WL#15524 Patch #3 Use TLS for upgraded transporter

jdduncan · jdduncan · commit 959e3f64f0d1 · 2023-07-21T10:00:36.000-07:00
Add the final bit of code into TransporterRegsitry to start TLS
before transporter upgrade, and update the MTR test results.

The tls_required and tls_off_certs tests will show TLS in use
for transporter connections to MGMD.

Change-Id: I2683447c02b27e498873fee77e0382c609a477cd
diff --git a/mysql-test/suite/ndb_tls/tls_off_certs.result b/mysql-test/suite/ndb_tls/tls_off_certs.result
@@ -2,12 +2,13 @@ SELECT * FROM ndbinfo.certificates order by Node_id;
 Node_id	Name	Expires	Serial
 1	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
 2	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
+3	NDB Management Node Mar 2023	19-Apr-2024	20:70:03:B8:BE:5F:C7:FB:A8
 SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters
 WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;
 node_id	remote_node_id	encrypted
 1	2	0
-1	3	0
+1	3	1
 1	51	0
 2	1	0
-2	3	0
+2	3	1
 2	51	0
diff --git a/mysql-test/suite/ndb_tls/tls_required.result b/mysql-test/suite/ndb_tls/tls_required.result
@@ -2,17 +2,18 @@ SELECT * FROM ndbinfo.certificates order by Node_id;
 Node_id	Name	Expires	Serial
 1	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
 2	NDB Data Node Mar 2023	19-Apr-2024	B7:15:32:D5:AE:FF:C7:E1:E2
+3	NDB Management Node Mar 2023	19-Apr-2024	20:70:03:B8:BE:5F:C7:FB:A8
 51	NDB Node Mar 2023	19-Apr-2024	7B:A8:13:FB:D8:42:8E:A3:C9
 52	NDB Node Mar 2023	19-Apr-2024	7B:A8:13:FB:D8:42:8E:A3:C9
 SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters
 WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;
 node_id	remote_node_id	encrypted
 1	2	1
-1	3	0
+1	3	1
 1	51	1
 1	52	1
 2	1	1
-2	3	0
+2	3	1
 2	51	1
 2	52	1
 Use test;
diff --git a/mysql-test/suite/ndb_tls/tls_required.test b/mysql-test/suite/ndb_tls/tls_required.test
@@ -26,7 +26,7 @@
 #
 SELECT * FROM ndbinfo.certificates order by Node_id;
 
-## Expect 6 encrypted links, plus two unencrypted links to node 3
+## Expect 8 encrypted links
 #
 SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters
 WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;
diff --git a/storage/ndb/src/common/transporter/TransporterRegistry.cpp b/storage/ndb/src/common/transporter/TransporterRegistry.cpp
@@ -3847,6 +3847,13 @@ NdbSocket TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)
     DBUG_RETURN(NdbSocket());  // an invalid socket, newly created on the stack
   }
 
+  /* Before converting, try to start TLS. */
+  if(m_tls_keys.ctx())
+  {
+    (void) ndb_mgm_set_ssl_ctx(*h, m_tls_keys.ctx());
+    (void) ndb_mgm_start_tls(*h);
+  }
+
   if (!report_dynamic_ports(*h))
   {
     ndb_mgm_destroy_handle(h);

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@`
`26`	`26`	`#`
`27`	`27`	`SELECT * FROM ndbinfo.certificates order by Node_id;`
`28`	`28`
`29`		`-## Expect 6 encrypted links, plus two unencrypted links to node 3`
	`29`	`+## Expect 8 encrypted links`
`30`	`30`	`#`
`31`	`31`	`SELECT node_id, remote_node_id, encrypted from ndbinfo.transporters`
`32`	`32`	`WHERE status = 'CONNECTED' ORDER BY node_id, remote_node_id;`
Original file line number	Diff line number	Diff line change
`@@ -3847,6 +3847,13 @@ NdbSocket TransporterRegistry::connect_ndb_mgmd(NdbMgmHandle *h)`
`3847`	`3847`	`DBUG_RETURN(NdbSocket()); // an invalid socket, newly created on the stack`
`3848`	`3848`	`}`
`3849`	`3849`
	`3850`	`+ /* Before converting, try to start TLS. */`
	`3851`	`+ if(m_tls_keys.ctx())`
	`3852`	`+ {`
	`3853`	`+ (void) ndb_mgm_set_ssl_ctx(*h, m_tls_keys.ctx());`
	`3854`	`+ (void) ndb_mgm_start_tls(*h);`
	`3855`	`+ }`
	`3856`	`+`
`3850`	`3857`	`if (!report_dynamic_ports(*h))`
`3851`	`3858`	`{`
`3852`	`3859`	`ndb_mgm_destroy_handle(h);`