From c3b016efde4b1e0c2b85ca26c814ad43f5611ab2 Mon Sep 17 00:00:00 2001
From: mkaruza <mario.karuza@galeracluster.com>
Date: Fri, 5 Feb 2021 11:06:25 +0100
Subject: MDEV-22668: "Flush SSL" command doesn't reload wsrep cert
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Trigger `socket.ssl_reload` when FLUSH SSL is issued. To triger reloading
of certificate, key and CA, files needs to be physically changed.

Reviewed-by: Jan Lindström <jan.lindstrom@mariadb.com>
---
 sql/wsrep_mysqld.cc | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'sql/wsrep_mysqld.cc')

diff --git a/sql/wsrep_mysqld.cc b/sql/wsrep_mysqld.cc
index 0338d7ad054..0f0ef95492b 100644
--- a/sql/wsrep_mysqld.cc
+++ b/sql/wsrep_mysqld.cc
@@ -1249,6 +1249,32 @@ exit:
     return fail;
 }
 
+bool wsrep_reload_ssl()
+{
+  try
+  {
+    std::string opts= Wsrep_server_state::instance().provider().options();
+    if (opts.find("socket.ssl_reload") == std::string::npos)
+    {
+      WSREP_DEBUG("Option `socket.ssl_reload` not found in parameters.");
+      return false;
+    }
+    const std::string reload_ssl_param("socket.ssl_reload=1");
+    enum wsrep::provider::status ret= Wsrep_server_state::instance().provider().options(reload_ssl_param);
+    if (ret)
+    {
+      WSREP_ERROR("Set options returned %d", ret);
+      return true;
+    }
+    return false;
+  }
+  catch (...)
+  {
+    WSREP_ERROR("Failed to get provider options");
+    return true;
+  }
+}
+
 /*!
  * @param db      Database string
  * @param table   Table string
-- 
cgit v1.2.1