[#MDEV-28239] rsync and mariabackup SST scripts handle sst ssl

[MDEV-28239] rsync and mariabackup SST scripts handle sst ssl_mode option differently Created: 2022-04-04 Updated: 2023-11-28
Status:	Stalled
Project:	MariaDB Server
Component/s:	Galera, Galera SST, SSL
Affects Version/s:	10.7.3, 10.8.2
Fix Version/s:	10.11

Type:

Bug

Priority:

Minor

Reporter:

Hartmut Holzgraefe

Assignee:

Julius Goryavsky

Resolution:

Unresolved

Votes:

Labels:

None

Description

The wsrep_sst_rsync script checks four different ssl_mode settings:

DISABLED (or unset) - do not use encryption
REQUIRED - make sure encryption is used
VERIFY_CA and VERIFY_IDENTITY set different certificate verification modes

A closer look at the SST scripts though shows that only the rsync scripts treats both VERIFY modes as different, while the mariabackup script just enables general verification when seeing a mode starting with VERIFY, not checking the rest of the string then and so not making a difference between VERIFY_CA and VERIFY_IDENTITY

Generated at Thu Feb 08 09:59:10 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-28239] rsync and mariabackup SST scripts handle sst ssl_mode option differently Created: 2022-04-04 Updated: 2023-11-28