Skip to content

Commit

Permalink
MDEV-32473 --disable-ssl doesn't disable it
Browse files Browse the repository at this point in the history
  • Loading branch information
@vuvova
vuvova committed Feb 4, 2024
1 parent 6b90033 commit 2e83ab4
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 1 deletion.
2 changes: 2 additions & 0 deletions extra/mariabackup/backup_mysql.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ xb_mysql_connect()
mysql_options(connection, MYSQL_OPT_SSL_CRLPATH,
opt_ssl_crlpath);
}
else
opt_ssl_verify_server_cert= 0;
mysql_options(connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert);
#endif
Expand Down
4 changes: 3 additions & 1 deletion include/sslopt-vars.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp); \
mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \
} \
else \
opt_ssl_verify_server_cert= 0; \
mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT, \
&opt_ssl_verify_server_cert); \
} while(0)
Expand All @@ -58,7 +60,7 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
*/
#define SET_SSL_OPTS_WITH_CHECK(M) \
do { \
if (opt_ssl_verify_server_cert==2 && \
if (opt_use_ssl && opt_ssl_verify_server_cert==2 && \
!(opt_ssl_ca && opt_ssl_ca[0]) && \
!(opt_ssl_capath && opt_ssl_capath[0]) && \
!(opt_ssl_fp && opt_ssl_fp[0]) && \
Expand Down
8 changes: 8 additions & 0 deletions mysql-test/main/mysql.result
View file
Original file line number Diff line number Diff line change
Expand Up @@ -655,3 +655,11 @@ SSL: Cipher in use is XXX, cert is OK


drop user ser@localhost;
#
# MDEV-32473 --disable-ssl doesn't disable it
#
MYSQL --ssl-verify-server-cert --disable-ssl -e "\s"

SSL: Not in use


7 changes: 7 additions & 0 deletions mysql-test/main/mysql.test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -737,3 +737,10 @@ create user ser@localhost identified by "ass";
--replace_regex /^.[^S].*// /\b[-A-Z_0-9]+,/XXX,/
--exec $MYSQL -user -pass --ssl-verify-server-cert -e "\\s"
drop user ser@localhost;

--echo #
--echo # MDEV-32473 --disable-ssl doesn't disable it
--echo #
--echo MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s"
--replace_regex /^.[^S].*//
--exec $MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s"
4 changes: 4 additions & 0 deletions mysql-test/suite/mariabackup/backup_ssl.result
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,7 @@ DROP USER backup_user;
# MDEV-31855 validate ssl certificates using client password in the internal client
#
# tcp ssl ssl-verify-server-cert
#
# MDEV-32473 --disable-ssl doesn't disable it
#
# tcp skip-ssl
8 changes: 8 additions & 0 deletions mysql-test/suite/mariabackup/backup_ssl.test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,11 @@ echo #;
echo # tcp ssl ssl-verify-server-cert;
error 1;
exec $XTRABACKUP --protocol=tcp --user=root --port=$MASTER_MYPORT --backup --target-dir=$targetdir;

--echo #
--echo # MDEV-32473 --disable-ssl doesn't disable it
--echo #
# connects fine
echo # tcp skip-ssl;
exec $XTRABACKUP --protocol=tcp --user=root --skip-ssl --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
rmdir $targetdir;

0 comments on commit 2e83ab4

Please sign in to comment.