Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allows SSL privake keys other than RSA , and implement PROXYSQL RELOAD TLS #3552

Merged
merged 5 commits into from
Aug 26, 2021
Merged

Allows SSL privake keys other than RSA , and implement PROXYSQL RELOAD TLS #3552

merged 5 commits into from
Aug 26, 2021

Conversation

renecannao
Copy link
Contributor

@renecannao renecannao commented Aug 6, 2021
edited
Loading

This closes issue #3551 and #3553
It also disable the annoying error in #3424

@renecannao
Deprecate PEM_read_bio_RSAPrivateKey
7aebd6d 
Deprecate PEM_read_bio_RSAPrivateKey in favour of PEM_read_bio_PrivateKey.
This allows to read keys other than RSA .
@renecannao
Remove error when clients connect without certificate #3424
0ed4514 
We currently disable this annoying error
In future we can configure this as per user level, specifying if the certificate is mandatory or not
See issue #3424
Original error was: X509 error: no required certificate sent by client
@renecannao
Implemented PROXYSQL RELOAD TLS
fd7b5f8 
Command PROXYSQL RELOAD TLS is able to load new key/cert files and
create a new SSL context.

Loading of SSL can happens in two stages:
* during bootstrap: if it fails, proxysql dies
* running PROXYSQL RELOAD TLS: if it fails, proxysql will keep the old SSL context

This new method should successfully handle errors like missing or corrupted files.

We are also adding two buffers used to store the key/cert, to be used by the web interface.
@renecannao renecannao changed the title Allows SSL privake keys other than RSA Allows SSL privake keys other than RSA , and implement PROXYSQL RELOAD TLS Aug 6, 2021
@renecannao renecannao marked this pull request as draft August 6, 2021 17:14
@JavierJF
Copy link
Collaborator

Retest this please.

@renecannao renecannao marked this pull request as ready for review August 26, 2021 10:58
@renecannao renecannao merged commit 08ea308 into v2.x Aug 26, 2021
@renecannao renecannao deleted the v2.x-ssl_no-rsa branch April 30, 2022 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renecannao @JavierJF