MDEV-28233: rsync SST script silently runs unencrypted if stunnel is not installed#5264
MDEV-28233: rsync SST script silently runs unencrypted if stunnel is not installed#5264hemantdangi-gc wants to merge 1 commit into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request ensures that the rsync SST script (wsrep_sst_rsync.sh) aborts with an error instead of silently falling back to an unencrypted transfer when SSL encryption is requested but the stunnel binary is missing. It also adds a new Galera MTR test to verify this behavior. The review feedback correctly points out that the test should not include 0 in the allowed exit codes when expecting mysqld to fail to start, as a successful startup (exit code 0) would represent a test failure.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
hemantdangi-gc
force-pushed
the
10.6-MDEV-28233
branch
from
9f4cf13 to
26074d2
Compare
janlindstrom
left a comment
janlindstrom
left a comment
There was a problem hiding this comment.
Please add changes for mariabackup also and use only one test case using .combinations file.
hemantdangi-gc
force-pushed
the
10.6-MDEV-28233
branch
from
26074d2 to
7bc4d2c
Compare
…not installed Issue: When ssl-mode required encryption but the means to perform it was missing, the SST scripts silently fell back to a cleartext transfer: - wsrep_sst_rsync: ran over plain TCP when the 'stunnel' binary was absent. - wsrep_sst_mariabackup: socat used a cleartext socket when ssl-mode was set but no usable cert/key was found (encrypt stayed 0). Solution: Abort the SST instead of falling back to an unencrypted transfer when ssl-mode is not DISABLED but encryption cannot be set up: - wsrep_sst_rsync: derive the implicit ssl-mode from the SSL config even when stunnel is absent, then abort with ENOENT if ssl-mode is active and the stunnel binary is not found. - wsrep_sst_mariabackup: after reading the SSL configuration, abort with EINVAL if ssl-mode is not DISABLED but encrypt resolved to 0 (no usable cert/key).
hemantdangi-gc
force-pushed
the
10.6-MDEV-28233
branch
from
7bc4d2c to
067941f
Compare
3 participants
MDEV-28233: rsync SST script silently runs unencrypted if stunnel is not installed
Issue:
When ssl-mode required encryption but the means to perform it was missing,
the SST scripts silently fell back to a cleartext transfer:
but no usable cert/key was found (encrypt stayed 0).
Solution:
Abort the SST instead of falling back to an unencrypted transfer when
ssl-mode is not DISABLED but encryption cannot be set up:
wsrep_sst_rsync: derive the implicit ssl-mode from the SSL config even
when stunnel is absent, then abort with ENOENT if ssl-mode is active
and the stunnel binary is not found.
wsrep_sst_mariabackup: after reading the SSL configuration, abort with
EINVAL if ssl-mode is not DISABLED but encrypt resolved to 0 (no usable
cert/key).