• Julius Goryavsky's avatar
    MDEV-25719: stunnel uses "verifyChain" without subject checks · 8e280f30
    Julius Goryavsky authored
    Another batch of changes that should make the SST process
    more reliable in all scenarios:
    
     1) Added hostname or CN verification when stunnel is used
        with certificate chain verification (verifyChain = yes);
     2) Added check for the absence of the stunnel utility for
        mtr tests;
     3) Deletion of working files before and after SST is done
        more accurately;
     4) rsync on joiner can be run even if the path to its
        configuration file contains spaces;
     5) More accurate directory creation (for data files and
        for logs);
     6) IST with mysqldump no longer turns off statement logging;
     7) Reset password for mysqldump when password is empty but
        username is specified;
     8) More reliable quoting when generating statements in
        wsrep_sst_mysqldump;
     9) Added explicit generation of 2048-bit Diffie-Hellman
        parameters for sockat < 1.7.3, by analogy with xtrabackup;
    10) Compression parameters for qpress are read from all
        suitable server groups in configuration file, as well as
        from the [sst] and [xtrabackup] groups;
    11) Added a test that checks compression using qpress;
    12) Checking for optional utilities is modified to work even
        if they implemented as built-in shell commands (unlikely
        on real systems, but more reliable).
    8e280f30
suite.pm 4.37 KB