Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1453

SSL communication by mariadb connector/J is not possible

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.2.0, 1.3.0
    • 1.5.0
    • None
    • Guacamole-Client: 1.2.0
      Guacamole-Server: 1.2.0
      ServerOS: CentOS7.9
      MariaDB Connector/J: 2.7.3

    Description

       For SSL connection between Guacamole and DB using MaraiDB Connector / J, SSL connection was not enabled even if the following parameters were set.
      ※MariaDB connector / J version uses 2.7.3.

      ★/etc/guacamole/guacamole.properties
       mysql-driver: mariadb
       mysql-ssl-mode: required
       mysql-ssl-trust-store: /opt/jks/xxxx.jks
       mysql-ssl-trust-password: XXXXXXXX

      Using MySQL Connector/J, SSL connection was possible from Guacamole with the same settings.

      The default setting for MariaDB Connector/J seems to be useSsl = false.
      https://mariadb.com/kb/en/about-mariadb-connector-j/#tls-parameters

      Also, by changing the following sources
      SSL communication was successful as expected.

      // guacamole-client-1.2.0/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java
      
      // Change before
       90         // For compatibility, set legacy useSSL property when SSL is disabled.
       91         if (sslMode == MySQLSSLMode.DISABLED)
       92             driverProperties.setProperty("useSSL", "false");
      
      // Change after
       90         // For compatibility, set legacy useSSL property when SSL is disabled.
       91         if (sslMode == MySQLSSLMode.DISABLED) {                 //** Add
       92             driverProperties.setProperty("useSSL", "false");
       93         } else {                                                //** Add
       94             driverProperties.setProperty("useSSL", "true");    //** Add
       95         }                                                       //** Add
      

      I would like to submit a pull request with changes.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            live-t-kanda nw-engineer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment