Merge branch '2.3' into 2.4

2020-01-29 14:38:29 +02:00 · 2020-01-29 14:38:29 +02:00 · 043df59ffa
commit 043df59ffa
parent a311613935 f53faba795
3 changed files with 37 additions and 19 deletions
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@ -2064,11 +2064,14 @@ larger than 0.

 ### `ssl_verify_peer_certificate`

-Peer certificate verification. This functionality is enabled by default.
+Peer certificate verification. This functionality is disabled by default. In
+versions prior to 2.3.17 the feature was enabled by default.

-When this feature is enabled, the certificate sent by the peer is verified
-against the configured Certificate Authority. If you are using self-signed
-certificates, set `ssl_verify_peer_certificate=false`.
+When this feature is enabled, the peer must send a certificate. The certificate
+sent by the peer is verified against the configured Certificate Authority to
+make sure the peer is who they claim to be. For listeners, this behaves as if
+`REQUIRE X509` was defined for all users. For servers, this behaves like the
+`--ssl-verify-server-cert` command line option for the `mysql` client.

 #### Example SSL enabled server configuration

--- a/connectors/cdc-connector/cdc_connector.cpp
+++ b/connectors/cdc-connector/cdc_connector.cpp
@ -170,7 +170,7 @@ void Closer<int>::close(int fd)
 namespace CDC
 {

-const char* const TIMEOUT  = "Request timed out";
+const char* const TIMEOUT = "Request timed out";

 /**
 * Public functions
@ -449,21 +449,36 @@ SRow Connection::read()
    SRow rval;
    std::string row;

-    if (read_row(row))
+    while (true)
    {
-        json_error_t err;
-        json_t* js = json_loads(row.c_str(), JSON_ALLOW_NUL, &err);
+        if (read_row(row))
+        {
+            json_error_t err;
+            json_t* js = json_loads(row.c_str(), JSON_ALLOW_NUL, &err);

-        if (js)
-        {
-            rval = process_row(js);
-            json_decref(js);
-        }
-        else
-        {
-            m_error = "Failed to parse JSON: ";
-            m_error += err.text;
+            if (js)
+            {
+                if (is_schema(js))
+                {
+                    m_schema = row;
+                    process_schema(js);
+                    json_decref(js);
+                    continue;
+                }
+                else
+                {
+                    rval = process_row(js);
+                    json_decref(js);
+                }
+            }
+            else
+            {
+                m_error = "Failed to parse JSON: ";
+                m_error += err.text;
+            }
        }
+
+        break;
    }

    return rval;
--- a/server/core/config.cc
+++ b/server/core/config.cc
@ -488,7 +488,7 @@ const MXS_MODULE_PARAM config_listener_params[] =
    {
        CN_SSL_VERIFY_PEER_CERTIFICATE,
        MXS_MODULE_PARAM_BOOL,
-        "true"
+        "false"
    },
    {NULL}
 };
@ -702,7 +702,7 @@ const MXS_MODULE_PARAM config_server_params[] =
    {
        CN_SSL_VERIFY_PEER_CERTIFICATE,
        MXS_MODULE_PARAM_BOOL,
-        "true"
+        "false"
    },
    {
        CN_DISK_SPACE_THRESHOLD,