MDEV-31857 enable --ssl-verify-server-cert by default in the internal…

… client

enable ssl + ssl_verify_server_cert in the internal client too

* fix replication tests to disable master_ssl_verify_server_cert
  because accounts are passwordless - except rpl.rpl_ssl1
* fix federated/federatedx/connect to disable SSL_VERIFY_SERVER_CERT
  because they cannot configure an ssl connection
* fix spider to disable ssl_verify_server_cert, if configuration
  says so, as spider _can_ configure an ssl connection
* memory leak in embedded test-connect

include/sql_common.h

@@ -41,7 +41,7 @@ struct st_mysql_options_extention {
                           uint proc_info_length);
   HASH connection_attributes;
   size_t connection_attributes_length;
-  my_bool tls_verify_server_cert;
+  my_bool tls_allow_invalid_server_cert;
 };
 
 typedef struct st_mysql_methods

mysql-test/include/check-testcase.test

@@ -47,7 +47,7 @@ if ($tmp)
   --echo Until_Condition	#
   --echo Until_Log_File	#
   --echo Until_Log_Pos	#
-  --echo Master_SSL_Allowed	No
+  --echo Master_SSL_Allowed	Yes
   --echo Master_SSL_CA_File	
   --echo Master_SSL_CA_Path	
   --echo Master_SSL_Cert	

mysql-test/include/rpl_change_topology.inc

@@ -235,11 +235,11 @@ if (!$rpl_skip_change_master)
       }
       if ($rpl_master_log_file)
       {
-        eval CHANGE MASTER TO MASTER_HOST = '127.0.0.1', MASTER_PORT = $_rpl_port, MASTER_USER = 'root', MASTER_LOG_FILE = '$_rpl_master_log_file'$_rpl_master_log_pos, MASTER_CONNECT_RETRY = 1, MASTER_USE_GTID=NO;
+        eval CHANGE MASTER TO MASTER_HOST = '127.0.0.1', MASTER_PORT = $_rpl_port, MASTER_USER = 'root', MASTER_LOG_FILE = '$_rpl_master_log_file'$_rpl_master_log_pos, MASTER_CONNECT_RETRY = 1, MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_USE_GTID=NO;
       }
       if (!$rpl_master_log_file)
       {
-        eval CHANGE MASTER TO MASTER_HOST = '127.0.0.1', MASTER_PORT = $_rpl_port, MASTER_USER = 'root', MASTER_CONNECT_RETRY=1;
+        eval CHANGE MASTER TO MASTER_HOST = '127.0.0.1', MASTER_PORT = $_rpl_port, MASTER_USER = 'root', MASTER_CONNECT_RETRY=1, MASTER_SSL_VERIFY_SERVER_CERT=0;
       }
     }
     if ($_rpl_master == '')

mysql-test/main/ps_change_master.result

@@ -18,5 +18,5 @@ EXECUTE stmt;
 DEALLOCATE PREPARE stmt;
 # Master_Host : host2
 # Master_User : user2
-CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root';
+CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0;
 # End of test

mysql-test/main/ps_change_master.test

@@ -40,6 +40,6 @@ let $master_user= query_get_value(SHOW SLAVE STATUS, Master_User, 1);
 
 
 # Reset
-CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root';
+CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0;
 
 --echo # End of test

mysql-test/suite/binlog_encryption/multisource.result

@@ -6,7 +6,8 @@ ERROR HY000: Incorrect arguments to MASTER_HOST
 change master 'master1' to 
 master_port=MYPORT_1, 
 master_host='127.0.0.1', 
-master_user='root';
+master_user='root',
+master_ssl_verify_server_cert=0;
 start slave 'master1';
 set default_master_connection = 'master1';
 include/wait_for_slave_to_start.inc
@@ -100,6 +101,7 @@ change master to
 master_port=MYPORT_2,
 master_host='127.0.0.1',
 master_user='root',
+master_ssl_verify_server_cert=0,
 master_use_gtid=no;
 start slave;
 include/wait_for_slave_to_start.inc

mysql-test/suite/binlog_encryption/rpl_ssl.result

@@ -51,7 +51,7 @@ connection slave;
 include/stop_slave.inc
 CHANGE MASTER TO
 master_user = 'root',
-master_ssl = 0,
+master_ssl = 1,
 master_ssl_ca = '',
 master_ssl_cert = '',
 master_ssl_key = '';

mysql-test/suite/engines/funcs/r/rpl_000010.result

@@ -16,4 +16,5 @@ n
 connection master;
 drop table t1;
 connection slave;
+include/wait_for_slave_to_start.inc
 include/rpl_end.inc

mysql-test/suite/engines/funcs/r/rpl_dual_pos_advance.result

@@ -3,7 +3,7 @@ include/master-slave.inc
 connection slave;
 reset master;
 connection master;
-change master to master_host="127.0.0.1",master_port=SLAVE_PORT,master_user="root";
+change master to master_host="127.0.0.1",master_port=SLAVE_PORT,master_user="root",master_ssl_verify_server_cert=0;
 include/start_slave.inc
 connection slave;
 create table t1 (n int);
@@ -25,4 +25,5 @@ include/stop_slave.inc
 reset slave;
 drop table t1,t4,t5,t6;
 connection slave;
+include/wait_for_slave_to_start.inc
 include/rpl_end.inc

mysql-test/suite/engines/funcs/r/rpl_flushlog_loop.result

@@ -3,11 +3,11 @@ include/master-slave.inc
 connection slave;
 include/stop_slave.inc
 change master to master_host='127.0.0.1',master_user='root',
-master_password='',master_port=MASTER_PORT;
+master_password='',master_port=MASTER_PORT, master_ssl_verify_server_cert=0;
 include/start_slave.inc
 connection master;
 change master to master_host='127.0.0.1',master_user='root',
-master_password='',master_port=SLAVE_PORT;
+master_password='',master_port=SLAVE_PORT, master_ssl_verify_server_cert=0;
 include/start_slave.inc
 flush logs;
 include/stop_slave.inc

mysql-test/suite/engines/funcs/t/rpl_dual_pos_advance.test

@@ -16,7 +16,7 @@ reset master;
 
 connection master;
 --replace_result $SLAVE_MYPORT SLAVE_PORT
-eval change master to master_host="127.0.0.1",master_port=$SLAVE_MYPORT,master_user="root";
+eval change master to master_host="127.0.0.1",master_port=$SLAVE_MYPORT,master_user="root",master_ssl_verify_server_cert=0;
 
 --source include/start_slave.inc
 
@@ -100,6 +100,7 @@ reset slave;
 drop table t1,t4,t5,t6; # add t2 and t3 later
 
 --sync_slave_with_master
+--source include/wait_for_slave_to_start.inc
 
 # End of 4.1 tests
 --source include/rpl_end.inc

mysql-test/suite/engines/funcs/t/rpl_flushlog_loop.test

@@ -11,7 +11,7 @@ connection slave;
 
 --replace_result $MASTER_MYPORT MASTER_PORT
 eval change master to master_host='127.0.0.1',master_user='root',
- master_password='',master_port=$MASTER_MYPORT;
+ master_password='',master_port=$MASTER_MYPORT, master_ssl_verify_server_cert=0;
 --source include/start_slave.inc
 #
 #  Start replication slave -> master
@@ -20,7 +20,7 @@ connection master;
 
 --replace_result $SLAVE_MYPORT SLAVE_PORT
 eval change master to master_host='127.0.0.1',master_user='root',
- master_password='',master_port=$SLAVE_MYPORT;
+ master_password='',master_port=$SLAVE_MYPORT, master_ssl_verify_server_cert=0;
 --source include/start_slave.inc
 
 #

mysql-test/suite/galera/r/galera_query_cache_invalidate.result

@@ -7,7 +7,7 @@ call mtr.add_suppression("WSREP: Ignoring server id for non bootstrap node.");
 connection node_4;
 call mtr.add_suppression("WSREP: Ignoring server id for non bootstrap node.");
 connection node_3;
-CHANGE MASTER TO master_host='127.0.0.1', master_user='root', master_port=NODE_MYPORT_1, master_use_gtid=current_pos;;
+CHANGE MASTER TO master_host='127.0.0.1', master_user='root', master_port=NODE_MYPORT_1, master_ssl_verify_server_cert=0, master_use_gtid=current_pos;
 Warnings:
 Warning	1287	'master_use_gtid=current_pos' is deprecated and will be removed in a future release. Please use master_demote_to_slave=1 instead
 START SLAVE;

mysql-test/suite/galera/t/MDEV-28053.test

@@ -37,7 +37,7 @@ while ($counter) {
 --connection node_2
 --disable_query_log
 --disable_result_log
---eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3;
+--eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3;
 START SLAVE;
 --eval SELECT MASTER_GTID_WAIT('$gtid', 600)
 --enable_result_log

mysql-test/suite/galera/t/MDEV-6860.test

@@ -4,7 +4,7 @@
 
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3, MASTER_USE_GTID=slave_pos;
+--eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3, MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_USE_GTID=slave_pos;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_master.test

@@ -9,7 +9,7 @@
 
 --connect node_3, 127.0.0.1, root, , test, $NODE_MYPORT_3
 --disable_query_log
---eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_1;
+--eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_1;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_master_large.test

@@ -8,7 +8,7 @@
 
 --connect node_3, 127.0.0.1, root, , test, $NODE_MYPORT_3
 --disable_query_log
---eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_1;
+--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_1;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_slave.test

@@ -13,7 +13,7 @@
 
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3;
+--eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_slave_autoinc.test

@@ -13,7 +13,7 @@
 
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3;
+--eval CHANGE MASTER TO  MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_slave_gtid.inc

@@ -17,7 +17,7 @@
 
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3;
+--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_slave_gtid_myisam.test

@@ -26,7 +26,7 @@ SELECT @@wsrep_on;
 ALTER TABLE mysql.gtid_slave_pos engine = InnoDB;
 
 --disable_query_log
---eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3;
+--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_as_slave_nonprim.test

@@ -18,7 +18,7 @@
 
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=$NODE_MYPORT_4, MASTER_USER='root';
+--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=$NODE_MYPORT_4, MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_USER='root';
 --enable_query_log
 START SLAVE;
 SET SESSION wsrep_sync_wait = 0;

mysql-test/suite/galera/t/galera_gtid_slave.test

@@ -16,7 +16,7 @@
 
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3;
+--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3;
 --enable_query_log
 START SLAVE;
 

mysql-test/suite/galera/t/galera_gtid_slave_sst_rsync.test

@@ -16,7 +16,7 @@
 --echo #Connection 2
 --connection node_2
 --disable_query_log
---eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3,master_use_gtid=slave_pos;
+--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_SSL_VERIFY_SERVER_CERT=0, MASTER_PORT=$NODE_MYPORT_3,master_use_gtid=slave_pos;
 --enable_query_log
 START SLAVE;
 --sleep 1

mysql-test/suite/galera/t/galera_query_cache_invalidate.test

@@ -29,7 +29,7 @@ call mtr.add_suppression("WSREP: Ignoring server id for non bootstrap node.");
 --connection node_3
 
 --replace_result $NODE_MYPORT_1 NODE_MYPORT_1
---eval CHANGE MASTER TO master_host='127.0.0.1', master_user='root', master_port=$NODE_MYPORT_1, master_use_gtid=current_pos;
+--eval CHANGE MASTER TO master_host='127.0.0.1', master_user='root', master_port=$NODE_MYPORT_1, master_ssl_verify_server_cert=0, master_use_gtid=current_pos
 START SLAVE;
 --source include/wait_for_slave_to_start.inc
 

mysql-test/suite/mariabackup/slave_provision_nolock.result

@@ -28,6 +28,7 @@ CREATE TABLE t3 (file VARCHAR(255), pos INT) ENGINE=InnoDB;
 LOAD DATA LOCAL INFILE "BASEDIR/xtrabackup_binlog_pos_innodb"
      INTO TABLE t3 FIELDS ESCAPED BY '' (file, pos);
 CHANGE MASTER TO
+master_ssl_verify_server_cert=0,
 master_port=PORT, master_host='127.0.0.1', master_user='root',
 master_log_file= "MASTER_FILE",
 master_log_pos= MASTER_POS;

mysql-test/suite/mariabackup/slave_provision_nolock.test

@@ -139,6 +139,7 @@ eval LOAD DATA LOCAL INFILE "$basedir/xtrabackup_binlog_pos_innodb"
 
 --replace_result $SERVER_MYPORT_1 PORT $provision_master_file MASTER_FILE $provision_master_pos MASTER_POS
 eval CHANGE MASTER TO
+  master_ssl_verify_server_cert=0,
   master_port=$SERVER_MYPORT_1, master_host='127.0.0.1', master_user='root',
   master_log_file= "$provision_master_file",
   master_log_pos= $provision_master_pos;

mysql-test/suite/multi_source/gtid.result

@@ -3,8 +3,8 @@ connect  slave2,127.0.0.1,root,,,$SERVER_MYPORT_4;
 connect  master1,127.0.0.1,root,,,$SERVER_MYPORT_1;
 connect  master2,127.0.0.1,root,,,$SERVER_MYPORT_2;
 connection slave1;
-CHANGE MASTER 'slave1' TO master_port=MYPORT_1, master_host='127.0.0.1', master_user='root';
-CHANGE MASTER 'slave2' TO master_port=MYPORT_2, master_host='127.0.0.1', master_user='root';
+CHANGE MASTER 'slave1' TO master_port=MYPORT_1, master_host='127.0.0.1', master_user='root', master_ssl_verify_server_cert=0;
+CHANGE MASTER 'slave2' TO master_port=MYPORT_2, master_host='127.0.0.1', master_user='root', master_ssl_verify_server_cert=0;
 set default_master_connection = 'slave1';
 START SLAVE;
 include/wait_for_slave_to_start.inc
@@ -13,7 +13,7 @@ START SLAVE;
 include/wait_for_slave_to_start.inc
 set default_master_connection = '';
 connection slave2;
-CHANGE MASTER TO master_port=MYPORT_3, master_host='127.0.0.1', master_user='root';
+CHANGE MASTER TO master_port=MYPORT_3, master_host='127.0.0.1', master_ssl_verify_server_cert=0, master_user='root';
 start all slaves;
 Warnings:
 Note	1937	SLAVE '' started
@@ -47,8 +47,8 @@ connection master2;
 INSERT INTO t2 VALUES (2, "switch1");
 INSERT INTO t3 VALUES (202, "switch1 b");
 connection slave2;
-CHANGE MASTER 'slave1' TO master_port=MYPORT_1, master_host='127.0.0.1', master_user='root';
-CHANGE MASTER 'slave2' TO master_port=MYPORT_2, master_host='127.0.0.1', master_user='root';
+CHANGE MASTER 'slave1' TO master_port=MYPORT_1, master_host='127.0.0.1', master_ssl_verify_server_cert=0, master_user='root';
+CHANGE MASTER 'slave2' TO master_port=MYPORT_2, master_host='127.0.0.1', master_ssl_verify_server_cert=0, master_user='root';
 SET default_master_connection = 'slave1';
 START SLAVE;
 include/wait_for_slave_to_start.inc
@@ -75,7 +75,7 @@ INSERT INTO t3 VALUES (204, "switch 3 b");
 connection slave2;
 include/sync_with_master_gtid.inc
 connection slave1;
-CHANGE MASTER TO master_port=MYPORT_4, master_host='127.0.0.1', master_user='root';
+CHANGE MASTER TO master_port=MYPORT_4, master_host='127.0.0.1', master_user='root', master_ssl_verify_server_cert=0;
 START SLAVE;
 SELECT * FROM t1 ORDER BY a;
 a	b

mysql-test/suite/multi_source/gtid.test

@@ -12,9 +12,9 @@
 
 --connection slave1
 --replace_result $SERVER_MYPORT_1 MYPORT_1 
-eval CHANGE MASTER 'slave1' TO master_port=$SERVER_MYPORT_1, master_host='127.0.0.1', master_user='root';
+eval CHANGE MASTER 'slave1' TO master_port=$SERVER_MYPORT_1, master_host='127.0.0.1', master_user='root', master_ssl_verify_server_cert=0;
 --replace_result $SERVER_MYPORT_2 MYPORT_2
-eval CHANGE MASTER 'slave2' TO master_port=$SERVER_MYPORT_2, master_host='127.0.0.1', master_user='root';
+eval CHANGE MASTER 'slave2' TO master_port=$SERVER_MYPORT_2, master_host='127.0.0.1', master_user='root', master_ssl_verify_server_cert=0;
 set default_master_connection = 'slave1';
 START SLAVE;
 --source include/wait_for_slave_to_start.inc
@@ -25,7 +25,7 @@ set default_master_connection = '';
 
 --connection slave2
 --replace_result $SERVER_MYPORT_3 MYPORT_3 
-eval CHANGE MASTER TO master_port=$SERVER_MYPORT_3, master_host='127.0.0.1', master_user='root';
+eval CHANGE MASTER TO master_port=$SERVER_MYPORT_3, master_host='127.0.0.1', master_ssl_verify_server_cert=0, master_user='root';
 start all slaves;
 --source include/wait_for_slave_to_start.inc
 
@@ -73,9 +73,9 @@ INSERT INTO t3 VALUES (202, "switch1 b");
 
 --connection slave2
 --replace_result $SERVER_MYPORT_1 MYPORT_1 
-eval CHANGE MASTER 'slave1' TO master_port=$SERVER_MYPORT_1, master_host='127.0.0.1', master_user='root';
+eval CHANGE MASTER 'slave1' TO master_port=$SERVER_MYPORT_1, master_host='127.0.0.1', master_ssl_verify_server_cert=0, master_user='root';
 --replace_result $SERVER_MYPORT_2 MYPORT_2
-eval CHANGE MASTER 'slave2' TO master_port=$SERVER_MYPORT_2, master_host='127.0.0.1', master_user='root';
+eval CHANGE MASTER 'slave2' TO master_port=$SERVER_MYPORT_2, master_host='127.0.0.1', master_ssl_verify_server_cert=0, master_user='root';
 SET default_master_connection = 'slave1';
 START SLAVE;
 --source include/wait_for_slave_to_start.inc
@@ -125,7 +125,7 @@ INSERT INTO t3 VALUES (204, "switch 3 b");
 
 --connection slave1
 --replace_result $SERVER_MYPORT_4 MYPORT_4 
-eval CHANGE MASTER TO master_port=$SERVER_MYPORT_4, master_host='127.0.0.1', master_user='root';
+eval CHANGE MASTER TO master_port=$SERVER_MYPORT_4, master_host='127.0.0.1', master_user='root', master_ssl_verify_server_cert=0;
 START SLAVE;
 --let $wait_condition= SELECT (SELECT COUNT(*) FROM t1)=3 AND (SELECT COUNT(*) FROM t2)=4 AND (SELECT COUNT(*) FROM t3)=7
 --source include/wait_condition.inc