This PR adds the ability to use stunnel during rsync SST, thus encrypting data on the wire.
You then just have to have stunnel binary available, and the following in server configuration :
tkey = /etc/mysql/certs/client-key.pem
tcert = /etc/mysql/certs/client-cert.pem
- ca-cert.pem is not needed in configuration but will be used for peer verification
stunnel will then be used.
You will also have to be sure your certs dir is hashed :
openssl rehash /etc/mysql/certs/