diff options
| author | mkaruza <mario.karuza@galeracluster.com> | 2021-02-05 11:06:25 +0100 |
|---|---|---|
| committer | Jan Lindström <jan.lindstrom@mariadb.com> | 2021-04-15 08:50:01 +0300 |
| commit | c3b016efde4b1e0c2b85ca26c814ad43f5611ab2 (patch) | |
| tree | a253e3593bc130bc37931540ef56b504ed23796d /sql | |
| parent | 767d63374e634f8ede5e18a8a74127a113013467 (diff) | |
| download | mariadb-git-c3b016efde4b1e0c2b85ca26c814ad43f5611ab2.tar.gz | |
MDEV-22668: "Flush SSL" command doesn't reload wsrep certbb-10.4-MDEV-22668
Trigger `socket.ssl_reload` when FLUSH SSL is issued. To triger reloading
of certificate, key and CA, files needs to be physically changed.
Reviewed-by: Jan Lindström <jan.lindstrom@mariadb.com>
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_reload.cc | 8 | ||||
| -rw-r--r-- | sql/wsrep_mysqld.cc | 26 | ||||
| -rw-r--r-- | sql/wsrep_mysqld.h | 1 |
3 files changed, 35 insertions, 0 deletions
diff --git a/sql/sql_reload.cc b/sql/sql_reload.cc index 5b4600ece9a..76fb9819fd5 100644 --- a/sql/sql_reload.cc +++ b/sql/sql_reload.cc @@ -416,6 +416,14 @@ bool reload_acl_and_cache(THD *thd, unsigned long long options, { if (reinit_ssl()) result= 1; +#ifdef WITH_WSREP + if (!result && + WSREP_ON && wsrep_reload_ssl()) + { + my_message(ER_UNKNOWN_ERROR, "Failed to refresh WSREP SSL.", MYF(0)); + result= 1; + } +#endif } if (options & REFRESH_GENERIC) { diff --git a/sql/wsrep_mysqld.cc b/sql/wsrep_mysqld.cc index 0338d7ad054..0f0ef95492b 100644 --- a/sql/wsrep_mysqld.cc +++ b/sql/wsrep_mysqld.cc @@ -1249,6 +1249,32 @@ exit: return fail; } +bool wsrep_reload_ssl() +{ + try + { + std::string opts= Wsrep_server_state::instance().provider().options(); + if (opts.find("socket.ssl_reload") == std::string::npos) + { + WSREP_DEBUG("Option `socket.ssl_reload` not found in parameters."); + return false; + } + const std::string reload_ssl_param("socket.ssl_reload=1"); + enum wsrep::provider::status ret= Wsrep_server_state::instance().provider().options(reload_ssl_param); + if (ret) + { + WSREP_ERROR("Set options returned %d", ret); + return true; + } + return false; + } + catch (...) + { + WSREP_ERROR("Failed to get provider options"); + return true; + } +} + /*! * @param db Database string * @param table Table string diff --git a/sql/wsrep_mysqld.h b/sql/wsrep_mysqld.h index 0b245ea11cb..db6910030c8 100644 --- a/sql/wsrep_mysqld.h +++ b/sql/wsrep_mysqld.h @@ -214,6 +214,7 @@ extern void wsrep_last_committed_id (wsrep_gtid_t* gtid); extern int wsrep_check_opts(); extern void wsrep_prepend_PATH (const char* path); extern bool wsrep_append_fk_parent_table(THD* thd, TABLE_LIST* table, wsrep::key_array* keys); +extern bool wsrep_reload_ssl(); /* Other global variables */ extern wsrep_seqno_t wsrep_locked_seqno; |