database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-10-27 05:56:07 +03:00
Code Activity

MDEV-25719: stunnel uses "verifyChain" without subject checks

Browse Source 
Another batch of changes that should make the SST process
more reliable in all scenarios:

 1) Added hostname or CN verification when stunnel is used
    with certificate chain verification (verifyChain = yes);
 2) Added check for the absence of the stunnel utility for
    mtr tests;
 3) Deletion of working files before and after SST is done
    more accurately;
 4) rsync on joiner can be run even if the path to its
    configuration file contains spaces;
 5) More accurate directory creation (for data files and
    for logs);
 6) IST with mysqldump no longer turns off statement logging;
 7) Reset password for mysqldump when password is empty but
    username is specified;
 8) More reliable quoting when generating statements in
    wsrep_sst_mysqldump;
 9) Added explicit generation of 2048-bit Diffie-Hellman
    parameters for sockat < 1.7.3, by analogy with xtrabackup;
10) Compression parameters for qpress are read from all
    suitable server groups in configuration file, as well as
    from the [sst] and [xtrabackup] groups;
11) Added a test that checks compression using qpress;
12) Checking for optional utilities is modified to work even
    if they implemented as built-in shell commands (unlikely
    on real systems, but more reliable).
This commit is contained in:
Julius Goryavsky
2021-05-21 03:11:48 +02:00
parent 629449172a
commit 8c8a6ed3b8
22 changed files with 367 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mysql-test/suite.pm
View File

@@ -63,7 +63,7 @@ sub skip_combinations {
unless ::have_mariabackup();
$skip{'include/have_mariabackup.inc'} = 'Need socket statistics utility'
unless IS_WINDOWS || ::which("ss");
unless IS_WINDOWS || ! ::have_wsrep() || ::which("lsof") || ::which("sockstat") || ::which("ss");
$skip{'include/have_mariabackup.inc'} = 'Need socat or nc'
unless IS_WINDOWS || $ENV{MTR_GALERA_TFMT};
@@ -95,7 +95,6 @@ sub skip_combinations {
unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/
and $1 ge "1.0.1d" and $1 lt "1.1.1";
$skip{'t/ssl_7937.combinations'} = [ 'x509v3' ]
unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/
and $1 ge "1.0.2";
@@ -108,4 +107,3 @@ sub skip_combinations {
}
bless { };