stackoom
  简体   繁体   中英

Make MariaDB 10.3 on raspberry pi use OpenSSL instead of yaSSL

 原文  2020-07-14 16:29:22       raspberry-pi/ openssl/ mariadb/ certificate-authority/ certificate-revocation

Question

I have a raspberry pi setup using Raspbian Buster and created an OpenSSL Certificate Authority I intend to use with a mobile app. The root CA signs an intermediate CA that signs the server certificate for a MariaDB MySql server and using a self-made WebAPI, it can sign certificate signing requests for clients to access the DB (clients and the server must both be authenticated).

I can connect to the database over the MariaDB client, using SSL and requiring the client to authenticate its certificate, however if I revoke the client certificate it still allows access. It appears that on the Raspberry Pi, MariaDB runs 10.3 and uses the yaSSL library instead of OpenSSL, even though the OpenSSL library is on the Pi.

Is there a way I can make MariaDB use OpenSSL rather than yaSSL as openSSL supports crl_path, which is required for mariadb to check the revocation list and deny access to revoked certificates as explained here . Another option would be to use MariaDB 10.4 however I believe it must be compiled from source which i tried to no avail, or use another OS which I would not like to do.

1 answers

solution1
 0 ACCPTED  2021-03-26 05:49:32

I'm attempting to do the same but using 10.5 stable released source. It's currently compiling...

There is a build configuration switch that cmake needs to make it compile with openssl: cmake -DWITH_SSL=SYSTEM

That will make the make use the OS provided SSL library which in my case on Raspberry Pi4 Raspbian Buster 64 bit is openssl.

After you run cmake you can double check by running cmake -LH which should show openssl in the list.

(Yeah, I've no idea who made the bright decision to disable SSL on mariadb for raspbian buster !)

solution2
 0  2021-11-01 17:17:24

Hey sorry to disturb you, but did it work with recompiling MariaDB with OpenSSL? I'm currently working on a Java Project which needs an encrypted connection to the MariaDB Server, but the Exception tells me that Java will not accept TLS1.1 but only 1.2 or 1.3. If it worked for you could you please provide a step by step guide on how to do it. I'm not very familiar with make cmake etc.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MySQL MariaDB Server Raspberry Pi remote access Not able to connect to MariaDB hosted on Raspberry Pi Cross compile rust-openssl for Raspberry Pi 2 How do i make the Raspberry Pi use a Custom OS RethinkDB 'make' fails on a Raspberry Pi Make issues with oxfRPiCameraVideoGrabber on the Raspberry Pi Use sqlite with Java on Raspberry pi Which toolchain to use for Raspberry PI 3? Trying to use wxPython on a Raspberry Pi Can I use Raspberry PI instead of Nvidia Jetson to do the AI GAN art project?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM