[Dovecot] [PATCH] lib-sql/driver-mysql.c - Add support for enabling MYSQL_OPT_SSL_VERIFY_SERVER_CERT
Timo Sirainen
tss at iki.fi
Fri Nov 22 00:42:22 EET 2013
On 22.11.2013, at 0.35, Gareth Palmer <gareth at acsdata.co.nz> wrote:
> The following patch adds support for enabling
> MYSQL_OPT_SSL_VERIFY_SERVER_CERT.
>
> It makes the mysql client library check that the commonName in the
> server's SSL certificate matches the host name provided to
> mysql_real_connect() and aborts the connection if the name doesn't
> match.
>
> An example connect string would look something like:
>
> connect = ... ssl-ca=/path/to/ca.cert ssl-verify-server-cert=yes
>
> By default the mysql client library does not perform this check.
If someone goes through the trouble of using SSL with MySQL .. should this even be optional? I guess I shouldn’t break any v2.2 installations even accidentally, but for v2.3 I don’t really see any point of not having this enabled unconditionally.
More information about the dovecot
mailing list