There does not currently seem to be a way to connect to a (MariaDB) database over SSL when using rmt-cli to perform repository syncing, mirroring, etc.
For example, the following command produces an error that only occurs when the database user provided in /etc/rmt.conf requires SSL:
$ bin/rmt-cli repos list
Cannot connect to database server. Ensure its credentials are correctly configured in '/etc/rmt.conf' or configure RMT with YaST ('yast2 rmt').
Checking the database logs confirms that the connection is not being attempted over SSL:
[ERROR] Authentication requires SSL encryption.
There does not currently seem to be a way to connect to a (MariaDB) database over SSL when using
rmt-cli
to perform repository syncing, mirroring, etc.For example, the following command produces an error that only occurs when the database user provided in
/etc/rmt.conf
requires SSL:Checking the database logs confirms that the connection is not being attempted over SSL:
[ERROR] Authentication requires SSL encryption.
The version of the
mysql2
adapter used does support SSL configuration options that would allow for connections over SSL.However, these are not able to be set under the database settings in
/etc/rmt.conf
, or at least they don't seem to be used:https://github.com/SUSE/rmt/blob/fe2c583173c896d6c522c3b18fbb6b802e9559b9/lib/rmt/config.rb#L17-L28
Is this understanding correct, or is something being done wrong?
Side note from testing: The
mysql_clear_password.so
plugin library may be required when connecting over SSL.