From c0e20137ee85d0386709db8cf650b265c7395a74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Tue, 4 Feb 2020 09:39:23 +0200
Subject: [PATCH 1/4] MXS-2871: Fix postrm script

The script used the wrong command to stop the service. Added the missing
disable that mirrors the enable in the postinst script.
---
 etc/postrm.in | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/etc/postrm.in b/etc/postrm.in
index 5e477037e..a11ffb66d 100755
--- a/etc/postrm.in
+++ b/etc/postrm.in
@@ -17,11 +17,13 @@ then
 
     if [ -f /usr/lib/systemd/system/maxscale.service ]
     then
-        systemd stop maxscale.service
+        systemctl stop maxscale.service
+        systemctl disable maxscale.service
         rm /usr/lib/systemd/system/maxscale.service
     elif [ -f /lib/systemd/system/maxscale.service ]
     then
-        systemd stop maxscale.service
+        systemctl stop maxscale.service
+        systemctl disable maxscale.service
         rm /lib/systemd/system/maxscale.service
     fi
 

From 21989f7a160f294043257893614d10d8daa4fdfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Wed, 5 Feb 2020 15:31:17 +0200
Subject: [PATCH 2/4] MXS-2777: Fix installation directory

The drop-in directory must be created in /etc.
---
 etc/postinst.in | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/etc/postinst.in b/etc/postinst.in
index d3bd4e947..7cc2435b2 100755
--- a/etc/postinst.in
+++ b/etc/postinst.in
@@ -46,15 +46,23 @@ then
     if [ -d "/lib/systemd/system"  ]
     then
         cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /lib/systemd/system
-        mkdir -p /lib/systemd/system/maxscale.service.d
         systemctl daemon-reload
     elif [ -d "/usr/lib/systemd/system"  ]
     then
         cp @CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/maxscale.service /usr/lib/systemd/system
-        mkdir -p /usr/lib/systemd/system/maxscale.service.d
         systemctl daemon-reload
     fi
 
+    # Remove old directories, mistakenly installed by a few versions
+    if [ -d /lib/systemd/system/maxscale.service.d ]
+    then
+        rmdir /lib/systemd/system/maxscale.service.d
+    elif  [ -d /usr/lib/systemd/system/maxscale.service.d ]
+    then
+        rmdir /lib/systemd/system/maxscale.service.d
+    fi
+
+    mkdir -p /etc/systemd/system/maxscale.service.d
     systemctl enable maxscale.service
 else
     if [ -d "/etc/init/" ] && [ -f "@CMAKE_INSTALL_PREFIX@/@MAXSCALE_SHAREDIR@/upstart/maxscale.conf" ]

From 98e6bdcd9092f96a70b86feb46e4c9407ca7b210 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Wed, 5 Feb 2020 17:32:12 +0200
Subject: [PATCH 3/4] MXS-2878: Enforce TLS for Connector-C connections

Connector-C connections now require TLS if the servers are configured with
it.
---
 server/core/mysql_utils.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/core/mysql_utils.cc b/server/core/mysql_utils.cc
index 34d3afe6b..6042c669b 100644
--- a/server/core/mysql_utils.cc
+++ b/server/core/mysql_utils.cc
@@ -174,6 +174,9 @@ MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, cons
 
     if (listener)
     {
+        char enforce_tls = 1;
+        mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE, (void*)&enforce_tls);
+
         mysql_ssl_set(con, listener->ssl_key, listener->ssl_cert, listener->ssl_ca_cert, NULL, NULL);
     }
 

From 39cf6a800074fa90976bfce8d4971d93437d03d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Thu, 6 Feb 2020 10:09:39 +0200
Subject: [PATCH 4/4] MXS-2860: Update last_read only on successful reads

This prevents empty or failed reads from updating the last_read flag which
in turn gives us the correct connection idle time when network errors
occur.
---
 server/core/dcb.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/core/dcb.cc b/server/core/dcb.cc
index a60149d5f..27abc23f8 100644
--- a/server/core/dcb.cc
+++ b/server/core/dcb.cc
@@ -635,11 +635,11 @@ int dcb_read(DCB* dcb,
         else
         {
             GWBUF* buffer;
-            dcb->last_read = mxs_clock();
 
             buffer = dcb_basic_read(dcb, bytes_available, maxbytes, nreadtotal, &nsingleread);
             if (buffer)
             {
+                dcb->last_read = mxs_clock();
                 nreadtotal += nsingleread;
                 MXS_DEBUG("Read %d bytes from dcb %p in state %s fd %d.",
                           nsingleread,
@@ -789,19 +789,19 @@ static int dcb_read_SSL(DCB* dcb, GWBUF** head)
         dcb_drain_writeq(dcb);
     }
 
-    dcb->last_read = mxs_clock();
     buffer = dcb_basic_read_SSL(dcb, &nsingleread);
     if (buffer)
     {
+        dcb->last_read = mxs_clock();
         nreadtotal += nsingleread;
         *head = gwbuf_append(*head, buffer);
 
         while (buffer)
         {
-            dcb->last_read = mxs_clock();
             buffer = dcb_basic_read_SSL(dcb, &nsingleread);
             if (buffer)
             {
+                dcb->last_read = mxs_clock();
                 nreadtotal += nsingleread;
                 /*< Append read data to the gwbuf */
                 *head = gwbuf_append(*head, buffer);