[Dovecot] [PATCH] lib-sql/driver-mysql.c - Add support for enabling MYSQL_OPT_SSL_VERIFY_SERVER_CERT
Patrick Ben Koetter
p at sys4.de
Fri Nov 22 09:22:06 EET 2013
* Timo Sirainen <dovecot at dovecot.org>:
> On 22.11.2013, at 0.35, Gareth Palmer <gareth at acsdata.co.nz> wrote:
>
> > The following patch adds support for enabling
> > MYSQL_OPT_SSL_VERIFY_SERVER_CERT.
> >
> > It makes the mysql client library check that the commonName in the
> > server's SSL certificate matches the host name provided to
> > mysql_real_connect() and aborts the connection if the name doesn't
> > match.
> >
> > An example connect string would look something like:
> >
> > connect = ... ssl-ca=/path/to/ca.cert ssl-verify-server-cert=yes
> >
> > By default the mysql client library does not perform this check.
>
> If someone goes through the trouble of using SSL with MySQL .. should this
> even be optional? I guess I shouldn’t break any v2.2 installations even
> accidentally, but for v2.3 I don’t really see any point of not having this
> enabled unconditionally.
It should be optional or it will break other running systems when the
update/upgrade.
p at rick
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list