From d1a4315f4cb096c2fd81c96bc4afc6bb618bae49 Mon Sep 17 00:00:00 2001
From: Julius Goryavsky <julius.goryavsky@mariadb.com>
Date: Thu, 13 Apr 2023 07:49:35 +0200
Subject: [PATCH] MDEV-30402: Encrypted mariabackup SST breaks on distributions
 with newer socat

This commit adds a new 'no-sni' option to socat which is required to
properly authenticate with newer socat versions (after version 1.7.4+).
This option is needed to disable the automatic use of the SNI feature
(Server Name Indication) since the SST script directly specifies the
commonname if necessary and automatic activation of the SNI feature
is unnecessary in such scenarios.
---
 scripts/wsrep_sst_mariabackup.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/wsrep_sst_mariabackup.sh b/scripts/wsrep_sst_mariabackup.sh
index 7e26af83701..b46e64a9e8b 100644
--- a/scripts/wsrep_sst_mariabackup.sh
+++ b/scripts/wsrep_sst_mariabackup.sh
@@ -340,6 +340,9 @@ get_transfer()
                         "Use workaround for socat $SOCAT_VERSION bug"
                 fi
             fi
+            if check_for_version "$SOCAT_VERSION" '1.7.4'; then
+                tcmd="$tcmd,no-sni=1"
+            fi
         fi
 
         if [ "${sockopt#*,dhparam=}" = "$sockopt" ]; then