Investigate if safer defaults for TLS options are possible

[kaklakariada]

Currently the default TLS options are not secure. We should pick safe defaults that verify the certificate. See https://github.com/exasol/exasol-driver-lua/pull/50#discussion_r860154999

[kaklakariada]

The default value for TLS tls_verify is none which ignores the server's certificate.

Specifying tls_verify = "peer" will fail during connection when the server's certificate is not trusted in the local OpenSSL installation.

luasec supports parameters cafile and capath that are passed to OpenSSL's function SSL_CTX_load_verify_locations(). This allows specifying the path of a file with CA certificates in PEM format (cafile) or the path to a directory containing CA certificates in PEM format (capath).

Both parameters are not set in luws.lua, so we will need to modify the file.

[allipatev]

It will be great (or, maybe, it is a must for many real life use case) if customer could upload and use their custom CA certificates. For usual UDF languages upload part can be done via BucketFS, but for Lua?

[ckunki]

This issue needs to be addressed in the database. Adding appropriate project attribute.