As noted in MDEV-20377, MemorySanitizer (cmake -DWITH_MSAN=ON) requires that all libraries be instrumented, with the possible exception of libc. Currently, libmariadb insists on linking with GNUTLS instead of WolfSSL, which we can easily build ourselves by specifying -DWITH_SSL=bundled.

An instrumented library is a must-have for WITH_MSAN builds, and it would also improve the coverage of other sanitizers (WITH_ASAN, WITH_UBSAN, WITH_TSAN).

Because libmariadb is normally licensed under the GNU LGPL version 2, which WolfSSL is believed to be incompatible with, we could consider introducing some configuration parameter, similar to the existing cmake flag NOT_FOR_DISTRIBUTION. That flag is already being used in cmake/readline.cmake and cmake/aws_sdk.cmake. However, its purpose appears to allow something GPLv2 incompatible to be built, while here the result should still be GPLv2 compatible while being LGPLv2 incompatible. Perhaps the option should be called NOT_LGPL or similar, and it should apply to Connector/C only, not to the MariaDB server?