Bug #19991 CHANGE MASTER need option ssl-verify-server-cert
Submitted: 22 May 2006 7:31 Modified: 10 Apr 2007 18:55
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Replication Severity:S2 (Serious)
Version:5.1 OS:Any
Assigned to: Magnus Blåudd CPU Architecture:Any

[22 May 2006 7:31] Magnus Blåudd
Description:
Add the option ssl-verify-server-cert to CHANGE MASTER so that the replication between master and slave can prevent MITM attack.

How to repeat:
...
[26 Mar 2007 10:43] Magnus Blåudd
Will add the option only to "CHANGE MASTER TO", passing replication options on command line or in my.cnf is being deprecated.

CHANGE MASTER TO master_def [, master_def] ...

master_def:
<snip>
  | MASTER_SSL_VERIFY_SERVER_CERT = {0|1}
    ^^  New option
[29 Mar 2007 13:10] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/23301

ChangeSet@1.2427, 2007-03-29 15:09:57+02:00, msvensson@pilot.blaudden +30 -0
  Bug#19991 CHANGE MASTER need option ssl-verify-server-cert
   - Add MASTER_SSL_VERIFY_SERVER_CERT option to CHANGE MASTER TO
   - Add Master_Ssl_Serify_Server_Cert to SHOW SLAVE STATUS
   - Save and restore ssl_verify_server_cert  to master info file
     setting it to disabled as default.
[29 Mar 2007 19:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/23365

ChangeSet@1.2519, 2007-03-29 21:59:06+02:00, msvensson@pilot.blaudden +15 -0
  Update result for bug#19991
[6 Apr 2007 17:24] Bugs System
Pushed into 5.1.18-beta
[10 Apr 2007 18:55] Paul Dubois
Noted in 5.1.18 changelog.

Added a MASTER_SSL_VERIFY_SERVER_CERT option for the CHANGE MASTER
statement, and a Master_SSL_Verify_Server_Cert output column to the
SHOW SLAVE STATUS statement. The option value also is written to the
master.info file. 

Also updated CHANGE MASTER and SHOW SLAVE STATUS statement
descriptions.