2 files changed, 43 insertions, 5 deletions

diff --git a/mysql-test/lib/My/SafeProcess/safe_process.cc b/mysql-test/lib/My/SafeProcess/safe_process.cc
index d6110f5f8c8..feb3eb4df66 100644
--- a/mysql-test/lib/My/SafeProcess/safe_process.cc
+++ b/mysql-test/lib/My/SafeProcess/safe_process.cc
@@ -125,7 +125,7 @@ extern "C" void handle_abort(int sig)
     message("Got signal %d, child_pid: %d, sending ABRT", sig, child_pid);
 
     if (child_pid > 0) {
-	kill (-child_pid, SIGABRT);	// Don't wait for it to terminate
+	kill(-child_pid, SIGABRT);	// Don't wait for it to terminate
     }
 }
 
@@ -226,6 +226,18 @@ int main(int argc, char* const argv[] )
     sleep(1);
   }
 
+  /*
+    Child: Make this process it's own process group to be able to kill
+    it and any its children that hasn't changed a group themselves)
+
+    Parent: Detach from the parent's process group, so that killing a parent
+    group wouldn't kill us (if we're killed, there's no one to kill our child
+    processes that run in their own process group). There's a loop below
+    that monitors the parent, it's enough.
+  */
+  setpgid(0, 0);
+
+
   if (child_pid == 0)
   {
     close(pfd[0]); // Close unused read end
@@ -236,10 +248,6 @@ int main(int argc, char* const argv[] )
     signal(SIGHUP, SIG_DFL);
     signal(SIGCHLD, SIG_DFL);
 
-    // Make this process it's own process group to be able to kill
-    // it and any childs(that hasn't changed group themself)
-    setpgid(0, 0);
-
     if (nocore)
     {
       struct rlimit corelim = { 0, 0 };
diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh
new file mode 100755
index 00000000000..5dca21a755d
--- /dev/null
+++ b/mysql-test/lib/generate-ssl-certs.sh
@@ -0,0 +1,30 @@
+#/bin/sh -xe
+
+# simply run me from mysql-test/
+cd std_data/
+
+# boilerplace for "openssl ca" and /etc/ssl/openssl.cnf
+rm -rf demoCA
+mkdir demoCA demoCA/private demoCA/newcerts
+touch demoCA/index.txt
+echo 01 > demoCA/serial
+
+# CA certificate, self-signed
+openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text
+
+# server certificate signing request and private key. Note the very long subject (for MDEV-7859)
+openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/CN=localhost/C=FI/ST=state or province within country, in other certificates in this file it is the same as L/L=location, usually an address but often ambiguously used/OU=organizational unit name, a division name within an organization/O=organization name, typically a company name'
+# convert the key to yassl compatible format
+openssl rsa -in server-key.pem -out server-key.pem
+# sign the server certificate with CA certificate
+openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem
+
+openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/CN=server8k/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
+openssl rsa -in server8k-key.pem -out server8k-key.pem
+openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem
+
+openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/CN=client/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
+openssl rsa -in client-key.pem -out client-key.pem
+openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem
+
+rm -rf demoCA