summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulius Goryavsky <julius.goryavsky@mariadb.com>2023-04-13 07:49:35 +0200
committerJulius Goryavsky <julius.goryavsky@mariadb.com>2023-04-13 07:49:35 +0200
commitd1a4315f4cb096c2fd81c96bc4afc6bb618bae49 (patch)
treeeb0a6f08e0a5a9ef37a7e2837b6234f08c137813
parentef4d09948d5ff38f5dff8974005ba222a4b18462 (diff)
downloadmariadb-git-d1a4315f4cb096c2fd81c96bc4afc6bb618bae49.tar.gz
MDEV-30402: Encrypted mariabackup SST breaks on distributions with newer socat
This commit adds a new 'no-sni' option to socat which is required to properly authenticate with newer socat versions (after version 1.7.4+). This option is needed to disable the automatic use of the SNI feature (Server Name Indication) since the SST script directly specifies the commonname if necessary and automatic activation of the SNI feature is unnecessary in such scenarios.
-rw-r--r--scripts/wsrep_sst_mariabackup.sh3
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/wsrep_sst_mariabackup.sh b/scripts/wsrep_sst_mariabackup.sh
index 7e26af83701..b46e64a9e8b 100644
--- a/scripts/wsrep_sst_mariabackup.sh
+++ b/scripts/wsrep_sst_mariabackup.sh
@@ -340,6 +340,9 @@ get_transfer()
"Use workaround for socat $SOCAT_VERSION bug"
fi
fi
+ if check_for_version "$SOCAT_VERSION" '1.7.4'; then
+ tcmd="$tcmd,no-sni=1"
+ fi
fi
if [ "${sockopt#*,dhparam=}" = "$sockopt" ]; then