MDEV-29811 server advertises ssl even if it's unusable.

Abort startup, if SSL setup fails.
Also, for the server always check that certificate matches private key
(even if ssl_cert is not set, OpenSSL will try to use default one)

2 files changed, 20 insertions, 0 deletions

diff --git a/mysql-test/main/bad_startup_options.result b/mysql-test/main/bad_startup_options.result
new file mode 100644
index 00000000000..72c05cf5235
--- /dev/null
+++ b/mysql-test/main/bad_startup_options.result
@@ -0,0 +1 @@
+FOUND 1 /\[ERROR\] SSL error: Unable to get certificate/ in errorlog.err
diff --git a/mysql-test/main/bad_startup_options.test b/mysql-test/main/bad_startup_options.test
new file mode 100644
index 00000000000..bd0b6283854
--- /dev/null
+++ b/mysql-test/main/bad_startup_options.test
@@ -0,0 +1,19 @@
+--source include/not_embedded.inc
+--source include/have_ssl_communication.inc
+
+--source include/shutdown_mysqld.inc
+
+# Try to start the server, with bad values for some options.
+# Make sure, the starts fails, and expected message is in the error log
+
+--let errorlog=$MYSQL_TMP_DIR/errorlog.err
+--let SEARCH_FILE=$errorlog
+
+# Bad ssl-cert
+--error 1
+--exec $MYSQLD --defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf --ssl-cert=bad --log-error=$errorlog
+--let SEARCH_PATTERN=\[ERROR\] SSL error: Unable to get certificate
+--source include/search_pattern_in_file.inc
+--remove_file $SEARCH_FILE
+
+--source include/start_mysqld.inc