From 19f0b96d53dec47d7b8680c44997afba2ed7431e Mon Sep 17 00:00:00 2001 From: Julius Goryavsky Date: Tue, 4 Oct 2022 13:15:52 +0200 Subject: [PATCH] MDEV-27682: bundled wsrep_notify.sh causes mariadbd to freeze during start This commit adds automation that will reduce the possibility of user errors when customizing wsrep_notify.sh (in particular caused by user-specified parameters). Now all leading and trailing spaces are removed from the user-specified parameters and automatic port and host address substitution has been added to scripts, as well as automatic password substitution to the client command line, only if it is specified in the wsrep_notify.sh and not as empty strings. Also added support for automatic substitution of the all SSL-related parameters and improved parsing for ipv6 addresses (to allow "[...]" notation for ipv6 addresses). Also added a test to check if the wsrep notify script will works with SSL. --- mysql-test/include/ipv6.inc | 1 - mysql-test/std_data/wsrep_notify.sh | 124 +++++++++-- mysql-test/std_data/wsrep_notify_ssl.sh | 195 ++++++++++++++++++ .../r/galera_var_notify_ssl_ipv6.result | 11 + .../t/galera_var_notify_ssl_ipv6-master.opt | 1 + .../galera/t/galera_var_notify_ssl_ipv6.cnf | 20 ++ .../galera/t/galera_var_notify_ssl_ipv6.test | 20 ++ support-files/wsrep_notify.sh | 123 +++++++++-- 8 files changed, 465 insertions(+), 30 deletions(-) create mode 100755 mysql-test/std_data/wsrep_notify_ssl.sh create mode 100644 mysql-test/suite/galera/r/galera_var_notify_ssl_ipv6.result create mode 100644 mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6-master.opt create mode 100644 mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.cnf create mode 100644 mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.test mode change 100644 => 100755 support-files/wsrep_notify.sh diff --git a/mysql-test/include/ipv6.inc b/mysql-test/include/ipv6.inc index 3d8fdcfbc3c..05c65d7817a 100644 --- a/mysql-test/include/ipv6.inc +++ b/mysql-test/include/ipv6.inc @@ -22,4 +22,3 @@ eval SET PASSWORD FOR testuser1@'$IPv6' = PASSWORD ('9876'); --replace_result ::1 localhost SELECT USER(); eval DROP USER testuser1@'$IPv6'; - diff --git a/mysql-test/std_data/wsrep_notify.sh b/mysql-test/std_data/wsrep_notify.sh index 7036f603c84..d5defd6420e 100755 --- a/mysql-test/std_data/wsrep_notify.sh +++ b/mysql-test/std_data/wsrep_notify.sh @@ -4,11 +4,31 @@ # It will create 'wsrep' schema and two tables in it: 'membeship' and 'status' # and fill them on every membership or node status change. # -# Edit parameters below to specify the address and login to server. - +# Edit parameters below to specify the address and login to server: +# USER=root +PSWD= +# +# If these parameters are not set, then the values +# passed by the server are taken: +# HOST=127.0.0.1 PORT=$NODE_MYPORT_1 +# +# Edit parameters below to specify SSL parameters: +# +ssl_key= +ssl_cert= +ssl_ca= +ssl_capath= +ssl_cipher= +ssl_crl= +ssl_crlpath= +ssl_verify_server_cert=0 +# +# Client executable path: +# +CLIENT="$EXE_MYSQL" SCHEMA="mtr_wsrep_notify" MEMB_TABLE="$SCHEMA.membership" @@ -19,7 +39,7 @@ SET wsrep_on=0; CREATE SCHEMA IF NOT EXISTS $SCHEMA; CREATE TABLE IF NOT EXISTS $MEMB_TABLE ( idx INT, - uuid CHAR(40), /* node UUID */ + uuid CHAR(40), /* node UUID */ name VARCHAR(32), /* node name */ addr VARCHAR(256) /* node address */ ) ENGINE=MEMORY; @@ -40,7 +60,7 @@ configuration_change() local idx=0 - for NODE in $(echo $MEMBERS | sed s/,/\ /g) + for NODE in $(echo "$MEMBERS" | sed s/,/\ /g) do echo "INSERT INTO $MEMB_TABLE VALUES ( $idx, " # Don't forget to properly quote string values @@ -59,17 +79,44 @@ status_update() echo "SET wsrep_on=0; BEGIN; UPDATE $STATUS_TABLE SET status='$STATUS'; COMMIT;" } +trim_string() +{ + if [ -n "${BASH_VERSION:-}" ]; then + local pattern="[![:space:]${2:-}]" + local x="${1#*$pattern}" + local z=${#1} + x=${#x} + if [ $x -ne $z ]; then + local y="${1%$pattern*}" + y=${#y} + x=$(( z-x-1 )) + y=$(( y-x+1 )) + printf '%s' "${1:$x:$y}" + else + printf '' + fi + else + local pattern="[[:space:]${2:-}]" + echo "$1" | sed -E "s/^$pattern+|$pattern+\$//g" + fi +} + COM=status_update # not a configuration change by default -while [ $# -gt 0 ] -do +STATUS="" +CLUSTER_UUID="" +PRIMARY="0" +INDEX="" +MEMBERS="" + +while [ $# -gt 0 ]; do case $1 in --status) - STATUS=$2 + STATUS=$(trim_string "$2") shift ;; --uuid) - CLUSTER_UUID=$2 + CLUSTER_UUID=$(trim_string "$2") shift ;; --primary) @@ -78,22 +125,71 @@ do shift ;; --index) - INDEX=$2 + INDEX=$(trim_string "$2") shift ;; --members) - MEMBERS=$2 + MEMBERS=$(trim_string "$2") shift ;; esac shift done -# Undefined means node is shutting down -if [ "$STATUS" != "Undefined" ] +USER=$(trim_string "$USER") +PSWD=$(trim_string "$PSWD") + +HOST=$(trim_string "$HOST") +PORT=$(trim_string "$PORT") + +case "$HOST" in +\[*) + HOST="${HOST##\[}" + HOST=$(trim_string "${HOST%%\]}") + ;; +esac + +if [ -z "$HOST" ]; then + HOST="${NOTIFY_HOST:-}" +fi +if [ -z "$PORT" ]; then + PORT="${NOTIFY_PORT:-}" +fi + +ssl_key=$(trim_string "$ssl_key"); +ssl_cert=$(trim_string "$ssl_cert"); +ssl_ca=$(trim_string "$ssl_ca"); +ssl_capath=$(trim_string "$ssl_capath"); +ssl_cipher=$(trim_string "$ssl_cipher"); +ssl_crl=$(trim_string "$ssl_crl"); +ssl_crlpath=$(trim_string "$ssl_crlpath"); +ssl_verify_server_cert=$(trim_string "$ssl_verify_server_cert"); + +SSL_PARAM="" + +if [ -n "$ssl_key" -o -n "$ssl_cert" -o \ + -n "$ssl_ca" -o -n "$ssl_capath" -o \ + -n "$ssl_cipher" ] then - $COM | mysql -B -u$USER -h$HOST -P$PORT + SSL_PARAM=' --ssl' + [ -n "$ssl_key" ] && SSL_PARAM="$SSL_PARAM --ssl-key='$ssl_key'" + [ -n "$ssl_cert" ] && SSL_PARAM="$SSL_PARAM --ssl-cert='$ssl_cert'" + [ -n "$ssl_ca" ] && SSL_PARAM="$SSL_PARAM --ssl-ca='$ssl_ca'" + [ -n "$ssl_capath" ] && SSL_PARAM="$SSL_PARAM --ssl-capath='$ssl_capath'" + [ -n "$ssl_cipher" ] && SSL_PARAM="$SSL_PARAM --ssl-cipher='$ssl_cipher'" + [ -n "$ssl_crl" ] && SSL_PARAM="$SSL_PARAM --ssl-crl='$ssl_crl'" + [ -n "$ssl_crlpath" ] && SSL_PARAM="$SSL_PARAM --ssl-crlpath='$ssl_crlpath'" + if [ -n "$ssl_verify_server_cert" ]; then + if [ $ssl_verify_server_cert -ne 0 ]; then + SSL_PARAM+=' --ssl-verify-server-cert' + fi + fi +fi + +# Undefined means node is shutting down +if [ "$STATUS" != 'Undefined' ]; then + "$COM" | eval "$CLIENT" -B "-u'$USER'"${PSWD:+" -p'$PSWD'"}\ + "-h'$HOST'" "-P$PORT"$SSL_PARAM fi exit 0 -# diff --git a/mysql-test/std_data/wsrep_notify_ssl.sh b/mysql-test/std_data/wsrep_notify_ssl.sh new file mode 100755 index 00000000000..0e416a2f448 --- /dev/null +++ b/mysql-test/std_data/wsrep_notify_ssl.sh @@ -0,0 +1,195 @@ +#!/bin/sh -eu + +# This is a simple example of wsrep notification script (wsrep_notify_cmd). +# It will create 'wsrep' schema and two tables in it: 'membeship' and 'status' +# and fill them on every membership or node status change. +# +# Edit parameters below to specify the address and login to server: +# +USER=root +PSWD= +# +# If these parameters are not set, then the values +# passed by the server are taken: +# +HOST=127.0.0.1 +PORT=$NODE_MYPORT_1 +# +# Edit parameters below to specify SSL parameters: +# +ssl_cert="$MYSQL_TEST_DIR/std_data/client-cert.pem" +ssl_key="$MYSQL_TEST_DIR/std_data/client-key.pem" +ssl_ca="$MYSQL_TEST_DIR/std_data/cacert.pem" +ssl_capath= +ssl_cipher= +ssl_crl= +ssl_crlpath= +ssl_verify_server_cert=0 +# +# Client executable path: +# +CLIENT="$EXE_MYSQL" + +SCHEMA="mtr_wsrep_notify" +MEMB_TABLE="$SCHEMA.membership" +STATUS_TABLE="$SCHEMA.status" + +BEGIN=" +SET wsrep_on=0; +CREATE SCHEMA IF NOT EXISTS $SCHEMA; +CREATE TABLE IF NOT EXISTS $MEMB_TABLE ( + idx INT, + uuid CHAR(40), /* node UUID */ + name VARCHAR(32), /* node name */ + addr VARCHAR(256) /* node address */ +) ENGINE=MEMORY; +CREATE TABLE IF NOT EXISTS $STATUS_TABLE ( + size INT, /* component size */ + idx INT, /* this node index */ + status CHAR(16), /* this node status */ + uuid CHAR(40), /* cluster UUID */ + prim BOOLEAN /* if component is primary */ +) ENGINE=MEMORY; +BEGIN; +" +END="COMMIT;" + +configuration_change() +{ + echo "$BEGIN;" + + local idx=0 + + for NODE in $(echo "$MEMBERS" | sed s/,/\ /g) + do + echo "INSERT INTO $MEMB_TABLE VALUES ( $idx, " + # Don't forget to properly quote string values + echo "'$NODE'" | sed s/\\//\',\'/g + echo ");" + idx=$(( $idx + 1 )) + done + + echo "INSERT INTO $STATUS_TABLE VALUES($idx, $INDEX, '$STATUS', '$CLUSTER_UUID', $PRIMARY);" + + echo "$END" +} + +status_update() +{ + echo "SET wsrep_on=0; BEGIN; UPDATE $STATUS_TABLE SET status='$STATUS'; COMMIT;" +} + +trim_string() +{ + if [ -n "${BASH_VERSION:-}" ]; then + local pattern="[![:space:]${2:-}]" + local x="${1#*$pattern}" + local z=${#1} + x=${#x} + if [ $x -ne $z ]; then + local y="${1%$pattern*}" + y=${#y} + x=$(( z-x-1 )) + y=$(( y-x+1 )) + printf '%s' "${1:$x:$y}" + else + printf '' + fi + else + local pattern="[[:space:]${2:-}]" + echo "$1" | sed -E "s/^$pattern+|$pattern+\$//g" + fi +} + +COM=status_update # not a configuration change by default + +STATUS="" +CLUSTER_UUID="" +PRIMARY="0" +INDEX="" +MEMBERS="" + +while [ $# -gt 0 ]; do + case $1 in + --status) + STATUS=$(trim_string "$2") + shift + ;; + --uuid) + CLUSTER_UUID=$(trim_string "$2") + shift + ;; + --primary) + [ "$2" = "yes" ] && PRIMARY="1" || PRIMARY="0" + COM=configuration_change + shift + ;; + --index) + INDEX=$(trim_string "$2") + shift + ;; + --members) + MEMBERS=$(trim_string "$2") + shift + ;; + esac + shift +done + +USER=$(trim_string "$USER") +PSWD=$(trim_string "$PSWD") + +HOST=$(trim_string "$HOST") +PORT=$(trim_string "$PORT") + +case "$HOST" in +\[*) + HOST="${HOST##\[}" + HOST=$(trim_string "${HOST%%\]}") + ;; +esac + +if [ -z "$HOST" ]; then + HOST="${NOTIFY_HOST:-}" +fi +if [ -z "$PORT" ]; then + PORT="${NOTIFY_PORT:-}" +fi + +ssl_key=$(trim_string "$ssl_key"); +ssl_cert=$(trim_string "$ssl_cert"); +ssl_ca=$(trim_string "$ssl_ca"); +ssl_capath=$(trim_string "$ssl_capath"); +ssl_cipher=$(trim_string "$ssl_cipher"); +ssl_crl=$(trim_string "$ssl_crl"); +ssl_crlpath=$(trim_string "$ssl_crlpath"); +ssl_verify_server_cert=$(trim_string "$ssl_verify_server_cert"); + +SSL_PARAM="" + +if [ -n "$ssl_key" -o -n "$ssl_cert" -o \ + -n "$ssl_ca" -o -n "$ssl_capath" -o \ + -n "$ssl_cipher" ] +then + SSL_PARAM=' --ssl' + [ -n "$ssl_key" ] && SSL_PARAM="$SSL_PARAM --ssl-key='$ssl_key'" + [ -n "$ssl_cert" ] && SSL_PARAM="$SSL_PARAM --ssl-cert='$ssl_cert'" + [ -n "$ssl_ca" ] && SSL_PARAM="$SSL_PARAM --ssl-ca='$ssl_ca'" + [ -n "$ssl_capath" ] && SSL_PARAM="$SSL_PARAM --ssl-capath='$ssl_capath'" + [ -n "$ssl_cipher" ] && SSL_PARAM="$SSL_PARAM --ssl-cipher='$ssl_cipher'" + [ -n "$ssl_crl" ] && SSL_PARAM="$SSL_PARAM --ssl-crl='$ssl_crl'" + [ -n "$ssl_crlpath" ] && SSL_PARAM="$SSL_PARAM --ssl-crlpath='$ssl_crlpath'" + if [ -n "$ssl_verify_server_cert" ]; then + if [ $ssl_verify_server_cert -ne 0 ]; then + SSL_PARAM+=' --ssl-verify-server-cert' + fi + fi +fi + +# Undefined means node is shutting down +if [ "$STATUS" != 'Undefined' ]; then + "$COM" | eval "$CLIENT" -B "-u'$USER'"${PSWD:+" -p'$PSWD'"}\ + "-h'$HOST'" "-P$PORT"$SSL_PARAM +fi + +exit 0 diff --git a/mysql-test/suite/galera/r/galera_var_notify_ssl_ipv6.result b/mysql-test/suite/galera/r/galera_var_notify_ssl_ipv6.result new file mode 100644 index 00000000000..823407fbba7 --- /dev/null +++ b/mysql-test/suite/galera/r/galera_var_notify_ssl_ipv6.result @@ -0,0 +1,11 @@ +connection node_1; +SELECT COUNT(DISTINCT uuid) AS EXPECT_2 FROM mtr_wsrep_notify.membership; +EXPECT_2 +2 +SELECT MAX(size) AS EXPECT_2 FROM mtr_wsrep_notify.status; +EXPECT_2 +2 +SELECT COUNT(DISTINCT idx) AS EXPECT_2 FROM mtr_wsrep_notify.status; +EXPECT_2 +2 +DROP SCHEMA mtr_wsrep_notify; diff --git a/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6-master.opt b/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6-master.opt new file mode 100644 index 00000000000..99c5889916b --- /dev/null +++ b/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6-master.opt @@ -0,0 +1 @@ +--wsrep_notify_cmd=$MYSQL_TEST_DIR/std_data/wsrep_notify_ssl.sh --wsrep-sync-wait=0 diff --git a/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.cnf b/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.cnf new file mode 100644 index 00000000000..ce121d20e03 --- /dev/null +++ b/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.cnf @@ -0,0 +1,20 @@ +!include ../galera_2nodes.cnf + +[mysqld] +ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem +ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem +ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem +bind-address=:: + +[mysqld.1] +wsrep_provider_options='base_port=@mysqld.1.#galera_port;gmcast.listen_addr=tcp://[::]:@mysqld.1.#galera_port;ist.recv_addr=[::1]:@mysqld.1.#ist_port;gcache.size=1;pc.ignore_sb=true' +wsrep_node_incoming_address='[::1]:@mysqld.1.port' +wsrep_node_address=::1 +wsrep_sst_receive_address='[::1]:@mysqld.1.#sst_port' + +[mysqld.2] +wsrep_cluster_address='gcomm://[::1]:@mysqld.1.#galera_port' +wsrep_provider_options='base_port=@mysqld.2.#galera_port;gmcast.listen_addr=tcp://[::]:@mysqld.2.#galera_port;ist.recv_addr=[::1]:@mysqld.2.#ist_port;gcache.size=1;pc.ignore_sb=true' +wsrep_node_address=::1 +wsrep_node_incoming_address='[::1]:@mysqld.2.port' +wsrep_sst_receive_address='[::1]:@mysqld.2.#sst_port' diff --git a/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.test b/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.test new file mode 100644 index 00000000000..2c2b106c2ae --- /dev/null +++ b/mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6.test @@ -0,0 +1,20 @@ +# +# Test wsrep_notify_cmd. We use a version of the support-files/wsrep_notify.sh script that writes +# notifications into a table. +# + +--source include/galera_cluster.inc +--source include/have_ssl_communication.inc +--source include/check_ipv6.inc +--source include/force_restart.inc + +--connection node_1 +--let $wait_condition = SELECT COUNT(DISTINCT uuid) = 2 FROM mtr_wsrep_notify.membership; +--source include/wait_condition.inc + +SELECT COUNT(DISTINCT uuid) AS EXPECT_2 FROM mtr_wsrep_notify.membership; +SELECT MAX(size) AS EXPECT_2 FROM mtr_wsrep_notify.status; +SELECT COUNT(DISTINCT idx) AS EXPECT_2 FROM mtr_wsrep_notify.status; + +# CLEANUP +DROP SCHEMA mtr_wsrep_notify; diff --git a/support-files/wsrep_notify.sh b/support-files/wsrep_notify.sh old mode 100644 new mode 100755 index bdbe3d12a39..87ba11342c5 --- a/support-files/wsrep_notify.sh +++ b/support-files/wsrep_notify.sh @@ -4,12 +4,31 @@ # It will create 'wsrep' schema and two tables in it: 'membeship' and 'status' # and fill them on every membership or node status change. # -# Edit parameters below to specify the address and login to server. - +# Edit parameters below to specify the address and login to server: +# USER=root PSWD=rootpass +# +# If these parameters are not set, then the values +# passed by the server are taken: +# HOST=127.0.0.1 PORT=3306 +# +# Edit parameters below to specify SSL parameters: +# +ssl_key= +ssl_cert= +ssl_ca= +ssl_capath= +ssl_cipher= +ssl_crl= +ssl_crlpath= +ssl_verify_server_cert=0 +# +# Client executable path: +# +CLIENT="mysql" SCHEMA="wsrep" MEMB_TABLE="$SCHEMA.membership" @@ -32,8 +51,6 @@ CREATE TABLE $STATUS_TABLE ( prim BOOLEAN /* if component is primary */ ) ENGINE=MEMORY; BEGIN; -DELETE FROM $MEMB_TABLE; -DELETE FROM $STATUS_TABLE; " END="COMMIT;" @@ -43,7 +60,7 @@ configuration_change() local idx=0 - for NODE in $(echo $MEMBERS | sed s/,/\ /g) + for NODE in $(echo "$MEMBERS" | sed s/,/\ /g) do echo "INSERT INTO $MEMB_TABLE VALUES ( $idx, " # Don't forget to properly quote string values @@ -62,17 +79,44 @@ status_update() echo "SET wsrep_on=0; BEGIN; UPDATE $STATUS_TABLE SET status='$STATUS'; COMMIT;" } +trim_string() +{ + if [ -n "${BASH_VERSION:-}" ]; then + local pattern="[![:space:]${2:-}]" + local x="${1#*$pattern}" + local z=${#1} + x=${#x} + if [ $x -ne $z ]; then + local y="${1%$pattern*}" + y=${#y} + x=$(( z-x-1 )) + y=$(( y-x+1 )) + printf '%s' "${1:$x:$y}" + else + printf '' + fi + else + local pattern="[[:space:]${2:-}]" + echo "$1" | sed -E "s/^$pattern+|$pattern+\$//g" + fi +} + COM=status_update # not a configuration change by default -while [ $# -gt 0 ] -do +STATUS="" +CLUSTER_UUID="" +PRIMARY="0" +INDEX="" +MEMBERS="" + +while [ $# -gt 0 ]; do case $1 in --status) - STATUS=$2 + STATUS=$(trim_string "$2") shift ;; --uuid) - CLUSTER_UUID=$2 + CLUSTER_UUID=$(trim_string "$2") shift ;; --primary) @@ -81,22 +125,71 @@ do shift ;; --index) - INDEX=$2 + INDEX=$(trim_string "$2") shift ;; --members) - MEMBERS=$2 + MEMBERS=$(trim_string "$2") shift ;; esac shift done -# Undefined means node is shutting down -if [ "$STATUS" != "Undefined" ] +USER=$(trim_string "$USER") +PSWD=$(trim_string "$PSWD") + +HOST=$(trim_string "$HOST") +PORT=$(trim_string "$PORT") + +case "$HOST" in +\[*) + HOST="${HOST##\[}" + HOST=$(trim_string "${HOST%%\]}") + ;; +esac + +if [ -z "$HOST" ]; then + HOST="${NOTIFY_HOST:-}" +fi +if [ -z "$PORT" ]; then + PORT="${NOTIFY_PORT:-}" +fi + +ssl_key=$(trim_string "$ssl_key"); +ssl_cert=$(trim_string "$ssl_cert"); +ssl_ca=$(trim_string "$ssl_ca"); +ssl_capath=$(trim_string "$ssl_capath"); +ssl_cipher=$(trim_string "$ssl_cipher"); +ssl_crl=$(trim_string "$ssl_crl"); +ssl_crlpath=$(trim_string "$ssl_crlpath"); +ssl_verify_server_cert=$(trim_string "$ssl_verify_server_cert"); + +SSL_PARAM="" + +if [ -n "$ssl_key" -o -n "$ssl_cert" -o \ + -n "$ssl_ca" -o -n "$ssl_capath" -o \ + -n "$ssl_cipher" ] then - $COM | mysql -B -u$USER -p$PSWD -h$HOST -P$PORT + SSL_PARAM=' --ssl' + [ -n "$ssl_key" ] && SSL_PARAM="$SSL_PARAM --ssl-key='$ssl_key'" + [ -n "$ssl_cert" ] && SSL_PARAM="$SSL_PARAM --ssl-cert='$ssl_cert'" + [ -n "$ssl_ca" ] && SSL_PARAM="$SSL_PARAM --ssl-ca='$ssl_ca'" + [ -n "$ssl_capath" ] && SSL_PARAM="$SSL_PARAM --ssl-capath='$ssl_capath'" + [ -n "$ssl_cipher" ] && SSL_PARAM="$SSL_PARAM --ssl-cipher='$ssl_cipher'" + [ -n "$ssl_crl" ] && SSL_PARAM="$SSL_PARAM --ssl-crl='$ssl_crl'" + [ -n "$ssl_crlpath" ] && SSL_PARAM="$SSL_PARAM --ssl-crlpath='$ssl_crlpath'" + if [ -n "$ssl_verify_server_cert" ]; then + if [ $ssl_verify_server_cert -ne 0 ]; then + SSL_PARAM+=' --ssl-verify-server-cert' + fi + fi +fi + +# Undefined means node is shutting down +if [ "$STATUS" != 'Undefined' ]; then + "$COM" | eval "$CLIENT" -B "-u'$USER'"${PSWD:+" -p'$PSWD'"}\ + "-h'$HOST'" "-P$PORT"$SSL_PARAM fi exit 0 -#