WL#15524 Patch #3 Use TLS for upgraded transporter

Add the final bit of code into TransporterRegsitry to start TLS before transporter upgrade, and update the MTR test results. The tls_required and tls_off_certs tests will show TLS in use for transporter connections to MGMD. Change-Id: I2683447c02b27e498873fee77e0382c609a477cd
percona-ysorokin · Jul 21, 2023 · 959e3f6 · 959e3f6
1 parent 93fe0a0
commit 959e3f6
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 5 deletions.
diff --git a/mysql-test/suite/ndb_tls/tls_off_certs.result b/mysql-test/suite/ndb_tls/tls_off_certs.result
@@ -2,12 +2,13 @@ SELECT * FROM ndbinfo.certificates order by Node_id;
 Node_id	Name	Expires	Serial
 1	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
 2	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
+3	NDB Management Node Mar 2023	19-Apr-2024	20:70:03:B8:BE:5F:C7:FB:A8
 SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters
 WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;
 node_id	remote_node_id	encrypted
 1	2	0
-1	3	0
+1	3	1
 1	51	0
 2	1	0
-2	3	0
+2	3	1
 2	51	0
diff --git a/mysql-test/suite/ndb_tls/tls_required.result b/mysql-test/suite/ndb_tls/tls_required.result
@@ -2,17 +2,18 @@ SELECT * FROM ndbinfo.certificates order by Node_id;
 Node_id	Name	Expires	Serial
 1	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
 2	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
+3	NDB Management Node Mar 2023	19-Apr-2024	20:70:03:B8:BE:5F:C7:FB:A8
 51	NDB Node Mar 2023	19-Apr-2024	7B:A8:13:FB:D8:42:8E:A3:C9
 52	NDB Node Mar 2023	19-Apr-2024	7B:A8:13:FB:D8:42:8E:A3:C9
 SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters
 WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;
 node_id	remote_node_id	encrypted
 1	2	1
-1	3	0
+1	3	1
 1	51	1
 1	52	1
 2	1	1
-2	3	0
+2	3	1
 2	51	1
 2	52	1
 Use test;

diff --git a/mysql-test/suite/ndb_tls/tls_required.test b/mysql-test/suite/ndb_tls/tls_required.test
@@ -26,7 +26,7 @@
 #
 SELECT * FROM ndbinfo.certificates order by Node_id;
 
-## Expect 6 encrypted links, plus two unencrypted links to node 3
+## Expect 8 encrypted links
 #
 SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters
 WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;

diff --git a/storage/ndb/src/common/transporter/TransporterRegistry.cpp b/storage/ndb/src/common/transporter/TransporterRegistry.cpp
@@ -3847,6 +3847,13 @@ NdbSocket TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)
     DBUG_RETURN(NdbSocket());  // an invalid socket, newly created on the stack
   }
 
+  /* Before converting, try to start TLS. */
+  if(m_tls_keys.ctx())
+  {
+    (void) ndb_mgm_set_ssl_ctx(*h, m_tls_keys.ctx());
+    (void) ndb_mgm_start_tls(*h);
+  }
+
   if (!report_dynamic_ports(*h))
   {
     ndb_mgm_destroy_handle(h);