HammerDB: Allow to skip CA for MariaDB #407
Conversation
Signed-off-by: Igor Konopko <igor.j.konopko@intel.com>
There was a problem hiding this comment.
Have tested and confirm this is OK to accept.
currently setting a blank CA will set ssl options as follows:
set ssl_options { -ssl true -sslca /opt/mariadb-10.8.1-linux-x86_64/ssl -sslcert /opt/mariadb-10.8.1-linux-x86_64/ssl/client-cert.pem -sslkey /opt/mariadb-10.8.1-linux-x86_64/ssl/client-key.pem } ;# Maria SSL/TLS options
which gives following error
Error in Virtual User 1: mariaconnect/db server: SSL connection error: Error while reading file.
These changes allow the following:
set ssl_options { -ssl true -sslcert /opt/mariadb-10.8.1-linux-x86_64/ssl/client-cert.pem -sslkey /opt/mariadb-10.8.1-linux-x86_64/ssl/client-key.pem } ;# Maria SSL/TLS options
and also to set CA
set ssl_options { -ssl true -sslca /opt/mariadb-10.8.1-linux-x86_64/ssl/ca-cert.pem -sslcert /opt/mariadb-10.8.1-linux-x86_64/ssl/client-cert.pem -sslkey /opt/mariadb-10.8.1-linux-x86_64/ssl/client-key.pem } ;# Maria SSL/TLS options
so the changes make the following allowable in the GUI
This patch adds the ability to pass empty string as the path to certificate authority (CA), when using SSL connection to MariaDB.
Currently when trying to authenticate MariaDB user using SSL key and SSL certificate, HammerDB also requires providing path CA. Providing CA is a recommended solution in production environment, but it is not required. Especially when using self-signed certificates, such a CA cannot be properly verified by OpenSSL and thus it can be rejected, so we want to avoid such a scenario by not specifying path to CA.
Signed-off-by: Igor Konopko igor.j.konopko@intel.com