Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC

Add support for key and crt

Bug #1235244 reported by Raghavendra D Prabhu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC
Status tracked in 5.6
5.5
Fix Released
Undecided
Raghavendra D Prabhu
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC 5.5.34-23.7.6
5.6
Fix Released
Undecided
Raghavendra D Prabhu
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC 5.6.14-25.1

Bug Description

As discussed, add support for just the key and crt files like how Galera supports it (http://www.codership.com/wiki/doku.php?id=ssl_support). It will be added as 'encrypt=3' for keeping backward compatibility.

Revision history for this message
Jay Janssen (jay-janssen) wrote :

To clarify, we should be able to configure SST to encrypt just like Galera:

wsrep_provider_options = "socket.ssl_cert=/etc/mysql/cert.pem; socket.ssl_key=/etc/mysql/key.pem"

[ssl]
encrypt=3
tkey=/etc/mysql/key.pem
tcert=/etc/mysql/cert.pem

or similar.

Doc should be updated to reflect that this (like Galera currently) does not provide certificate validation.

Revision history for this message
Jay Janssen (jay-janssen) wrote :

Bonus points if you don't have to specify tkey/tcert, but the sst script is smart enough to get them from the galera settings. :)

wsrep_provider_options = "socket.ssl_cert=/etc/mysql/cert.pem; socket.ssl_key=/etc/mysql/key.pem"

[ssl]
encrypt=3

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1463

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.