From 405b10ad50d5e55046a9a136e2511c50d5b6611e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Mon, 17 Feb 2020 16:44:06 +0200
Subject: [PATCH] Fix server TLS regression

The code in 2.3 was changed to allow "empty" SSL definitions now that the
system CA is used. The code in 2.4 did not allow this which caused non-TLS
connections to be created when only ssl=true was defined.
---
 server/core/mysql_utils.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/core/mysql_utils.cc b/server/core/mysql_utils.cc
index 05024cda7..12545b34e 100644
--- a/server/core/mysql_utils.cc
+++ b/server/core/mysql_utils.cc
@@ -36,8 +36,8 @@
 MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, const char* passwd)
 {
     auto ssl = server->ssl().config();
-    bool have_ssl = ssl && !ssl->empty();
-    if (have_ssl)
+
+    if (ssl)
     {
         char enforce_tls = 1;
         mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE, (void*)&enforce_tls);
@@ -89,7 +89,7 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
         /** Copy the server charset */
         server->charset = mxs_mysql_get_character_set(mysql);
 
-        if (have_ssl && mysql_get_ssl_cipher(con) == NULL)
+        if (ssl && mysql_get_ssl_cipher(con) == NULL)
         {
             if (server->warn_ssl_not_enabled)
             {