diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-03 12:56:17 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-03 11:53:47 +0000 |
commit | be4bc8f3f243b3282010848cc00f31d31c9f9ab8 (patch) | |
tree | 61c3921bf7263751737bcf8bbb979acf846a06e0 /puppet/services/ca-certs.yaml | |
parent | 9697f70dcbbb30882bf8cb90f9dd0bcfc35f087f (diff) |
Internal TLS: Use specific CA file for mysql-client
Instead of using the CA bundle, this sets the mysql client configuration
file to use a specific file for validating the certificate of the
database server. This helps in two ways:
* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
are valid, instead of any certificate that the system trusts (which
could include potentially compromised public certs).
Change-Id: I46f7cb6da73715f8f331337e0161418450d5afd7
Depends-On: I75bdaf71d88d169e64687a180cb13c1f63418a0f
Diffstat (limited to 'puppet/services/ca-certs.yaml')
0 files changed, 0 insertions, 0 deletions