diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2015-12-22 15:19:51 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2015-12-22 15:19:51 +0100 |
| commit | d8e127f9f4eb634be2b84de3384709060db70b43 (patch) | |
| tree | 94c523e008841950174c8308ce9d6812d4328c02 /scripts | |
| parent | 02781512605e311e1ae45fedb154555ed3ed2cba (diff) | |
| parent | d58a770201acae10bdae7e840db043368cb48ba0 (diff) | |
| download | mariadb-git-d8e127f9f4eb634be2b84de3384709060db70b43.tar.gz | |
Merge branch '10.1' into bb-10.1-serg
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/wsrep_sst_xtrabackup-v2.sh | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/scripts/wsrep_sst_xtrabackup-v2.sh b/scripts/wsrep_sst_xtrabackup-v2.sh index 68e250d2157..2b432cb1089 100644 --- a/scripts/wsrep_sst_xtrabackup-v2.sh +++ b/scripts/wsrep_sst_xtrabackup-v2.sh @@ -191,9 +191,9 @@ get_transfer() exit 2 fi - if [[ $encrypt -eq 2 || $encrypt -eq 3 ]] && ! socat -V | grep -q WITH_OPENSSL;then - wsrep_log_info "NOTE: socat is not openssl enabled, falling back to plain transfer" - encrypt=-1 + if [[ $encrypt -eq 2 || $encrypt -eq 3 ]] && ! socat -V | grep -q "WITH_OPENSSL 1";then + wsrep_log_error "Encryption requested, but socat is not OpenSSL enabled (encrypt=$encrypt)" + exit 2 fi if [[ $encrypt -eq 2 ]];then @@ -204,25 +204,35 @@ get_transfer() fi stagemsg+="-OpenSSL-Encrypted-2" if [[ "$WSREP_SST_OPT_ROLE" == "joiner" ]];then - wsrep_log_info "Decrypting with PEM $tpem, CA: $tcert" - tcmd="socat -u openssl-listen:${TSST_PORT},reuseaddr,cert=$tpem,cafile=${tcert}${sockopt} stdio" + wsrep_log_info "Decrypting with cert=${tpem}, cafile=${tcert}" + tcmd="socat -u openssl-listen:${TSST_PORT},reuseaddr,cert=${tpem},cafile=${tcert}${sockopt} stdio" else - wsrep_log_info "Encrypting with PEM $tpem, CA: $tcert" - tcmd="socat -u stdio openssl-connect:${REMOTEIP}:${TSST_PORT},cert=$tpem,cafile=${tcert}${sockopt}" + wsrep_log_info "Encrypting with cert=${tpem}, cafile=${tcert}" + tcmd="socat -u stdio openssl-connect:${REMOTEIP}:${TSST_PORT},cert=${tpem},cafile=${tcert}${sockopt}" fi elif [[ $encrypt -eq 3 ]];then wsrep_log_info "Using openssl based encryption with socat: with key and crt" - if [[ -z $tpem || -z $tkey ]];then + if [[ -z $tpem || -z $tkey ]];then wsrep_log_error "Both certificate and key files required" exit 22 fi stagemsg+="-OpenSSL-Encrypted-3" if [[ "$WSREP_SST_OPT_ROLE" == "joiner" ]];then - wsrep_log_info "Decrypting with certificate $tpem, key $tkey" - tcmd="socat -u openssl-listen:${TSST_PORT},reuseaddr,cert=$tpem,key=${tkey},verify=0${sockopt} stdio" + if [[ -z $tcert ]];then + wsrep_log_info "Decrypting with cert=${tpem}, key=${tkey}, verify=0" + tcmd="socat -u openssl-listen:${TSST_PORT},reuseaddr,cert=${tpem},key=${tkey},verify=0${sockopt} stdio" + else + wsrep_log_info "Decrypting with cert=${tpem}, key=${tkey}, cafile=${tcert}" + tcmd="socat -u openssl-listen:${TSST_PORT},reuseaddr,cert=${tpem},key=${tkey},cafile=${tcert}${sockopt} stdio" + fi else - wsrep_log_info "Encrypting with certificate $tpem, key $tkey" - tcmd="socat -u stdio openssl-connect:${REMOTEIP}:${TSST_PORT},cert=$tpem,key=${tkey},verify=0${sockopt}" + if [[ -z $tcert ]];then + wsrep_log_info "Encrypting with cert=${tpem}, key=${tkey}, verify=0" + tcmd="socat -u stdio openssl-connect:${REMOTEIP}:${TSST_PORT},cert=${tpem},key=${tkey},verify=0${sockopt}" + else + wsrep_log_info "Encrypting with cert=${tpem}, key=${tkey}, cafile=${tcert}" + tcmd="socat -u stdio openssl-connect:${REMOTEIP}:${TSST_PORT},cert=${tpem},key=${tkey},cafile=${tcert}${sockopt}" + fi fi else |