Percona XtraDB Cluster - HA scalable solution for MySQL

Add support for key and crt

Reported by Raghavendra D Prabhu on 2013-10-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraDB Cluster
Status tracked in Trunk
5.6
Undecided
Raghavendra D Prabhu
Trunk
Undecided
Raghavendra D Prabhu

Bug Description

As discussed, add support for just the key and crt files like how Galera supports it (http://www.codership.com/wiki/doku.php?id=ssl_support). It will be added as 'encrypt=3' for keeping backward compatibility.

Jay Janssen (jay-janssen) wrote :

To clarify, we should be able to configure SST to encrypt just like Galera:

wsrep_provider_options = "socket.ssl_cert=/etc/mysql/cert.pem; socket.ssl_key=/etc/mysql/key.pem"

[ssl]
encrypt=3
tkey=/etc/mysql/key.pem
tcert=/etc/mysql/cert.pem

or similar.

Doc should be updated to reflect that this (like Galera currently) does not provide certificate validation.

Jay Janssen (jay-janssen) wrote :

Bonus points if you don't have to specify tkey/tcert, but the sst script is smart enough to get them from the galera settings. :)

wsrep_provider_options = "socket.ssl_cert=/etc/mysql/cert.pem; socket.ssl_key=/etc/mysql/key.pem"

[ssl]
encrypt=3

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers