[SSL] Disable option that requires all connections to be SSL encrypted by default

The MariaDB C/C++ connector requires SSL connections by default since versin 3.4.0: https://mariadb.com/kb/en/mariadb-connector-c-3-4-0-release-notes/ However that was made possible by creation of 'zero configuration SSL': https://mariadb.org/mission-impossible-zero-configuration-ssl/ The first LTS that contains it is MariaDB 11.4 Before that the SSL still can be set up, but it requires significant configuration. The version we currently have in this distribution is MariaDB 10.11. In order for all utilities and associated software to still work 'out of the box', without extensive SSL configurations setup, I decided to disable this option. -- This option is supposed to be re-enabled when MariaDB >= 11.4 is introduced as the default MariaDB major version in the distribution. -- Resolves: RHEL-55985 RHEL-69271 RHEL-69269
2025-02-04 08:58:42 +01:00 · 2025-02-04 08:58:42 +01:00 · bff19eec79
commit bff19eec79
parent e15f15f503
1 changed files with 6 additions and 1 deletions
--- a/mariadb-connector-c.spec
+++ b/mariadb-connector-c.spec
@ -7,7 +7,7 @@

 Name:           mariadb-connector-c
 Version:        3.4.3
-Release:        1%{?with_debug:.debug}%{?dist}
+Release:        10%{?with_debug:.debug}%{?dist}
 Summary:        The MariaDB Native Client library (C driver)
 License:        LGPL-2.1-or-later
 Source:         https://archive.mariadb.org/connector-c-%{version}/%{name}-%{version}-src.tar.gz
@ -121,6 +121,8 @@ rm -r win win-iconv external/zlib
       -DWITH_SSL=OPENSSL \
       -DWITH_MYSQLCOMPAT=ON \
       -DPLUGIN_CLIENT_ED25519=DYNAMIC \
+\
+       -DDEFAULT_SSL_VERIFY_SERVER_CERT=OFF \
 \
       -DINSTALL_LAYOUT=RPM \
       -DINSTALL_BINDIR="bin" \
@ -248,6 +250,9 @@ install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/my.cnf.d/client.cnf
 #      Need to ensure, that the testsuite will also run properly on 'fedpkg local' buid, not damaging the host machine

 %changelog
+* Tue Feb 04 2025 Michal Schorm <mschorm@redhat.com> - 3.4.3-10
+- Disable option that requires all connections to be SSL encrypted by default
+
 * Thu Jan 16 2025 Michal Schorm <mschorm@redhat.com> - 3.4.3-1
 - Rebase to 3.4.3