On 29/11/2020 15:08, Marius Schwarz wrote:
Am 29.11.20 um 15:29 schrieb Tom Hughes via devel:
On 29/11/2020 13:29, Marius Schwarz wrote:
as i just got informed, libnss-maria does support TLS/SSL connections
to DB servers and is a replacement for the normal libnss-mysql, which
does not support encrypted connections. The libnss-mysql package is
unchanged for years now and is based on age old code from early 200x
I don't know if it makes a difference but the Fedora libnss-mysql is
actually built against the mariadb client library.
You need options to set SSL key/certfiles for authentication against the
db, but libnss-mysql does not offer such options.
Well if you want to do certificate authentication of the client
then you would need those but there's nothing to stop it doing
the same level of SSL as a typical https connection without
any of that - it would just validate the server certificate
against the system root certificate store.
I don't know offhand if the mysql/mariadb client libraries
will do that without prompting but it's certainly possible.
Tom
--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
