MDEV-13362: implement --require_secure_transport option

Currently, if a user wants to require TLS for every connection made
over the network, then every user account on the system needs to be
created with "REQUIRE SSL" or one of the other TLS options.

Implementing a require_secure_transport system varuable (which,
in particular, can be set using the --require_secure_transport=ON
command line option) in the MariaDB Server would make it a lot
easier to require TLS (or other secure transport) system-wide.

This patch implements this new system variable, adds the ability
to set it with SQL statements, from the command line and from the
configuration file, and also contains improvements for mtr that allow
the user to establish non-secure TCP/IP connections (for example,
to verify the operation of the new option).

1 files changed, 15 insertions, 0 deletions

diff --git a/mysql-test/main/require_secure_transport.test b/mysql-test/main/require_secure_transport.test
new file mode 100644
index 00000000000..ce62e7d5492
--- /dev/null
+++ b/mysql-test/main/require_secure_transport.test
@@ -0,0 +1,15 @@
+-- source include/have_ssl_communication.inc
+CREATE TABLE t1 (t int(1));
+SET GLOBAL require_secure_transport=ON;
+--disable_query_log
+--error ER_ACCESS_DENIED_ERROR
+connect without_ssl,localhost,root,,,,,TCP NOSSL;
+--enable_query_log
+connection default;
+SET GLOBAL require_secure_transport=OFF;
+--disable_query_log
+connect without_ssl,localhost,root,,,,,TCP NOSSL;
+--enable_query_log
+disconnect without_ssl;
+connection default;
+DROP TABLE t1;