- Timo Sirainen dovecot@dovecot.org:
On 22.11.2013, at 0.35, Gareth Palmer gareth@acsdata.co.nz wrote:
The following patch adds support for enabling MYSQL_OPT_SSL_VERIFY_SERVER_CERT.
It makes the mysql client library check that the commonName in the server's SSL certificate matches the host name provided to mysql_real_connect() and aborts the connection if the name doesn't match.
An example connect string would look something like:
connect = ... ssl-ca=/path/to/ca.cert ssl-verify-server-cert=yes
By default the mysql client library does not perform this check.
If someone goes through the trouble of using SSL with MySQL .. should this even be optional? I guess I shouldn’t break any v2.2 installations even accidentally, but for v2.3 I don’t really see any point of not having this enabled unconditionally.
It should be optional or it will break other running systems when the update/upgrade.
p@rick
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein