I wholeheartedly approve of this! 
Note that my PR mariadb-connector-c #225 already accomplishes two important related tasks:
- Preventing a long-known path for silent SSL→plaintext downgrade (that's
MDEV-28634) - Reduction of attack surface, in terms of eliminating other code paths that could allow such downgrades
Note that MDEV-31856 is a precondition for --ssl-verify-server-cert. We can only enable it by default (preventing SSL→plaintext downgrade, as you correctly pointed out) if MariaDB servers will have SSL enabled by default, so that clients will continue to work even without SSL→plaintext downgrade.
the most time consuming part was to fix mtr tests, as they mostly use passwordless accounts and that makes server cert validation to fail
see MDEV-31855 for the list of commits
OK to push
To be more user-friendly in a typical passwordless test environment, mariadb cli, will disable --ssl-verify-server-cert if
- --ssl-verify-server-cert was not enabled explicitly
- CA was not specified
- fingerprint was not specified
- protocol is TCP
- no password was provided
It'll also print a warning in this case
Testing done. Ok to push.
`mysql_init()` now set `use_ssl=1` by default . Is this intended?
It makes MariaDB close to MySQL behavior (ssl_mode=PREFERRED by default).
So it reduce confusion of users who don't know difference between libmariadb and libmysql.
But use_ssl by default makes difficult to prohibit plaintext downgrade.