MXS-1553: Enforce SSL usage for monitors

If a server is configured to use SSL, then MaxScale should respect the
configuration and refuse to use a connection that is not encrypted.

include/maxscale/server.h

@@ -96,6 +96,10 @@ typedef struct server
     uint8_t        charset;        /**< Default server character set */
     bool           is_active;      /**< Server is active and has not been "destroyed" */
     bool           created_online; /**< Whether this server was created after startup */
+    struct
+    {
+        bool ssl_not_enabled; /**< SSL not used for an SSL enabled server */
+    } log_warning; /**< Whether a specific warning was logged */
 #if defined(SS_DEBUG)
     skygw_chk_t    server_chk_tail;
 #endif

server/core/mysql_utils.c

@@ -171,6 +171,19 @@ MYSQL *mxs_mysql_real_connect(MYSQL *con, SERVER *server, const char *user, cons
         MY_CHARSET_INFO cs_info;
         mysql_get_character_set_info(mysql, &cs_info);
         server->charset = cs_info.number;
+
+        if (listener && mysql_get_ssl_cipher(con) == NULL)
+        {
+            if (server->log_warning.ssl_not_enabled)
+            {
+                server->log_warning.ssl_not_enabled = false;
+                MXS_ERROR("An encrypted connection to '%s' could not be created, "
+                          "ensure that TLS is enabled on the target server.",
+                          server->unique_name);
+            }
+            // Don't close the connection as it is closed elsewhere, just set to NULL
+            mysql = NULL;
+        }
     }
 
     return mysql;

server/core/server.c

@@ -140,6 +140,9 @@ SERVER* server_alloc(const char *name, const char *address, unsigned short port,
     server->created_online = false;
     server->charset = SERVER_DEFAULT_CHARSET;
 
+    // Log all warnings once
+    memset(&server->log_warning, 1, sizeof(server->log_warning));
+
     spinlock_acquire(&server_spin);
     server->next = allServers;
     allServers = server;