Hi, am I right with the assumption that tls_verify_cert in the mysql table uses the native provided ssl-verify-server-cert algorithm provided by MariaDB? Because it doesn't work as expected with IP and it is known that the MariaDB mechanism is broken as of now regarding verifying against IPs in the SANs of a cert. There is a fix underway but I don't know when it will be implemented.
The other question is : I am running chrooted and for tls_CAfile I had to provide the path from the chroot, so not /path/to/chroot/path/to/cert but rather /path/to/cert from the chrooted point of view. Is it the same with all the file parameters in the table, also for the option_file? Example : chroot is /var/spool/postfix, so tlsCAfile is not /var/spool/postfix/etc/<cert> but rather /etc/cert, otherwise it doesn't work So if option_file is in /var/spool/postfix/etc/my.cnf does option_file also = /etc/my.cnf then? Thanks
