Merge branch '2.3' into 2.4

server/core/ssl.cc

@@ -245,7 +245,7 @@ bool SSLContext::init()
 
 
     case SERVICE_TLS11:
-#ifdef OPENSSL_1_0
+#if defined (OPENSSL_1_0) || defined (OPENSSL_1_1)
         m_method = (SSL_METHOD*)TLSv1_1_method();
 #else
         MXS_ERROR("TLSv1.1 is not supported on this system.");
@@ -254,7 +254,7 @@ bool SSLContext::init()
         break;
 
     case SERVICE_TLS12:
-#ifdef OPENSSL_1_0
+#if defined (OPENSSL_1_0) || defined (OPENSSL_1_1)
         m_method = (SSL_METHOD*)TLSv1_2_method();
 #else
         MXS_ERROR("TLSv1.2 is not supported on this system.");
@@ -340,7 +340,7 @@ bool SSLContext::init()
     /* Load the CA certificate into the SSL_CTX structure */
     if (!SSL_CTX_load_verify_locations(m_ctx, m_cfg.ca.c_str(), NULL))
     {
-        MXS_ERROR("Failed to set Certificate Authority file");
+        MXS_ERROR("Failed to set Certificate Authority file: %s", get_ssl_errors());
         return false;
     }
 

server/modules/authenticator/MariaDBAuth/dbusers.cc

@@ -77,7 +77,7 @@ const char* mariadb_102_users_query =
     "), users AS ("
     // Select the root row, the actual user
     "  SELECT t.user, t.host, t.db, t.select_priv, t.password, t.default_role AS role FROM t"
-    "  WHERE t.is_role <> 'Y'"
+    "  WHERE t.is_role = 'N'"
     "  UNION"
     // Recursively select all roles for the users
     "  SELECT u.user, u.host, t.db, t.select_priv, u.password, r.role FROM t"
@@ -85,6 +85,7 @@ const char* mariadb_102_users_query =
     "  ON (t.user = u.role)"
     "  LEFT JOIN mysql.roles_mapping AS r"
     "  ON (t.user = r.user)"
+    "  WHERE t.is_role = 'Y'"
     ")"
     "SELECT DISTINCT t.user, t.host, t.db, t.select_priv, t.password FROM users AS t %s";