Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update mysql mariadb logic for mtls connections #66

Merged
merged 5 commits into from
Feb 1, 2022
Merged

Update mysql mariadb logic for mtls connections #66

merged 5 commits into from
Feb 1, 2022

Conversation

IbraheemYSaleh
Copy link
Contributor

No description provided.

@codecov-commenter
Copy link

codecov-commenter commented Feb 1, 2022
edited

Codecov Report

Merging #66 (7e868e4) into collab_main (d76b161) will decrease coverage by 2.05%.
The diff coverage is 23.45%.

Impacted file tree graph

@@               Coverage Diff               @@
##           collab_main      #66      +/-   ##
===============================================
- Coverage        84.20%   82.14%   -2.06%     
===============================================
  Files               16       17       +1     
  Lines             3603     3658      +55     
===============================================
- Hits              3034     3005      -29     
- Misses             569      653      +84
Impacted Files Coverage Δ
util/src_util/et_dt_validation.c 98.19% <ø> (-0.04%) ⬇️
util/src_util/ut_kmc_crypto_with_mtls_sadb.c 0.00% <0.00%> (ø)
src/src_main/crypto_tc.c 87.45% <80.00%> (-2.74%) ⬇️
src/src_main/crypto_config.c 95.51% <100.00%> (+0.09%) ⬆️
util/src_util/ut_crypto_config.c 100.00% <100.00%> (ø)
...gcrypt/cryptography_interface_libgcrypt.template.c 81.23% <0.00%> (-3.76%) ⬇️
src/src_main/crypto.c 98.80% <0.00%> (+0.40%) ⬆️
src/src_main/sadb_routine_inmemory.template.c 72.47% <0.00%> (+2.02%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3cada00...7e868e4. Read the comment docs.

@IbraheemYSaleh
Copy link
Contributor Author

Comment from Mike Pajevski:

From a security perspective, you need to consider that a client must be able to require TLS to the server. You cannot depend on the settings on the server — because an attacker could somehow redirect a user to a bad server that does not use TLS. If the client will fall back to an open connection in that case, the client will be using a bad server.

Based on this, I will add a configuration parameter to require secure transport from the C Client:
https://dev.mysql.com/doc/c-api/8.0/en/c-api-encrypted-connections.html#c-api-enforcing-encrypted-connection
https://dev.mysql.com/doc/refman/8.0/en/encrypted-connections.html

@IbraheemYSaleh IbraheemYSaleh merged commit 20bee50 into collab_main Feb 1, 2022
@dccutrig dccutrig deleted the mtls_config_params_pt2 branch March 1, 2022 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dccutrig dccutrig dccutrig approved these changes

@jlucas9 jlucas9 Awaiting requested review from jlucas9

@rjbrown2 rjbrown2 Awaiting requested review from rjbrown2

@szemerick szemerick Awaiting requested review from szemerick

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@IbraheemYSaleh @codecov-commenter @dccutrig @iysaleh