mirror of
https://github.com/MariaDB/server.git
synced 2025-07-18 01:08:14 +02:00
13e9f2d65b
This is the same as MDEV-35368, which was previously incompletely fixed (on *nix-only, for unix socket connections) This time, we fix it compatibly to Connector/C, by not verifying server certificate for local connections, which, in addition to socket and named pipe, are also "127.0.0.1" and "::1", and on Windows "localhost" as well. The corresponding code in Connector/C is was added by 1287c901dc8515823d28edcebfe4be65e6c5a6b3. It remain a good question whether mariabackup should use SSL at all since all it does are local connections, for "BACKUP STAGE" stuff.
51 lines
1.9 KiB
Text
51 lines
1.9 KiB
Text
GRANT ALL PRIVILEGES on *.* TO backup_user IDENTIFIED by 'x' REQUIRE SSL;
|
|
FLUSH PRIVILEGES;
|
|
echo # xtrabackup backup;
|
|
let $targetdir=$MYSQLTEST_VARDIR/tmp/backup;
|
|
--disable_result_log
|
|
exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --user=backup_user --password=x --ssl --backup --parallel=10 --target-dir=$targetdir;
|
|
--enable_result_log
|
|
|
|
echo # xtrabackup prepare;
|
|
--disable_result_log
|
|
exec $XTRABACKUP --prepare --target-dir=$targetdir;
|
|
-- source include/restart_and_restore.inc
|
|
--enable_result_log
|
|
DROP USER backup_user;
|
|
rmdir $targetdir;
|
|
|
|
echo #;
|
|
echo # MDEV-31855 validate ssl certificates using client password in the internal client;
|
|
echo #;
|
|
# fails to connect, passwordless root
|
|
echo # tcp ssl ssl-verify-server-cert;
|
|
let $host=;
|
|
if ($MARIADB_UPGRADE_EXE) {
|
|
# On Windows, we need host different from "127.0.0.1","::1" or "localhost"
|
|
# to trigger self-signed error
|
|
let $host=--host=127.0.0.2;
|
|
}
|
|
error 1;
|
|
exec $XTRABACKUP --no-defaults $host --protocol=tcp --user=root --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
|
|
|
|
--echo #
|
|
--echo # MDEV-32473 --disable-ssl doesn't disable it
|
|
--echo #
|
|
# connects fine
|
|
echo # tcp skip-ssl;
|
|
exec $XTRABACKUP --no-defaults --protocol=tcp --user=root --skip-ssl --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
|
|
rmdir $targetdir;
|
|
|
|
--echo #
|
|
--echo # MDEV-37143 Mariadb-backup fails on Windows with SSL certificate is self-signed error
|
|
--echo #
|
|
--echo # do not fail with passwordless with default protocol
|
|
let $port_or_socket=--socket=$MASTER_MYSOCK;
|
|
if ($MARIADB_UPGRADE_EXE) { # windows
|
|
let $port_or_socket=--port=$MASTER_MYPORT;
|
|
}
|
|
exec $XTRABACKUP --no-defaults --user=root --backup $port_or_socket --target-dir=$targetdir;
|
|
rmdir $targetdir;
|
|
--echo # do not fail with passwordless with 127.0.0.1 TCP
|
|
exec $XTRABACKUP --no-defaults --host=127.0.0.1 --protocol=tcp --port=$MASTER_MYPORT --user=root --backup --target-dir=$targetdir;
|
|
rmdir $targetdir;
|