Mysql_db dump/import add missing SSL mode #570
Conversation
Codecov ReportPatch coverage has no change and project coverage change:
Additional details and impacted files@@ Coverage Diff @@
## main #570 +/- ##
==========================================
- Coverage 76.96% 74.22% -2.75%
==========================================
Files 28 18 -10
Lines 2379 2258 -121
Branches 579 562 -17
==========================================
- Hits 1831 1676 -155
- Misses 389 409 +20
- Partials 159 173 +14
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
|
@FlorianPerrot hello, thanks for the patch! |
There was a problem hiding this comment.
The --ssl option is implied by other --ssl-* options. As a workaround, you could set the ssl_ca variable to some file with trusted CA certs.
The --ssl argument does not exist in MySQL 8, it was removed in favor of --ssl-mode.
The name check_hostname is ambiguous: What is checked?
I would expect it to mean --ssl-verify-server-cert for MariaDB and --ssl-mode=VERIFY_IDENTITY for MySQL. But this should be decided and documented.
MariaDB docs: https://mariadb.com/kb/en/securing-connections-for-client-and-server/#enabling-one-way-tls-for-mariadb-clients
MySQL docs: https://dev.mysql.com/doc/refman/8.0/en/using-encrypted-connections.html#using-encrypted-connections-client-side-configuration
|
Hum good point. I hadn't seen "--ssl" argument different with mariadb and mysql... |
SUMMARY
Add missing argument
--sslfor db dump and import ifcheck_hostnameis true.ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Useful, if you want is ssl mode without certifcat.
https://mariadb.com/kb/en/securing-connections-for-client-and-server/#enabling-one-way-tls-for-mariadb-clients-without-server-certificate-verification