Now when Galera node can not join the cluster becuase of some problem with certificates we get just this kind of error messages:
2020-02-10 15:01:01 0 [Note] WSREP: gcomm: connecting to group 'my_wsrep_cluster', peer 'node1:4567,node2:4567,node3:4567'
|
2020-02-10 15:01:01 0 [ERROR] WSREP: handshake with remote endpoint ssl://a.b.c.d:4567 failed: asio.ssl:336134278: 'certificate verify failed' ( 336134278: 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed')
|
...
|
It would be useful to get more detailed explanation about the problem. All elements of certificates must be checked and if one element fails (wrong CN, something else, in root or in one of intermediate certificates, etc), it must be reported what it is.
This would help a lot in troubleshooting.
As a side note, it would be useful to get node names and not their resolved IP-addresses in the messages.
MDEV-22131 allow transition from unencrypted to TLS cluster communication without cluster downtime
