsync script.

Solution:
For VERIFY_CA verify the chain only - drop the socat
"commonname" check in mariabackup and gate the rsync checkHost/checkIP
on VERIFY_IDENTITY.
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Warning

Gemini encountered an error creating the review. You can try again by commenting /gemini review.

@hemantdangi-gc

Copy link
Copy Markdown
Contributor Author

/gemini review

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Warning

Gemini encountered an error creating the review. You can try again by commenting /gemini review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Development

Successfully merging this pull request may close these issues.

2 participants