diff --git a/extra/mariabackup/backup_mysql.cc b/extra/mariabackup/backup_mysql.cc index ad13c2028b1..ec0420c53a1 100644 --- a/extra/mariabackup/backup_mysql.cc +++ b/extra/mariabackup/backup_mysql.cc @@ -141,6 +141,8 @@ xb_mysql_connect() mysql_options(connection, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } + else + opt_ssl_verify_server_cert= 0; mysql_options(connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*)&opt_ssl_verify_server_cert); #endif diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index bad28db41d2..3a3679a5829 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -48,6 +48,8 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2; mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp); \ mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \ } \ + else \ + opt_ssl_verify_server_cert= 0; \ mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT, \ &opt_ssl_verify_server_cert); \ } while(0) @@ -58,7 +60,7 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2; */ #define SET_SSL_OPTS_WITH_CHECK(M) \ do { \ - if (opt_ssl_verify_server_cert==2 && \ + if (opt_use_ssl && opt_ssl_verify_server_cert==2 && \ !(opt_ssl_ca && opt_ssl_ca[0]) && \ !(opt_ssl_capath && opt_ssl_capath[0]) && \ !(opt_ssl_fp && opt_ssl_fp[0]) && \ diff --git a/mysql-test/main/mysql.result b/mysql-test/main/mysql.result index e5c9f4ee4ed..8813d05a74a 100644 --- a/mysql-test/main/mysql.result +++ b/mysql-test/main/mysql.result @@ -655,3 +655,11 @@ SSL: Cipher in use is XXX, cert is OK drop user ser@localhost; +# +# MDEV-32473 --disable-ssl doesn't disable it +# +MYSQL --ssl-verify-server-cert --disable-ssl -e "\s" + +SSL: Not in use + + diff --git a/mysql-test/main/mysql.test b/mysql-test/main/mysql.test index feae9ef9824..3f881807a05 100644 --- a/mysql-test/main/mysql.test +++ b/mysql-test/main/mysql.test @@ -737,3 +737,10 @@ create user ser@localhost identified by "ass"; --replace_regex /^.[^S].*// /\b[-A-Z_0-9]+,/XXX,/ --exec $MYSQL -user -pass --ssl-verify-server-cert -e "\\s" drop user ser@localhost; + +--echo # +--echo # MDEV-32473 --disable-ssl doesn't disable it +--echo # +--echo MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s" +--replace_regex /^.[^S].*// +--exec $MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s" diff --git a/mysql-test/suite/mariabackup/backup_ssl.result b/mysql-test/suite/mariabackup/backup_ssl.result index 387689c1215..3598c27b452 100644 --- a/mysql-test/suite/mariabackup/backup_ssl.result +++ b/mysql-test/suite/mariabackup/backup_ssl.result @@ -11,3 +11,7 @@ DROP USER backup_user; # MDEV-31855 validate ssl certificates using client password in the internal client # # tcp ssl ssl-verify-server-cert +# +# MDEV-32473 --disable-ssl doesn't disable it +# +# tcp skip-ssl diff --git a/mysql-test/suite/mariabackup/backup_ssl.test b/mysql-test/suite/mariabackup/backup_ssl.test index 55c233b6a78..39d12229bd3 100644 --- a/mysql-test/suite/mariabackup/backup_ssl.test +++ b/mysql-test/suite/mariabackup/backup_ssl.test @@ -21,3 +21,11 @@ echo #; echo # tcp ssl ssl-verify-server-cert; error 1; exec $XTRABACKUP --protocol=tcp --user=root --port=$MASTER_MYPORT --backup --target-dir=$targetdir; + +--echo # +--echo # MDEV-32473 --disable-ssl doesn't disable it +--echo # +# connects fine +echo # tcp skip-ssl; +exec $XTRABACKUP --protocol=tcp --user=root --skip-ssl --port=$MASTER_MYPORT --backup --target-dir=$targetdir; +rmdir $targetdir;