mysql2 icon indicating copy to clipboard operation
mysql2 copied to clipboard

Published 20 hours ago verified publisher icon brianmario

CA verification not respected when `ssl_mode` flag is passed

Open pivotal-jamil-shamy opened this issue 7 years ago • 2 comments

Prerequisites:

  • MYSQL2 GEM is linked against MariaDB Connector/C 3.0.2

Issue:

When trying to establish a connection as below, even when giving an incorrect CA that did not sign the server certificate, a connection is established successfully:

:ssl_mode => "verify_ca",  :sslca => "path-to-incorrect-ca"

Any reason why this could be happening ?

pivotal-jamil-shamy avatar Jan 30 '18 22:01 pivotal-jamil-shamy

The MariaDB Connector doesn't support :ssl_mode / partial validation; so, the CA is just ignored without the :verifyssl flag.

bwinter avatar Oct 27 '18 03:10 bwinter

There's a warning for MySQL < 5.7.11 that :ssl_mode is only partially supported. Should there be an equivalent warning for certain versions of MariaDB? All versions of MariaDB?

Answering my own question by linking to https://github.com/brianmario/mysql2/issues/879#issuecomment-437951093

sodabrew avatar Feb 03 '19 22:02 sodabrew