diff --git a/include/maxscale/server.h b/include/maxscale/server.h index 2fb6e4e77..0ecdac470 100644 --- a/include/maxscale/server.h +++ b/include/maxscale/server.h @@ -96,6 +96,10 @@ typedef struct server uint8_t charset; /**< Default server character set */ bool is_active; /**< Server is active and has not been "destroyed" */ bool created_online; /**< Whether this server was created after startup */ + struct + { + bool ssl_not_enabled; /**< SSL not used for an SSL enabled server */ + } log_warning; /**< Whether a specific warning was logged */ #if defined(SS_DEBUG) skygw_chk_t server_chk_tail; #endif diff --git a/server/core/mysql_utils.c b/server/core/mysql_utils.c index c7a4b66b3..ac467d602 100644 --- a/server/core/mysql_utils.c +++ b/server/core/mysql_utils.c @@ -171,6 +171,19 @@ MYSQL *mxs_mysql_real_connect(MYSQL *con, SERVER *server, const char *user, cons MY_CHARSET_INFO cs_info; mysql_get_character_set_info(mysql, &cs_info); server->charset = cs_info.number; + + if (listener && mysql_get_ssl_cipher(con) == NULL) + { + if (server->log_warning.ssl_not_enabled) + { + server->log_warning.ssl_not_enabled = false; + MXS_ERROR("An encrypted connection to '%s' could not be created, " + "ensure that TLS is enabled on the target server.", + server->unique_name); + } + // Don't close the connection as it is closed elsewhere, just set to NULL + mysql = NULL; + } } return mysql; diff --git a/server/core/server.c b/server/core/server.c index 744e0d931..d6db003de 100644 --- a/server/core/server.c +++ b/server/core/server.c @@ -140,6 +140,9 @@ SERVER* server_alloc(const char *name, const char *address, unsigned short port, server->created_online = false; server->charset = SERVER_DEFAULT_CHARSET; + // Log all warnings once + memset(&server->log_warning, 1, sizeof(server->log_warning)); + spinlock_acquire(&server_spin); server->next = allServers; allServers = server;