List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:March 7 2003 4:19pm
Subject:Re: Re: 4.0.x and SSL replication thoughts.
View as plain text  

At 10:56 -0500 3/7/03, Dan Geist wrote:
>   > I read the thread by R. Weiss, P. DuBios, and J. Zawodny regarding the
>>   incomplete implementation of replication over SSL. I had been fighting
>>   the same problem for about a week, thinking it was something I was doing
>>   wrong. Didn't think to look for un-implemented stubs...
>>   If I understand the process, the act of replication is a simple connect
>>   via a dedicated and persistent thread on the slave which which registers
>>   to listen for updates to particular dbs/tables and which is fed updates
>>   as they come in. Since the c-client and commandline SSL functions seem
>>   to be working just fine (after the inclusion of the CA-neuter-patch in
>>   4.0.12), why is replication implementation any different? Would it not
>>   be trivial to complete this section of the code so people don't have to
>>   use stunnel and native SSL on the same box?

It's always easy when someone else is doing the work. :-)

It's not necessarily so trivial.  Replication connections don't use the
same client library that regular client programs do.  It was not an easy
thing to get SSL integrated into the regular client library and working
properly; I would expect that might be true for replication connections
as well.

There's also the time issue, and you note below.  I have no authority to
speak on the matter of timetable, but if you want my best guess: don't
hold your breath.  Continue to tunnel.

>   >
>>   Perhaps there's a particular issue involved, or perhaps developers just
>>   don't have the time to dedicate to the feature. I'm just wondering so I
>>   can adjust my plans accordingly.
>>   Thanks.
>>   Dan
>Dan Geist | dan.geist@stripped | (404)269-6822
>Network Security Engineer | Cox Communications Inc.
Re: Re: 4.0.x and SSL replication thoughts.Paul DuBois7 Mar