Comments - Securing Connections for Client and Server
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
I have a script that generates self signed certs based on this instruction:
https://mariadb.com/kb/en/certificate-creation-with-openssl/
When connecting with --ssl-verify-server-cert, it fails:
Without server cert verification, I can login OK and the SSL sessions checks out:
Please advise. Thank you.
See https://mariadb.com/kb/en/connecting-to-mariadb/#ssl-verify-server-cert
--ssl-verify-server-cert
means "Verify server's "Common Name" in its cert against hostname used when connecting"you have CN=mariadb, but your host name, probably, isn't "mariadb", is it?
Hi Sergei,
Thank you for the feedback. No, it's redacted. The server and client are on the same host of FreeBSD 12.1. I've check the compiled library linking to the OpenSSL:
The libmariadb seems to link correctly while the libmariadbclient doesn't. I presume that the server uses libmariadb and the 'mysql' client uses libmariadbclient even though both client and server are compiled from the same source but with different configurations? If that's the case, I'll need to file a bug with the maintainer. By the way, when run the 'mariadb_config' on the client, does it utilizes libmariadbclient or libmariadb because the mariadb_config shows a different OpenSSL version 1.1.1e.
Thanks, Tommy
libmariadb.so and libmariadbclient.a are compiled from the same source tree and same settings. One
make
command compiles both.The "mysql" client is linked with
libmariadbclient.a
(you can check withldd
). The server uses neither.Thank you for the clarification and confirmation regarding my suspicion of "mysql" client linking to libmariadbclient.