Fix backend SSL tests

Due to incorrect SSL certs copying to backend and wrong setting in
maxscale.cnf it was not possible to active backend SSL.
Additionally, one more maxscale restart added to 'sql_queries' test
to reproduce SSL bug in 2.4.1.
Also ssl.cnf tuned in order to reproduce SSL bug

maxscale-system-test/cnf/maxscale.cnf.template.ssl

@@ -6,7 +6,7 @@ log_warning=1
 type=monitor
 module=mysqlmon
 servers= server1, server2,server3  ,server4
-user=maxskysql
+user=skysql
 password= skysql
 
 [RW-Split-Router]

maxscale-system-test/cnf/maxscale.cnf.template.ssl_load

@@ -6,7 +6,7 @@ log_warning=1
 type=monitor
 module=mysqlmon
 servers= server1, server2,server3  ,server4
-user=maxskysql
+user=skysql
 password= skysql
 
 [RW-Split-Router]

maxscale-system-test/cnf/maxscale.cnf.template.ssl_load_galera

@@ -6,7 +6,7 @@ log_warning=1
 type=monitor
 module=galeramon
 servers=server1,server2,server3,server4
-user=maxskysql
+user=skysql
 password=skysql
 root_node_as_master=false
 

maxscale-system-test/create_user.sh

@@ -19,8 +19,6 @@ CREATE USER 'skysql'@'%' IDENTIFIED BY 'skysql';
 GRANT ALL ON *.* TO 'skysql'@'%' WITH GRANT OPTION;
 
 DROP USER IF EXISTS 'skysql'@'localhost';
-CREATE USER 'skysql'@'localhost' IDENTIFIED BY 'skysql';
-GRANT ALL ON *.* TO 'skysql'@'localhost' WITH GRANT OPTION;
 
 DROP USER IF EXISTS 'maxskysql'@'%';
 CREATE USER 'maxskysql'@'%' IDENTIFIED BY 'skysql';

maxscale-system-test/create_user_ssl.sh

@@ -3,6 +3,9 @@
 echo "DROP USER '$node_user'@'%'" | sudo mysql $1
 echo "grant all privileges on *.*  to '$node_user'@'%' identified by '$node_password' require ssl WITH GRANT OPTION"
 echo "grant all privileges on *.*  to '$node_user'@'%' identified by '$node_password' require ssl WITH GRANT OPTION" | sudo mysql $1
+echo "drop user '$node_user'@'localhost'" | sudo mysql $1
 
 echo "grant all privileges on *.*  to 'maxskysql'@'%' identified by 'skysql'  require ssl WITH GRANT OPTION" | sudo mysql $1
 echo "grant all privileges on *.*  to 'maxuser'@'%' identified by 'maxpwd'  require ssl WITH GRANT OPTION" | sudo mysql $1
+echo "grant all privileges on *.*  to 'maxskysql'@'localhost' identified by 'skysql'  require ssl WITH GRANT OPTION" | sudo mysql $1
+echo "grant all privileges on *.*  to 'maxuser'@'localhost' identified by 'maxpwd'  require ssl WITH GRANT OPTION" | sudo mysql $1

maxscale-system-test/mariadb_nodes.cpp

@@ -1182,8 +1182,11 @@ int Mariadb_nodes::configure_ssl(bool require)
         local_result += copy_to_node_legacy(str, (char*) "~/", i);
         sprintf(str, "%s/ssl.cnf", test_dir);
         local_result += copy_to_node_legacy(str, (char*) "~/", i);
-        local_result += ssh_node(i, (char*) "cp ~/ssl.cnf /etc/my.cnf.d/", true);
-        local_result += ssh_node(i, (char*) "cp -r ~/ssl-cert /etc/", true);
+        sprintf(str, "cp %s/ssl.cnf /etc/my.cnf.d/", access_homedir[i]);
+        local_result += ssh_node(i, str, true);
+
+        sprintf(str, "cp -r %s/ssl-cert /etc/", access_homedir[i]);
+        local_result += ssh_node(i, str, true);
         local_result += ssh_node(i, (char*) "chown mysql:mysql -R /etc/ssl-cert", true);
         start_node(i, (char*) "");
     }

maxscale-system-test/sql_queries.cpp

@@ -111,6 +111,9 @@ int main(int argc, char* argv[])
 
     Test->check_maxscale_alive(0);
 
+    Test->maxscales->restart_maxscale(0);
+    Test->check_maxscale_alive(0);
+
     int rval = Test->global_result;
     delete Test;
     return rval;

maxscale-system-test/testconnections.cpp

@@ -800,7 +800,7 @@ void TestConnections::process_template(int m, const char* template_name, const c
     if (backend_ssl)
     {
         tprintf("Adding ssl settings\n");
-        system("sed -i \"s|type=server|type=server\\nssl=required\\nssl_cert=/###access_homedir###/certs/client-cert.pem\\nssl_key=/###access_homedir###/certs/client-key.pem\\nssl_ca_cert=/###access_homedir###/certs/ca.pem|g\" maxscale.cnf");
+        system("sed -i \"s|type=server|type=server\\nssl=required\\nssl_cert=/###access_homedir###/certs/client-cert.pem\\nssl_key=/###access_homedir###/certs/client-key.pem\\nssl_ca_cert=/###access_homedir###/certs/ca.pem\\nssl_cert_verify_depth=9\\nssl_version=MAX|g\" maxscale.cnf");
     }
 
     sprintf(str, "sed -i \"s/###threads###/%d/\"  maxscale.cnf", threads);