5252#include " util/NodeCertificate.hpp"
5353#include " util/SocketServer.hpp"
5454#include " util/TlsKeyErrors.h"
55+ #include " util/TlsKeyManager.hpp"
5556
5657/* On Win32 applink.c must be included in one compilation unit */
5758#ifdef _WIN32
@@ -115,6 +116,7 @@ static struct my_option sign_keys_options[] =
115116 NdbStdOpt::connect_retries,
116117 NdbStdOpt::connect_retry_delay,
117118 NdbStdOpt::tls_search_path,
119+ NdbStdOpt::mgm_tls,
118120 { " config-file" ' f' " Read cluster configuration from file"
119121 &opt_ndb_config_file, nullptr , nullptr , GET_STR, REQUIRED_ARG,
120122 0 , 0 , 0 , nullptr , 0 , nullptr },
@@ -438,7 +440,7 @@ Config * read_configuration(const char * config_file) {
438440 return parser.parseConfig (config_file);
439441}
440442
441- Config * fetch_configuration () {
443+ Config * fetch_configuration (SSL_CTX * ctx ) {
442444 ndb_mgm_configuration* conf = 0 ;
443445
444446 NdbMgmHandle mgm = ndb_mgm_create_handle ();
@@ -447,6 +449,7 @@ Config * fetch_configuration() {
447449 return nullptr ;
448450 }
449451
452+ ndb_mgm_set_ssl_ctx (mgm, ctx);
450453 ndb_mgm_set_error_stream (mgm, stderr);
451454
452455 if (ndb_mgm_set_connectstring (mgm, opt_ndb_connectstring)) {
@@ -457,7 +460,9 @@ Config * fetch_configuration() {
457460 goto noconnect;
458461 }
459462
460- if (ndb_mgm_connect (mgm, opt_connect_retries - 1 , opt_connect_retry_delay, 1 ))
463+ if (ndb_mgm_connect_tls (mgm,
464+ opt_connect_retries - 1 , opt_connect_retry_delay, 1 ,
465+ opt_mgm_tls))
461466 {
462467 ndberr << " Connect failed, code: " ndb_mgm_get_latest_error (mgm)
463468 << " , msg: " ndb_mgm_get_latest_error_msg (mgm) << endl;
@@ -880,6 +885,8 @@ const NodeCertificate * sign_key(const SigningRequest *, stack_st_X509 * CA,
880885
881886int main (int argc, char ** argv) {
882887 PkiFile::PathName csr_file, ca_key_file, ca_cert_file;
888+ TlsKeyManager keyManager;
889+ SSL_CTX * ctx = nullptr ;
883890 EVP_PKEY * ca_key = nullptr ;
884891 stack_st_X509 * ca_certs = nullptr ;
885892 int rs = 0 ;
@@ -896,6 +903,10 @@ int main(int argc, char** argv) {
896903 if (! check_options ())
897904 return fatal_error_invalid_options ();
898905
906+ /* Try to init TlsKeyManager. */
907+ keyManager.init_mgm_client (opt_tls_search_path);
908+ ctx = keyManager.ctx ();
909+
899910 /* Main search path and destination directory */
900911 TlsSearchPath * search_path = new TlsSearchPath (opt_tls_search_path);
901912 const char * write_dir = nullptr ;
@@ -1004,7 +1015,7 @@ int main(int argc, char** argv) {
10041015
10051016 /* (6) Obtain cluster configuration from file or mgmd */
10061017 Config * conf = opt_ndb_config_file ?
1007- read_configuration (opt_ndb_config_file) : fetch_configuration ();
1018+ read_configuration (opt_ndb_config_file) : fetch_configuration (ctx );
10081019 if (conf == nullptr ) return fatal_error_cannot_read_config ();
10091020
10101021 /* (7) Generate node keys and certificates for this host, per config */
0 commit comments