From 9c6ec5e6c9629706d522129e146e0d4d09d73ceb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Mon, 20 May 2019 20:15:36 +0300
Subject: [PATCH] MXS-2483: Re-configuring SSL for servers is an error

Since listeners cannot be reconfigured, we can accept this limitation and
impose it on the servers as well. This keeps the behavior consistent and
removes the need to resolve the deletion issue (for the time being).
---
 server/core/config_runtime.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/core/config_runtime.cc b/server/core/config_runtime.cc
index 32a654178..adb3883ed 100644
--- a/server/core/config_runtime.cc
+++ b/server/core/config_runtime.cc
@@ -434,7 +434,11 @@ bool runtime_enable_server_ssl(Server* server,
 {
     bool rval = false;
 
-    if (key && cert && ca)
+    if (server->ssl_context())
+    {
+        config_runtime_error("Server '%s' already configured to use SSL.", server->name());
+    }
+    else if (key && cert && ca)
     {
         std::lock_guard<std::mutex> guard(crt_lock);
         mxs::SSLContext* ssl = create_ssl(server->name(), key, cert, ca, version, depth, verify);