I am attempting to establish MariaDB replication using SSL Certificates for authentication. Reading the documentation about setting up the master server with a slave user which uses the GRANT command.
At the following link ( https://mariadb.com/kb/en/mariadb/grant/#per-account-ssltls-options ), the part to set up authentication on the account uses REQUIRE ISSUER and REQUIRE SUBJECT. These take in string representations of part of the SSL Certificates.
My question is, how is the client certificate, which will be provided on connection by the slave server, verified by the master? I cannot see in config where the master server is provided with a client certificate chain that the slave's certificate is issued off. Have I missed where the master is loaded with CA/chain certificates or even just the client certificate?
If it does not, the replication does not seem to be using any of the crypographic properties of the certificate. Just string matching on the certificate subject/issuer.