From 98e6bdcd9092f96a70b86feb46e4c9407ca7b210 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Wed, 5 Feb 2020 17:32:12 +0200
Subject: [PATCH] MXS-2878: Enforce TLS for Connector-C connections

Connector-C connections now require TLS if the servers are configured with
it.
---
 server/core/mysql_utils.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/core/mysql_utils.cc b/server/core/mysql_utils.cc
index 34d3afe6b..6042c669b 100644
--- a/server/core/mysql_utils.cc
+++ b/server/core/mysql_utils.cc
@@ -174,6 +174,9 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
 
     if (listener)
     {
+        char enforce_tls = 1;
+        mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE, (void*)&enforce_tls);
+
         mysql_ssl_set(con, listener->ssl_key, listener->ssl_cert, listener->ssl_ca_cert, NULL, NULL);
     }