Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9697f70) | patch
Internal TLS: Use specific CA file for mysql-client
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 3 May 2017 09:56:17 +0000 (12:56 +0300)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 3 May 2017 11:53:47 +0000 (11:53 +0000)
commitbe4bc8f3f243b3282010848cc00f31d31c9f9ab8
tree61c3921bf7263751737bcf8bbb979acf846a06e0tree | snapshot
parent9697f70dcbbb30882bf8cb90f9dd0bcfc35f087fcommit | diff
Internal TLS: Use specific CA file for mysql-client

Instead of using the CA bundle, this sets the mysql client configuration
file to use a specific file for validating the certificate of the
database server. This helps in two ways:

* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
  are valid, instead of any certificate that the system trusts (which
  could include potentially compromised public certs).

Change-Id: I46f7cb6da73715f8f331337e0161418450d5afd7
Depends-On: I75bdaf71d88d169e64687a180cb13c1f63418a0f
puppet/services/database/mysql-client.yaml diff | blob | history