From f523fe711662824fdb8ab369ef3e069703ebc317 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= <jan.lindstrom@galeracluster.com>
Date: Wed, 13 Nov 2024 12:58:18 +0200
Subject: [PATCH] MDEV-34738 : Upgrade 10.11>11.4 fails when
 wsrep_provider_options socket.ssl_cipher is set

Problem was in Galera library where wsrep_provider socket.ssl_cipher
parameter was defined as type_bool when it should have been string
type.

Therefore, this test requires Galera library version 26.4.21 where
fix is. Here we just verify that we can upgrade ssl parameters
so that socket.cipher = AES256-SHA and we use OpenSSL.
---
 .../suite/galera/r/galera_ssl_cipher.result   | 30 +++++++
 .../suite/galera/t/galera_ssl_cipher.cnf      | 11 +++
 .../suite/galera/t/galera_ssl_cipher.test     | 83 +++++++++++++++++++
 3 files changed, 124 insertions(+)
 create mode 100644 mysql-test/suite/galera/r/galera_ssl_cipher.result
 create mode 100644 mysql-test/suite/galera/t/galera_ssl_cipher.cnf
 create mode 100644 mysql-test/suite/galera/t/galera_ssl_cipher.test

diff --git a/mysql-test/suite/galera/r/galera_ssl_cipher.result b/mysql-test/suite/galera/r/galera_ssl_cipher.result
new file mode 100644
index 0000000000000..76c459b9546d4
--- /dev/null
+++ b/mysql-test/suite/galera/r/galera_ssl_cipher.result
@@ -0,0 +1,30 @@
+connection node_2;
+connection node_1;
+# Correct Galera library found
+connection node_1;
+connection node_2;
+connection node_1;
+connection node_2;
+SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment';
+VARIABLE_VALUE = 'Synced'
+1
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+VARIABLE_VALUE = 2
+1
+connection node_1;
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+VARIABLE_VALUE = 2
+1
+connection node_2;
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+VARIABLE_VALUE = 2
+1
+connection node_1;
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+VARIABLE_VALUE = 2
+1
+connection node_2;
+connection node_1;
+call mtr.add_suppression("WSREP: write_handler\\(\\)");
+connection node_2;
+call mtr.add_suppression("WSREP: write_handler\\(\\)");
diff --git a/mysql-test/suite/galera/t/galera_ssl_cipher.cnf b/mysql-test/suite/galera/t/galera_ssl_cipher.cnf
new file mode 100644
index 0000000000000..dff9c96afbb09
--- /dev/null
+++ b/mysql-test/suite/galera/t/galera_ssl_cipher.cnf
@@ -0,0 +1,11 @@
+!include ../galera_2nodes.cnf
+
+[mysqld]
+loose-galera-ssl-cipher=1
+wsrep-debug=1
+
+[mysqld.1]
+wsrep_provider_options='base_port=@mysqld.1.#galera_port;socket.ssl=yes;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;cert.log_conflicts=YES'
+
+[mysqld.2]
+wsrep_provider_options='base_port=@mysqld.2.#galera_port;socket.ssl=yes;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;cert.log_conflicts=YES'
diff --git a/mysql-test/suite/galera/t/galera_ssl_cipher.test b/mysql-test/suite/galera/t/galera_ssl_cipher.test
new file mode 100644
index 0000000000000..555925e13c849
--- /dev/null
+++ b/mysql-test/suite/galera/t/galera_ssl_cipher.test
@@ -0,0 +1,83 @@
+#
+# Test upgrading the SSL chipher
+#
+
+--source include/galera_cluster.inc
+--source include/have_innodb.inc
+--source include/have_ssl_communication.inc
+--source include/have_openssl.inc
+--source include/force_restart.inc
+
+#
+# Lowest supported Galera library version
+#
+--let $galera_version=26.4.21
+source ../wsrep/include/check_galera_version.inc;
+
+# Save original auto_increment_offset values.
+--let $node_1=node_1
+--let $node_2=node_2
+--source include/auto_increment_offset_save.inc
+
+# Setup galera ports
+--connection node_1
+--source suite/galera/include/galera_base_port.inc
+--let $NODE_GALERAPORT_1 = $_NODE_GALERAPORT
+
+--connection node_2
+--source suite/galera/include/galera_base_port.inc
+--let $NODE_GALERAPORT_2 = $_NODE_GALERAPORT
+
+SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment';
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+
+# 2. Restart node #1 with a socket.ssl_cipher
+
+--connection node_1
+--source include/shutdown_mysqld.inc
+--let $restart_noprint = 1
+--let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-key.pem;socket.ssl_cipher=AES256-SHA
+--source include/start_mysqld.inc
+--source include/wait_until_connected_again.inc
+
+--let $wait_condition = SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment';
+--source include/wait_condition.inc
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+
+# 3. Restart node #2 with the new socket.ssl_ca , socket.ssl_cert, socket.ssl_key and socket.ssl_cipher
+
+--connection node_2
+--source include/shutdown_mysqld.inc
+--let $start_mysqld_params = --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-key.pem;socket.ssl_cipher=AES256-SHA
+--source include/start_mysqld.inc
+--source include/wait_until_connected_again.inc
+
+--let $wait_condition = SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment';
+--source include/wait_condition.inc
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+
+# 4. Restart node #1 with the new socket.ssl_ca , socket.ssl_cert, socket.ssl_key and socket.ssl_cipher
+
+--connection node_1
+--source include/shutdown_mysqld.inc
+--let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-key.pem;socket.ssl_cipher=AES256-SHA
+--source include/start_mysqld.inc
+--source include/wait_until_connected_again.inc
+
+--let $wait_condition = SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_local_state_comment';
+--source include/wait_condition.inc
+SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+
+# 5. Make sure node_2 is ready as well
+--connection node_2
+--source include/galera_wait_ready.inc
+
+# Upgrade complete. Both nodes now use the new key and certificate
+
+# Restore original auto_increment_offset values.
+--source include/auto_increment_offset_restore.inc
+
+--connection node_1
+call mtr.add_suppression("WSREP: write_handler\\(\\)");
+--connection node_2
+call mtr.add_suppression("WSREP: write_handler\\(\\)");