Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16915

socat certificate verification broken for Mariabackup SST with encrypt=2

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not a Bug
    • Affects Version/s: 10.1.35, 10.1.36, 10.1.37
    • Fix Version/s: N/A
    • Component/s: Galera SST
    • Labels:
      None
    • Environment:
      CentOS 7

      Description

      After upgrading from MariaDB 10.1.34 to 10.1.35, my Galera cluster members could no longer establish an SST with each other.

      Downgrading all cluster members back to 10.1.34 got things working.

      It seems that the behavior of the `mariabackup` SST method changed, and instead of passing the hostname of the peer to `socat`, it passes the IP address. That then seems to lead to socat exiting with an error on the donor:

      2018/08/07 12:16:14 socat[27904] E certificate is valid but its commonName does not match hostname

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jplindst Jan Lindström
                Reporter:
                pioto Mike Kelly
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: