diff options
author | Martins Abele <martins.abele@zabbix.com> | 2020-01-30 18:35:31 +0300 |
---|---|---|
committer | Martins Abele <martins.abele@zabbix.com> | 2020-01-30 18:35:31 +0300 |
commit | 3b7be9d7d4133b6332a6baff7f7c438f80320106 (patch) | |
tree | 41a57561a372f396ec4c2485464c610dc98d5577 /conf | |
parent | d83cb370f25c33b7d16f997bcb1cf8ae46f4222e (diff) |
.......PS. [ZBXNEXT-5641] check server and proxy DB TLS configuration values
Diffstat (limited to 'conf')
-rw-r--r-- | conf/zabbix_proxy.conf | 11 | ||||
-rw-r--r-- | conf/zabbix_server.conf | 11 |
2 files changed, 16 insertions, 6 deletions
diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf index bd503617370..3a4a79b0cda 100644 --- a/conf/zabbix_proxy.conf +++ b/conf/zabbix_proxy.conf @@ -739,7 +739,8 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSMode # Database connection TLS mode -# Possible values: disable, prefer(default), require, verify-ca, verify-identity +# Supported only for MySQL and Postgres +# Possible values: disable, require, verify-ca, verify-identity # # Mandatory: no # Default: @@ -748,6 +749,7 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSCertFile # Full pathname of file containing client certificate for # authenticating to database +# Supported only for MySQL and Postgres # # Mandatory: no # Default: @@ -756,6 +758,7 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSKeyFile # Full pathname of file containing the private key for # authenticating to database +# Supported only for MySQL and Postgres # # Mandatory: no # Default: @@ -764,14 +767,16 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # database server certificate verification. +# Supported only for MySQL and Postgres +# MySQL: This option, if used, must specify the same certificate used by the database server # -# Mandatory: no +# Mandatory: yes, if DBTLSMode set to one of: verify-ca, verify-identity # Default: # DBTLSCAFile= ### Option: DBTLSCipher -# Only for MySQL! # The list of permissible ciphers for database TLS encryption +# Supported only for MySQL # # Mandatory no # Default: diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf index ca61b29e5f4..decce3cf405 100644 --- a/conf/zabbix_server.conf +++ b/conf/zabbix_server.conf @@ -723,7 +723,8 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSMode # Database connection TLS mode -# Possible values: disable, prefer(default), require, verify-ca, verify-identity +# Possible values: disable, require, verify-ca, verify-identity +# Supported only for MySQL and Postgres # # Mandatory: no # Default: @@ -732,6 +733,7 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSCertFile # Full pathname of file containing client certificate for # authenticating to database +# Supported only for MySQL and Postgres # # Mandatory: no # Default: @@ -740,6 +742,7 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSKeyFile # Full pathname of file containing the private key for # authenticating to database +# Supported only for MySQL and Postgres # # Mandatory: no # Default: @@ -748,14 +751,16 @@ StatsAllowedIP=127.0.0.1 ### Option: DBTLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # database server certificate verification. +# Supported only for MySQL and Postgres +# MySQL: This option, if used, must specify the same certificate used by the database server. # -# Mandatory: no +# Mandatory: yes, if DBTLSMode set to one of: verify-ca, verify-identity # Default: # DBTLSCAFile= ### Option: DBTLSCipher -# Only for MySQL! # The list of permissible ciphers for database TLS encryption +# Supported only for MySQL # # Mandatory no # Default: |