MDEV-32473 --disable-ssl doesn't disable it

2025-01-15 19:42:28 +01:00 · 2023-10-15 16:03:14 +02:00 · 2023-10-15 16:03:14 +02:00 · 2e83ab4126
commit 2e83ab4126
parent 6b900330b9
6 changed files with 32 additions and 1 deletions
--- a/extra/mariabackup/backup_mysql.cc
+++ b/extra/mariabackup/backup_mysql.cc
@ -141,6 +141,8 @@ xb_mysql_connect()
 		mysql_options(connection, MYSQL_OPT_SSL_CRLPATH,
 			      opt_ssl_crlpath);
 	}
+        else
+          opt_ssl_verify_server_cert= 0;
 	mysql_options(connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
 		      (char*)&opt_ssl_verify_server_cert);
 #endif
--- a/include/sslopt-vars.h
+++ b/include/sslopt-vars.h
@ -48,6 +48,8 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
      mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp);          \
      mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \
    }                                                                   \
+    else                                                                \
+      opt_ssl_verify_server_cert= 0;                                    \
    mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT,                 \
                  &opt_ssl_verify_server_cert);                         \
  } while(0)
@ -58,7 +60,7 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
 */
 #define SET_SSL_OPTS_WITH_CHECK(M)                                      \
  do {                                                                  \
-    if (opt_ssl_verify_server_cert==2 &&                                \
+    if (opt_use_ssl && opt_ssl_verify_server_cert==2 &&                 \
        !(opt_ssl_ca && opt_ssl_ca[0]) &&                               \
        !(opt_ssl_capath && opt_ssl_capath[0]) &&                       \
        !(opt_ssl_fp && opt_ssl_fp[0]) &&                               \
--- a/mysql-test/main/mysql.result
+++ b/mysql-test/main/mysql.result
@ -655,3 +655,11 @@ SSL:			Cipher in use is XXX, cert is OK


 drop user ser@localhost;
+#
+# MDEV-32473 --disable-ssl doesn't disable it
+#
+MYSQL --ssl-verify-server-cert --disable-ssl -e "\s"
+
+SSL:			Not in use
+
+
--- a/mysql-test/main/mysql.test
+++ b/mysql-test/main/mysql.test
@ -737,3 +737,10 @@ create user ser@localhost identified by "ass";
 --replace_regex /^.[^S].*// /\b[-A-Z_0-9]+,/XXX,/
 --exec $MYSQL -user -pass --ssl-verify-server-cert -e "\\s"
 drop user ser@localhost;
+
+--echo #
+--echo # MDEV-32473 --disable-ssl doesn't disable it
+--echo #
+--echo MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s"
+--replace_regex /^.[^S].*//
+--exec $MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s"
--- a/mysql-test/suite/mariabackup/backup_ssl.result
+++ b/mysql-test/suite/mariabackup/backup_ssl.result
@ -11,3 +11,7 @@ DROP USER backup_user;
 # MDEV-31855 validate ssl certificates using client password in the internal client
 #
 # tcp ssl ssl-verify-server-cert
+#
+# MDEV-32473 --disable-ssl doesn't disable it
+#
+# tcp skip-ssl
--- a/mysql-test/suite/mariabackup/backup_ssl.test
+++ b/mysql-test/suite/mariabackup/backup_ssl.test
@ -21,3 +21,11 @@ echo #;
 echo # tcp ssl ssl-verify-server-cert;
 error 1;
 exec $XTRABACKUP --protocol=tcp --user=root --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
+
+--echo #
+--echo # MDEV-32473 --disable-ssl doesn't disable it
+--echo #
+# connects fine
+echo # tcp skip-ssl;
+exec $XTRABACKUP --protocol=tcp --user=root --skip-ssl --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
+rmdir $targetdir;