Re: Exchange: libnss-mysql -> libnss-maria

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29/11/2020 15:08, Marius Schwarz wrote:
Am 29.11.20 um 15:29 schrieb Tom Hughes via devel:
On 29/11/2020 13:29, Marius Schwarz wrote:

as i just got informed, libnss-maria does support TLS/SSL connections to DB servers and is a replacement for the normal libnss-mysql, which does not support encrypted connections. The libnss-mysql package is unchanged for years now and is based on age old code from early 200x

I don't know if it makes a difference but the  Fedora libnss-mysql is
actually built against the mariadb client library.

You need options to set SSL key/certfiles for authentication against the db, but libnss-mysql does not offer such options.

Well if you want to do certificate authentication of the client
then you would need those but there's nothing to stop it doing
the same level of SSL as a typical https connection without
any of that - it would just validate the server certificate
against the system root certificate store.

I don't know offhand if the mysql/mariadb client libraries
will do that without prompting but it's certainly possible.

Tom

--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux