summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormkaruza <mario.karuza@galeracluster.com>2021-02-05 11:06:25 +0100
committerJan Lindström <jan.lindstrom@mariadb.com>2021-04-15 08:50:01 +0300
commitc3b016efde4b1e0c2b85ca26c814ad43f5611ab2 (patch)
treea253e3593bc130bc37931540ef56b504ed23796d
parent767d63374e634f8ede5e18a8a74127a113013467 (diff)
downloadmariadb-git-c3b016efde4b1e0c2b85ca26c814ad43f5611ab2.tar.gz
MDEV-22668: "Flush SSL" command doesn't reload wsrep certbb-10.4-MDEV-22668
Trigger `socket.ssl_reload` when FLUSH SSL is issued. To triger reloading of certificate, key and CA, files needs to be physically changed. Reviewed-by: Jan Lindström <jan.lindstrom@mariadb.com>
-rw-r--r--mysql-test/std_data/galera_certs/INFORMATION2
-rw-r--r--mysql-test/std_data/galera_certs/galera.1.crt25
-rw-r--r--mysql-test/std_data/galera_certs/galera.1.csr16
-rw-r--r--mysql-test/std_data/galera_certs/galera.1.key27
-rw-r--r--mysql-test/std_data/galera_certs/galera.2.crt25
-rw-r--r--mysql-test/std_data/galera_certs/galera.2.csr16
-rw-r--r--mysql-test/std_data/galera_certs/galera.2.key27
-rw-r--r--mysql-test/std_data/galera_certs/galera.root.crt32
-rw-r--r--mysql-test/std_data/galera_certs/galera.root.key54
-rw-r--r--mysql-test/std_data/galera_certs/galera.root.srl1
-rw-r--r--mysql-test/suite/galera_3nodes/r/galera_ssl_reload.result15
-rw-r--r--mysql-test/suite/galera_3nodes/t/galera_ssl_reload.cnf10
-rw-r--r--mysql-test/suite/galera_3nodes/t/galera_ssl_reload.test67
-rw-r--r--sql/sql_reload.cc8
-rw-r--r--sql/wsrep_mysqld.cc26
-rw-r--r--sql/wsrep_mysqld.h1
16 files changed, 352 insertions, 0 deletions
diff --git a/mysql-test/std_data/galera_certs/INFORMATION b/mysql-test/std_data/galera_certs/INFORMATION
new file mode 100644
index 00000000000..439ba394e09
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/INFORMATION
@@ -0,0 +1,2 @@
+WSREP certificates signed with root certificate.
+Password used is `galera`.
diff --git a/mysql-test/std_data/galera_certs/galera.1.crt b/mysql-test/std_data/galera_certs/galera.1.crt
new file mode 100644
index 00000000000..c1c1818a88c
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.1.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEODCCAiACFG1AlRipIFaH2nn79vsiU6s8yxqwMA0GCSqGSIb3DQEBCwUAMFox
+CzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVsc2lu
+a2kxDzANBgNVBAoMBkdhbGVyYTEUMBIGA1UEAwwLZ2FsZXJhLnJvb3QwHhcNMjEw
+MjA0MTMxOTU3WhcNMzAxMTA0MTMxOTU3WjBXMQswCQYDVQQGEwJGaTERMA8GA1UE
+CAwISGVsc2lua2kxETAPBgNVBAcMCEhlbHNpbmtpMQ8wDQYDVQQKDAZHYWxlcmEx
+ETAPBgNVBAMMCGdhbGVyYS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAq1/qI8oopqwSG6TWLSzMOpm5iXilzQ5bM0E440ZVrdPo/OZvAb99yofMFJi9
+uD1zUigHA+PXoJhm0HYTt5VsymByYwKCT8aYC6Sm6a2H82uuS7Ze8JUBdl4ymZCe
+f56fYmh3EVu0Kf+rk9uCQGouzwrDNuS+MWxsV+lxVoAA08F19yJdvxehBNlGopqc
+Sw6NNa9SISCqjg32oR2RuFzkifV/olPHGl1FSzyzJ/zO2CQYjzT8W+UA/EtnFFCo
+XVJzOKHIbzTNKmj/kkX6esBZ7ItmAdGaTlIV6A/OR/wcKxzZBopd9wFSm42x+Dxk
+eMPKS7OFhaOypl/PHo1LsSrzKwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQApP88p
+5jaa26DhqBonGMBwgbnGzzXqrDlE6GX8Z5TffgOQjg7ZmMzdnS50iW5Jj9PcG3PL
+VpdxtKnyV/3qKJ40WpRvnUMcghyRB74h44y09Qh013uSpFR4ST7As1kAsRKYU7YP
+gc7Bc+rc3fjCOxqwRBIg/mosFCmW7UoogpeGNhuXFgl7ED3pjszAOjbLDxUkaQTj
+vbS9nWvtzE68STBdVTct91OIJPY2hNno8trwYqchQOG7wPOH/V+HzQ3jeLdE8AKw
+/PouspuE5RJmU9zcRzlKBKUsmjl+zD6nkyEzkfRO/JoDhBB0ReHsxaR+SU42K78n
+2H/qGjfhIcWsQVyIaRGqRTPZ6AhRX/04n8RTLHHkG/CLsgBcZnaOvVhraItUAEzC
+AQtD9vvF5uyzdmj0uu2TZNHJnbx+NXoNGJOJI2qUISLSdrVkS6qAHIdavypxDZZg
+4o5NZz+Jyc7Zq61LxLemKfD0isVsY91610A/1JwCy+Li99Mvng8gAJoP2NX/Cvmv
+i0QowP5uRRSL6YmiqRByer9yveSlxR03FvLeFSdftln3eEIyS9/kU74oJ+rOXPus
+fuB2ZNFHjmX7iXj3zf1kkpNCc03eaLY6P3+h2Opnqitz/XAT/eSWQ1huMKGm78ih
+C3Cd/yrwiA+AfxhYMJHl6CTpEWcJnqZQbPBjug==
+-----END CERTIFICATE-----
diff --git a/mysql-test/std_data/galera_certs/galera.1.csr b/mysql-test/std_data/galera_certs/galera.1.csr
new file mode 100644
index 00000000000..f0c396836f0
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.1.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCRmkxETAPBgNVBAgMCEhlbHNpbmtpMREw
+DwYDVQQHDAhIZWxzaW5raTEPMA0GA1UECgwGR2FsZXJhMREwDwYDVQQDDAhnYWxl
+cmEuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtf6iPKKKasEhuk
+1i0szDqZuYl4pc0OWzNBOONGVa3T6PzmbwG/fcqHzBSYvbg9c1IoBwPj16CYZtB2
+E7eVbMpgcmMCgk/GmAukpumth/Nrrku2XvCVAXZeMpmQnn+en2JodxFbtCn/q5Pb
+gkBqLs8KwzbkvjFsbFfpcVaAANPBdfciXb8XoQTZRqKanEsOjTWvUiEgqo4N9qEd
+kbhc5In1f6JTxxpdRUs8syf8ztgkGI80/FvlAPxLZxRQqF1SczihyG80zSpo/5JF
++nrAWeyLZgHRmk5SFegPzkf8HCsc2QaKXfcBUpuNsfg8ZHjDykuzhYWjsqZfzx6N
+S7Eq8ysCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCUyo7S6TThiPiTRbMMu9Pu
+/YAK7mcxF3zG5rMzcf4fgaJAuUfE1Ct4y9eJ0k4gPevt37J2AhyTei6yS2ivESie
+exc/kztendR1PQmnRlICWa3ErXC1ZBJAVjaOx/S+Ttq5Tp4Bd/X2gvUb5JT+9Xbi
+NtxlnISh9cjO9BP7nfsCAbjqBhYT1hmYMlCDkTgHOPRpBQDQlRZ7e5jXDyzHaKzq
+yMfX0jo934oq2lkrV68q/9vmW0SrUU0X9GVDVRo8+4wTb1/dHQOcDaFO1LrsklaQ
+MqJkffv0tJB249+JkXHMzOZbfUTFn6jVJvMrSAQmOCIgXpswk0qmMM6ipEQkAlKW
+-----END CERTIFICATE REQUEST-----
diff --git a/mysql-test/std_data/galera_certs/galera.1.key b/mysql-test/std_data/galera_certs/galera.1.key
new file mode 100644
index 00000000000..adcd6a396a1
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.1.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAq1/qI8oopqwSG6TWLSzMOpm5iXilzQ5bM0E440ZVrdPo/OZv
+Ab99yofMFJi9uD1zUigHA+PXoJhm0HYTt5VsymByYwKCT8aYC6Sm6a2H82uuS7Ze
+8JUBdl4ymZCef56fYmh3EVu0Kf+rk9uCQGouzwrDNuS+MWxsV+lxVoAA08F19yJd
+vxehBNlGopqcSw6NNa9SISCqjg32oR2RuFzkifV/olPHGl1FSzyzJ/zO2CQYjzT8
+W+UA/EtnFFCoXVJzOKHIbzTNKmj/kkX6esBZ7ItmAdGaTlIV6A/OR/wcKxzZBopd
+9wFSm42x+DxkeMPKS7OFhaOypl/PHo1LsSrzKwIDAQABAoIBABrfppLIL8m7L/e/
+yIo6/SevVYX2MmHOf4SxFJ+nNuZUVbPa2st2YN5ynxEXxqBumnfmqPr2LqkTXQQR
+kBP4zZ+KskVObmreJJem0TnRqYEFgMaEqaymYR1TtjGYmRJAKJRA93L0Y3M2kYxV
+Hr7FJ+P1txkTk7OiYfcDN2+uEPMjoIwPTZYqcpw8UggF3zMZosBH3tf4yk/+5Q52
+MilRRjmoOFJSs9617OdgLoXEwQ4sAvg9UecrNR/octMnBUXKq5vWT+L9ub0fxATV
+8U+GUiv2gBnHGikbsqfV/7hZZy+R1V6b/hFrpTlTHXhKpM56ownT85tcI2WNVVOR
+FkDFXDECgYEA1gkIXzQ1O4wuxEBZCwH3hpzT2qCDou/yA91pQN6sekdxJffz8VJs
+5MUmr53vBTD3j57l+iPfa1yApNYEeQDXmiervdLjC0ep3FqyK8qS/J9x86K2E9Bt
+R8ElYGEsYoT93pzM7txPEZo3awgHAqmlPQ9mhujBpsR9xBjYi1IrGDkCgYEAzPmj
+ezryhMqFosh9OK5tirjGw3T28p+ywIl7wS5/Le32HV6sGsva3UpZhb67SkpCDbpF
+ihDV7KHFQqOvZBNSFc8gPvBgFlv4k5IzbU2q1/nO/TzgSnp1sAwlZv4shsiLz7sv
+x2ZhR8gPfO7cTS4281rdlhUuAMe79W2FRwm9/oMCgYEAkPSjH9864i5pie5On97g
+JeHWtS2amWJKFQYB/7YPN+1kmyNXqit5pmJDdhLPS0PDlhg2hvd+m7aVRY3Qj6bb
+XgLaFIBb1krdpmgiXPggHklaIngjOj4hlMQhrSmCpuKNERQ+0tKQFkrMl4djQBFm
+4HiqplnCtVBEIOf22Dx5BTkCgYAQssmhsWSucr0+TKz+4B7mbTUsGSxBCceLLega
+DcqomDkznVHSAQd8faEbZzVk0PXenm0p2UNEOs2SJzmTootOYYhT+EsrpyRyCTgN
+UIV5gM1fDgWLq7xIskSdxlkkRdQ2AR7cVLfaHC8+00q5MumhG6bvohwUTjE+xkRU
+TDPhNwKBgQDKmYS+6sUiUim69J1dP/DNCs4fabbOi/uKaAk0HdN1abnxgRROzrPI
+0BsD84XrG8/e0JhRiKG3Doq18ejNjfWsuyliHPCoJrTIj4IUq7bFvVbdOD6BQHNw
+VzHa3UImlF1LthRqRMV5As+GOF0pRCHeXyihi6KBDEZBG/SKaCp9rw==
+-----END RSA PRIVATE KEY-----
diff --git a/mysql-test/std_data/galera_certs/galera.2.crt b/mysql-test/std_data/galera_certs/galera.2.crt
new file mode 100644
index 00000000000..2d7ebb2d533
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.2.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEODCCAiACFG1AlRipIFaH2nn79vsiU6s8yxqxMA0GCSqGSIb3DQEBCwUAMFox
+CzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVsc2lu
+a2kxDzANBgNVBAoMBkdhbGVyYTEUMBIGA1UEAwwLZ2FsZXJhLnJvb3QwHhcNMjEw
+MjA0MTMyMTMzWhcNMzAxMTA0MTMyMTMzWjBXMQswCQYDVQQGEwJGSTERMA8GA1UE
+CAwISGVsc2lua2kxETAPBgNVBAcMCEhlbHNpbmtpMQ8wDQYDVQQKDAZHYWxlcmEx
+ETAPBgNVBAMMCGdhbGVyYS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAq0DluHNB6VlRjMlQVhnABzB+wTAsC4DBQBAy/AzCPdEg67pZj1j1UKNitdfO
+/FLn6DCLoFhw/z5gFUpev3JzgHcbguOlf3AQA4p9zZn/R/g8fGJtUHolkYXT+V+j
++xUQ8dzdjelu6Xd0kpN9wigtKO4PUd3fzZ7QKen68zQPNEf+KFbSj/Dhk2iokt3N
+entl3MpLGJ+FsxPQwm7bagRdn66x7zAeRu4DifYh3i7lWkC+xE+bnB82BrzBHcMh
+N6uqdnKSdj078hRj/gcSJFMlOSaWCWoZdHQ7+3gp/bCi/dGywNxOgbsmuHznlUpE
+ELbhv6G0m6LzzB1NW7HFctyrNwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAwtXxJ
+8ZQw1jZKUo0TP1D17Jdu36x2Tl8YwB+WMGdEvQSuKAnUEL/k4zOB5WI1VlNbJFAF
+dgsbHXjYrVCbDEpmN15sYXZ4J2NfGTmHAz38gB+r2LDlWj/+5L+VK+hkwGdbcaPX
+cDxm5M66ZbTvCFfozlHRh68/vGKhLnT0Iof3DekP7vaPUlfUUZGFh75vxUW8TM/S
+Ii4Tdo5D/gV4J/fUX2VKMKrJIYKcUxk48AFT0acCfzs9Uc5f4YYJ0vMrtGeVR0gl
+QLavAk3OW7IVY7trVrb0+qKfVuaxFli2hZN58ug/fpSN4wEMP31UxZ8WihG3xJ4x
+9ona+VR023ltpJerLWgHZyvH/HR8QnrQpPJ7y+2XLdI01gIQpYDwHsBBa8EkGjvG
+ra5YB07xOxxR4Wfr7/7gZzMvBkRr0wG/96iAfIB/ILYRJX+93gyqaVHS4RZRRQxe
+fsOpYOy5wMfPIjQQ4/Zd35NH+Y/dQcYqV+GdbbardXtNbT0tqLQesT3boBpsTxA9
+fkA9RayzTKHGojTv8p/FHh6yusfwa9MMdNsbkikM0YoAOTQwrBe7S9sm17Z6HxWr
+A7QqZGxAzAqI6aRRoro6z0KLNjuuiJysCSBqHB3yvPn6bV84UEUreoXFIHINkF/L
+B9S5zL+uYnA3X/ozdSmayNpipA3uYqqhUVSG9g==
+-----END CERTIFICATE-----
diff --git a/mysql-test/std_data/galera_certs/galera.2.csr b/mysql-test/std_data/galera_certs/galera.2.csr
new file mode 100644
index 00000000000..0fba110b92a
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.2.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREw
+DwYDVQQHDAhIZWxzaW5raTEPMA0GA1UECgwGR2FsZXJhMREwDwYDVQQDDAhnYWxl
+cmEuMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtA5bhzQelZUYzJ
+UFYZwAcwfsEwLAuAwUAQMvwMwj3RIOu6WY9Y9VCjYrXXzvxS5+gwi6BYcP8+YBVK
+Xr9yc4B3G4LjpX9wEAOKfc2Z/0f4PHxibVB6JZGF0/lfo/sVEPHc3Y3pbul3dJKT
+fcIoLSjuD1Hd382e0Cnp+vM0DzRH/ihW0o/w4ZNoqJLdzXp7ZdzKSxifhbMT0MJu
+22oEXZ+use8wHkbuA4n2Id4u5VpAvsRPm5wfNga8wR3DITerqnZyknY9O/IUY/4H
+EiRTJTkmlglqGXR0O/t4Kf2wov3RssDcToG7Jrh855VKRBC24b+htJui88wdTVux
+xXLcqzcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB1Je87IIfWW4YTvf1evm4/
+ICxImyQ4T5m3IOPrv9dV/DdxIoNSEfeudjyOmdeXchV5XxlGD2a6JDW4Pmf/gMlU
+5E6ySf4yvI/heDM05GdG623Nye41hCAqh9AIBOvhZEFlQ8/eDZFBXT9nZ4PFUshv
+7v1KlMNKHq5E3Y2eet3d0wDzE0CYJfkc0yoYX/y1IGVM2Td7/YmsSTz8Xm1OvIfx
+hbLzbnYIv4OLfSda/ntFxUy32c8jRxusbbrL4NKE5+eO5Sro1JR/rxRW9DIarp02
+8fzUyf1WhYIGtP/N3ZiZ4jqCsRyj0QmuwIohk33pKtb0APIA+qy8a13QSLUCPuHf
+-----END CERTIFICATE REQUEST-----
diff --git a/mysql-test/std_data/galera_certs/galera.2.key b/mysql-test/std_data/galera_certs/galera.2.key
new file mode 100644
index 00000000000..5b9bf3d0eac
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.2.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAq0DluHNB6VlRjMlQVhnABzB+wTAsC4DBQBAy/AzCPdEg67pZ
+j1j1UKNitdfO/FLn6DCLoFhw/z5gFUpev3JzgHcbguOlf3AQA4p9zZn/R/g8fGJt
+UHolkYXT+V+j+xUQ8dzdjelu6Xd0kpN9wigtKO4PUd3fzZ7QKen68zQPNEf+KFbS
+j/Dhk2iokt3Nentl3MpLGJ+FsxPQwm7bagRdn66x7zAeRu4DifYh3i7lWkC+xE+b
+nB82BrzBHcMhN6uqdnKSdj078hRj/gcSJFMlOSaWCWoZdHQ7+3gp/bCi/dGywNxO
+gbsmuHznlUpEELbhv6G0m6LzzB1NW7HFctyrNwIDAQABAoIBAQCAnv9qJ3bLkgAD
+43dpE3H8dFnfMxUBlrSOLxx73gFNeHJnWdDGLyQganZK6UlWjdYLt9pGleZYbjqw
+AulilM1XIR4SknPMYRhF8JBICW+IWFLlgO9lUDhDMeZhF4oLnGjbnuzwFvDsfIGb
+TRdY6d/xK8tpy2C6CJuDv25xlxoMQwJvSIViJd1qyCe4x3PDBvZ3TKMiWXfUGoSg
+75Yee6dIryCoWGACTjdiNdJpo99EIMJT8HIGQeBBJuIvSTsAgXMugDlnvUkq98LX
+XLJ+Lilx+enUb1WDbwZDMwJd0DlDVZyRVDJwlJRFUEuJvSRfMNKICEynmqJVc/36
+I7BzHNtRAoGBAOOGrH/r46oiSH6vE0VqgPIdlruLDZWoBIW0tVW1wb9E3NzExK53
+WEGy6FETsFGt3cYxtKd5Qy4rD5gfqYrfmDH/bmkK9p69pSjKcSgynABxCqM0DCth
+F3EGc5ZGDcA7Xar70NEP9COExFvPpi2bBq+8//OHNKWHe/aTYj3FuvyjAoGBAMCv
+ZrUR8NJfxw8Jqygc/L5BBW0gzh8ycHlQQPrpb4j01ncFcjTe1Tsc8BAkHYXZbS7o
+h+3JkgzQf7fHJmafKPO3esj2fZqdCoWBqhAf9Wk+9s33rTPo4OXdk22MdII7kV/e
+VpUKzdznKQmftleoJDVq6qBDMN9qQy8z5hVVv8xdAoGBAJEVSV3wzyWn4s5VWVaE
+SWEaGQnR64Got+mCh7b1xWvvv15PYpNVqsOKD7XTdjU/RxGglG/OVVZVQwZf+j6B
+wYzwMjltMkGa8HwISwu06eEmNABJqhDnQolh8ca7OP2BXYMwO8F0CNu1R3i7+l1O
+Y38gZ52kc5+xuwxKgvSc51U9AoGAKiq4aUvBzegT4eCVyjN9xAzqqRUSxpT9NC8x
+6TcIp4odHPLeKV/Sfhs5Fe8xXsdUM33DsW/5PECskoVMjAyso5k1j6ERn7JaSRk1
+JE46IIwc6roW91MxVFyHFOQ14wIyMC6x9+/jWUJlIqwG9WvgcKgzLFtH6LySc1QC
+OA0J6ikCgYAr7JEzFzckFvXNgdUiADnXztchwmjeV/CJZdaHhlVdHmtt0Z7PiWK9
+wRCKwA+wfTW1MeufP/t3l9MqdFx7MjxBbu2aVnd9BEDtGX6pch1pMa7CHyHayDiL
+UoD0lPrJ9hLftKkyMO2IL3kWlg5g3cpwVBzMKxNBynzQx7TQxUrAgA==
+-----END RSA PRIVATE KEY-----
diff --git a/mysql-test/std_data/galera_certs/galera.root.crt b/mysql-test/std_data/galera_certs/galera.root.crt
new file mode 100644
index 00000000000..e965d5a26d6
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.root.crt
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFlTCCA32gAwIBAgIUKCF88W+48rZzdfgYpE2dXVMGSKgwDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhI
+ZWxzaW5raTEPMA0GA1UECgwGR2FsZXJhMRQwEgYDVQQDDAtnYWxlcmEucm9vdDAe
+Fw0yMTAyMDQxMzE3MDJaFw0yMzExMjUxMzE3MDJaMFoxCzAJBgNVBAYTAkZJMREw
+DwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVsc2lua2kxDzANBgNVBAoMBkdh
+bGVyYTEUMBIGA1UEAwwLZ2FsZXJhLnJvb3QwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDKqL45jbaq8RLOj+DeilPcEnBN5gn/y9V3IfZ0BQCd4bR09zLz
+7BQKz6QS825Wi56HC155W1xPMR0RYWy3I3owreQtfdGJuYoTKLpRSoqWJgy/FSzR
++Tr34WfpeIj6754YRm7MndWBPVkujPtOWz6EHn+2oUNIpCZAOwXtMrlJzf5GwNBu
+4kwkylz0whs3iTS//pZLyqk6MsLI7tebmfi9qyaM0b+C1OKiBRQRIjPON8Htp7Au
+GDyOqA4Y9IQlAzZVqy2PP79Ci2FpPF3+01ByWGY6vAIxma2VXS/aNvUvGnuzH8hz
+A5xg1+5Fv2kdxffcWLjp5/WSIaTUiBFMBRKswTtfo+vWuVpzXGvlExGHd10m+MhK
+Avoqq6N28ql6E5pDDH5k6aZ1eB6nKF6BU4BMa4SUPBX/qz8PMbb5j0+n645Gj/G2
+0DfCQoyHd6sMAZZ9LgTjGB/R6sz74YF72q6xECTCygn5HY3qjvmx0BYlIkQDKKqh
+bq2ZmsLLCwtyfUeW144eMhErNZA1MwoJxd8LM0TpJ0nXQdEESf5oS5fMLZnVrxah
+dl5QYYMbmyNedNKdwV4idhGCy+Zq7VAX4lBXazI1rD9vQb+oTcPGQiy4i/Vi/g6i
+F+XZTdTiaOWPEmvFFGLLUQxKl4w872hJaupqfteqdiZ+3ICVIUI8qnXHmwIDAQAB
+o1MwUTAdBgNVHQ4EFgQUs75v/MgjJ5RHGE6+0qdiVo4BwlowHwYDVR0jBBgwFoAU
+s75v/MgjJ5RHGE6+0qdiVo4BwlowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAgEAOVhBs28dwwvD5q2r7oVVcxLc+tb8zu4XxpXT1p6hiZYUyPguCh00
+GVdXCgR4JMI/NcyM5fBAbF3S8oK3+9rw2kW09afVV06Qf/8o3nIyOiDl7598tGIP
+CCK4QsUW/dGajx5kvhtQ7qce+u9KfFTof6lq2xkYtFBBhmBdSv9A1jAZJMw2x3bc
+nr99PS8XZMphS0MIExHKj6Ry5DdYm722zZHyIEiiEGyMViDm2m1iug5r/LPH5Z56
+BjQiH4VP+0y5mevBOUGuH8ID+J9Hu9BeoXLhkv+W2Ljs/S6wqzjinMBqVG+wwe0Y
+a8F5pABkl5uX38nMQ7CikSbLxSbn7nRf+sux1sbzqjMldeCSqiv9mI5Ysq97+Ni1
+5qMxNxNc0u/wGRnrXH8fWfxBKPP5moA7DQfVcUWPgDGQwDpA8kn8RlJxFk3g4yaK
++NMwk5MORKyx3tz/A3Yhs9AUXk3okvmQCT2YVSHcKUB8PAU+TaKqbr3wk07Y/tL/
+jFPHS+t3eD91Y05KGUXjdtGi+33zpV0biHmTWAZT78VQowDNvEpTnXhkSx8HGHYR
+nqSMU2m2LboHSatY113RYznx0LJ1azczRlJdGs8oyPWLPDD2JCesZaQqGZVRJoms
+lK4EzYEb5mZTCRgtgoiO+iKcf6XifuOCrWZXoLm4FlLEfOQ3b8yAFlo=
+-----END CERTIFICATE-----
diff --git a/mysql-test/std_data/galera_certs/galera.root.key b/mysql-test/std_data/galera_certs/galera.root.key
new file mode 100644
index 00000000000..8472f87e714
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.root.key
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F0ACFFE47CF32BB2
+
+F5PwhFDgzuaD7ISSmSn3+GpEoWipTwOPjE8ei9LsQ1a/RdcW19kmB9sJojOSVlV6
+CbLeEl/YKkkAZvbupKvpL0i82WTi+V7W9iKNU3M9tN1JE3WNGCYrL16aUrlnXszi
+eiNhWzAGxtpXNTv+d9gdgYZ0mHJrDk390tYGRcnrEp8FasL0aI4AnIWrJq9zgHeP
+m8K0RxIB6Rp07+SEfsO0pZuGPIkO/qVhIDXYhQrEkap3viPZouH1qzaJNaQXD1ZE
+EoP0n/jbX3KuLeep4aGdEGq/eAZx/WUZpZWECOqwZ7HDNFcXj4nZRNQmCpSobEHU
+e+9DL+nnmoMtsFG7Jb6S3d8Fxv5DLqm7LTHweZzlkw0pD5sVVMSeb6Xq2Cshxsf2
+htQGZDtxscTimDrLHsNonw1tVBfY0HPpTNNmjyKpa2lmbQ4KQls3A4i9yZaXM1W4
+pkc1Emk0ot+yXZU+SNPeAgAMCf5rygiQtsALYdbkZVpVvziVVBFdav+v9RtwrMfJ
+fli6GbAwm2mKXdFlc8SnfbNxKw8v2K26IUZFEzwiE/MxwOR4UBwcNa2JcXKsMGVt
+o2pBOJr0dquywV37EV7hu2S6Kgf1nREgksON86REmZoPpzMlCpTf805awdDN/a/K
+jJkRrekRinrPaIDfvwQjIhhXYWSVQywJ2nTL6+78SvnKRNmIFDGdmOY7CtsyRvkp
+P2Qp+JhzT4VM8x2sApBQiN3S3dSr1D8gmdwKGiLp82GhMIdGNjVpxPSVjCFC3Apu
+hvRw3LSJ7iUWLrtsR2yZeDBHh1yDraLYo76qYqvgYDKYa+R1GiJd70t5cDSqgwV9
+EXlnA32VsRrAXdRypGNAq934TSWiO4l+M60bt/K/U41uQHas1gWsGdtWcjCLTylf
+YT8G+4QnIrOGJzyKZeIrawu/GtxrK2S5xe0ZAOwYQmJYiIH4TfvdrNX4DNEfGpd/
+CrBULWCvAtgqNrNgpFuV8027yAZWPpG2DSE+Q+XTahxjNUxAI7kkXB/Xxc5KfhSF
+BaYHQ2TfTWnwD3K1BNWM4yZ/L4up8UIrXyMdk7q0LofwCTKGOgqzwVaez86gpriL
+pphXPYIY9cX9qLBs5YuVGk9ApkbC0VRqmXcCL7OEAzso14ItHVlVU73QSS+I+3sK
+sqwb0USLuN7qZUVhtJIyAkK/D+DmNYSg4eqhcMRnJAanD2acmwtAy0HE+YVcQN/X
+gEwSOdkf7WkwDshvBPA8rl4YWRxwKxstS0wyPG8rzMZWYYB2xf3nd78NtdzVZSnN
+pDUJkUKorCaSuanMvjKS9r+sILzUc1bkO/T//qTY/HtRtl8AffcXIjyJkXb5PSjt
+dxq7ktkeESAB9vb+c7nWolMVqxUD+1KpHi1kwR4IuAWtJe4G+82pDc6wLEZjeJMO
+nd2NNW/CToWv0YfWonGUDZbOFqee7H0Tioqjni4uQbLcDZJHr6i3wwGIncIENo73
+DqfYEpNT3U6uLSC/cNv3lvIRjVziBEB9f0KgOHt38UIsZ4oJAMV/B63Wfn1nd1g4
+NBdNwO48M2KHbxgwXJxxX1jQOj9+IJiVaGIbpzeeJ3yTKDMfkBKH4eQj2/aAA1zK
+pqFRyoBhuviMZ1IeBOVyb3QHJSINry/WiiOKoHLvvFM7KXgygedJwg6k8SHCQCfS
+D9RignCNT/O8VhJ4hpzAXbEpeAXJn+AHYGIxL6Fu+0dwDKJjruvcLpVVt9GLLdzX
+OBgsK0z9m3hLOf8dfY97jMkRTHtokrA28iheLh6l8rFFesJM8lqFreFRRJMTXeHW
+Xwa82PbUdIWygguAlSj035aGUuNRNDZq4Bh4XTVndCDbUfRBlYF9yMduvSqaKsmm
+tLJ8V04vDECQpUcAPTCCbTDFoV8/KVDsxMTgZkdiJG/Vv2y8mzy5FPAJBNk/HCcx
+E8qc7KF80l+YGQ/IgGzzz9r9DqaXy21FwaiA6TRFth9hXMdzZLVBNfpzZ+dGMJEQ
+PAoWUshcNNwAZVU0+GzdQvdckGUcWgnMZpzXswaUmXbMidQ6VQnDTQdj5qIEnrMW
+CrIHVs+hhjcGRbGf6DGHQpQbjD9FWX38PVzPpocu1qmLKVTUoFPqm0EqU01SYLFu
+S9ntmlOqYJJIR0LbXJvAL7tVKHiK4gR8NMfN2YKPi4Eg3GKTZ5XaSpNPQJnR0ZqP
++sU07jjQTcVuCD8Cx8c9LGXa6PNAwBufk3jrz/vZy8AQEs13aMu3thHhLQWKrgi5
+jVdoLNIqQZJH7aY0YjoaD6if+4uHtRQOqUcJPUyxWnwXx+Y/o+9DrpH5K9V9fcVR
+e7Ej8j2Ha4yzZw7M9Uze0unMRQOhE2lbRsP4C6f/TK3izeSlmhG0D/pHfHx9GKbf
+S7TPnD0YhUS9TpXX3BEVSXVjIkkbIiC0djq3OI+3PSn/PJqWjCw8pL7JZp5T8J1u
+sqyQCge4XjYmmj9Np511tcviq+jmobf0b+WMmxxV21/Au+v2uI/7eAwUyWYIJYny
+kcGUDmEZohsFx6hYbRsH+bSEUqC6MuKiUaaqEb97IoR33D3ZajMBchw+Yg0jh/wJ
+S8FKEB0NlS00051UnwdsjBKyuOMWT6xH9VVR8W+7t6i0rMDxb4DjP3T+BqjXCT0d
+kiHRXRALxotk+WVRC4qRVr0kmFut9bLjlFu2Hlbnpmm7zmJcE3hbkhWjXqDsysp7
+SKJAs+IvYrTMEtURflKiN/n7y6SbXdCXvw+lRTeTjT9h8DiIMsK5vw2SSjWPaQnu
+ikCATObciGyro3aImzhaBBY0r/F4Q1KsvLi+xKo+JoDHSVNjNg9SNjQKhyVRFJq/
+quwTP019B5U3ykWj2/i7HV9IBH+nGEUuvpI5esUoIWTvdCkVdAEeSg0vwkJoohbb
+l9HjDYyEJxoLhwaR7Mqh+uDxHBK2Kqh8TkIXjdUbXqTRIX6lajzJ/p7owoE48sHa
+iWo9tN+4bOabEjPAkEhLy2cLUfWEPjClo8YZelif8cZigKzdSDbxdmyugfFtZfQX
+NYwcMYayGBCETNyByLbBjNO+7XPlNcfqQJlFWsGOrzmJdoxtW7CYYqbN8qzhpNox
+MSRK7T+eUDFKNjY53lPfUPUFgcXq+9IKicf6cYE8gsI3/5I9vzLk3Lt7ZLXMgFv7
+-----END RSA PRIVATE KEY-----
diff --git a/mysql-test/std_data/galera_certs/galera.root.srl b/mysql-test/std_data/galera_certs/galera.root.srl
new file mode 100644
index 00000000000..e6c62e06527
--- /dev/null
+++ b/mysql-test/std_data/galera_certs/galera.root.srl
@@ -0,0 +1 @@
+6D409518A9205687DA79FBF6FB2253AB3CCB1AB1
diff --git a/mysql-test/suite/galera_3nodes/r/galera_ssl_reload.result b/mysql-test/suite/galera_3nodes/r/galera_ssl_reload.result
new file mode 100644
index 00000000000..541822797b7
--- /dev/null
+++ b/mysql-test/suite/galera_3nodes/r/galera_ssl_reload.result
@@ -0,0 +1,15 @@
+connection node_2;
+connection node_1;
+connect node_3, 127.0.0.1, root, , test, $NODE_MYPORT_3;
+connection node_1;
+connection node_2;
+connection node_3;
+connection node_1;
+connection node_2;
+connection node_2;
+# restart: with restart_parameters
+SET GLOBAL wsrep_provider_options = 'socket.ssl_reload=1';
+connection node_3;
+# restart: with restart_parameters
+connection node_2;
+FLUSH SSL;
diff --git a/mysql-test/suite/galera_3nodes/t/galera_ssl_reload.cnf b/mysql-test/suite/galera_3nodes/t/galera_ssl_reload.cnf
new file mode 100644
index 00000000000..65d1599268d
--- /dev/null
+++ b/mysql-test/suite/galera_3nodes/t/galera_ssl_reload.cnf
@@ -0,0 +1,10 @@
+!include ../galera_3nodes.cnf
+
+[mysqld.1]
+wsrep_provider_options='base_port=@mysqld.1.#galera_port;socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.root.crt;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.1.crt;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.1.key'
+
+[mysqld.2]
+wsrep_provider_options='base_port=@mysqld.2.#galera_port;socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.root.crt;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.1.crt;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.1.key'
+
+[mysqld.3]
+wsrep_provider_options='base_port=@mysqld.3.#galera_port;socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.root.crt;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.1.crt;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera_certs/galera.1.key'
diff --git a/mysql-test/suite/galera_3nodes/t/galera_ssl_reload.test b/mysql-test/suite/galera_3nodes/t/galera_ssl_reload.test
new file mode 100644
index 00000000000..0c22a58b3e9
--- /dev/null
+++ b/mysql-test/suite/galera_3nodes/t/galera_ssl_reload.test
@@ -0,0 +1,67 @@
+#
+# Test reloading of Galera SSL certificate without shutting down node
+#
+
+--source include/galera_cluster.inc
+--source include/have_innodb.inc
+
+--connect node_3, 127.0.0.1, root, , test, $NODE_MYPORT_3
+
+# Save original auto_increment_offset values.
+--let $node_1=node_1
+--let $node_2=node_2
+--let $node_3=node_3
+--source ../galera/include/auto_increment_offset_save.inc
+
+# Setup galera ports
+--connection node_1
+--source suite/galera/include/galera_base_port.inc
+--let $NODE_GALERAPORT_1 = $_NODE_GALERAPORT
+
+--connection node_2
+--source suite/galera/include/galera_base_port.inc
+--let $NODE_GALERAPORT_2 = $_NODE_GALERAPORT
+
+# Setup temporary file for SSL reloading
+let $ssl_cert = $MYSQLTEST_VARDIR/tmp/ssl_cert.pem;
+let $ssl_key = $MYSQLTEST_VARDIR/tmp/ssl_key.pem;
+let $ssl_ca = $MYSQLTEST_VARDIR/tmp/ssl_ca.pem;
+
+copy_file std_data/galera_certs/galera.root.crt $ssl_ca;
+copy_file std_data/galera_certs/galera.1.crt $ssl_cert;
+copy_file std_data/galera_certs/galera.1.key $ssl_key;
+
+--connection node_2
+--source include/shutdown_mysqld.inc
+--let $restart_noprint=1
+--let $restart_parameters = --wsrep_cluster_address=gcomm://127.0.0.1:$NODE_GALERAPORT_1 --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera_certs/galera.root.crt;socket.ssl_cert=$MYSQLTEST_VARDIR/tmp/ssl_cert.pem;socket.ssl_key=$MYSQLTEST_VARDIR/tmp/ssl_key.pem
+--source include/start_mysqld.inc
+--source include/galera_wait_ready.inc
+
+# Set certificate and key and reload by setting directly `wsrep_provider_options`
+remove_file $ssl_cert;
+remove_file $ssl_key;
+copy_file std_data/galera_certs/galera.2.crt $ssl_cert;
+copy_file std_data/galera_certs/galera.2.key $ssl_key;
+SET GLOBAL wsrep_provider_options = 'socket.ssl_reload=1';
+
+--connection node_3
+--source include/shutdown_mysqld.inc
+--let $restart_parameters = --wsrep_cluster_address=gcomm://127.0.0.1:$NODE_GALERAPORT_2
+--source include/start_mysqld.inc
+
+# Set certificate and key and reload by executing `FLUSH SSL`
+--connection node_2
+remove_file $ssl_cert;
+remove_file $ssl_key;
+copy_file std_data/galera_certs/galera.1.crt $ssl_cert;
+copy_file std_data/galera_certs/galera.1.key $ssl_key;
+FLUSH SSL;
+
+# Cleanup
+remove_file $ssl_ca;
+remove_file $ssl_cert;
+remove_file $ssl_key;
+
+# Restore original auto_increment_offset values.
+--source ../galera/include/auto_increment_offset_restore.inc
diff --git a/sql/sql_reload.cc b/sql/sql_reload.cc
index 5b4600ece9a..76fb9819fd5 100644
--- a/sql/sql_reload.cc
+++ b/sql/sql_reload.cc
@@ -416,6 +416,14 @@ bool reload_acl_and_cache(THD *thd, unsigned long long options,
{
if (reinit_ssl())
result= 1;
+#ifdef WITH_WSREP
+ if (!result &&
+ WSREP_ON && wsrep_reload_ssl())
+ {
+ my_message(ER_UNKNOWN_ERROR, "Failed to refresh WSREP SSL.", MYF(0));
+ result= 1;
+ }
+#endif
}
if (options & REFRESH_GENERIC)
{
diff --git a/sql/wsrep_mysqld.cc b/sql/wsrep_mysqld.cc
index 0338d7ad054..0f0ef95492b 100644
--- a/sql/wsrep_mysqld.cc
+++ b/sql/wsrep_mysqld.cc
@@ -1249,6 +1249,32 @@ exit:
return fail;
}
+bool wsrep_reload_ssl()
+{
+ try
+ {
+ std::string opts= Wsrep_server_state::instance().provider().options();
+ if (opts.find("socket.ssl_reload") == std::string::npos)
+ {
+ WSREP_DEBUG("Option `socket.ssl_reload` not found in parameters.");
+ return false;
+ }
+ const std::string reload_ssl_param("socket.ssl_reload=1");
+ enum wsrep::provider::status ret= Wsrep_server_state::instance().provider().options(reload_ssl_param);
+ if (ret)
+ {
+ WSREP_ERROR("Set options returned %d", ret);
+ return true;
+ }
+ return false;
+ }
+ catch (...)
+ {
+ WSREP_ERROR("Failed to get provider options");
+ return true;
+ }
+}
+
/*!
* @param db Database string
* @param table Table string
diff --git a/sql/wsrep_mysqld.h b/sql/wsrep_mysqld.h
index 0b245ea11cb..db6910030c8 100644
--- a/sql/wsrep_mysqld.h
+++ b/sql/wsrep_mysqld.h
@@ -214,6 +214,7 @@ extern void wsrep_last_committed_id (wsrep_gtid_t* gtid);
extern int wsrep_check_opts();
extern void wsrep_prepend_PATH (const char* path);
extern bool wsrep_append_fk_parent_table(THD* thd, TABLE_LIST* table, wsrep::key_array* keys);
+extern bool wsrep_reload_ssl();
/* Other global variables */
extern wsrep_seqno_t wsrep_locked_seqno;