Support certificate and private key per backend server

[w32-blaster]

Currently the parameters mysql-ssl_p2s_cert and mysql-ssl_p2s_key are gloval variables.
This works fine if the certificate and key is shared across the replication group (writer + additional replicas).

In GCP when using cloudsql and multiple replicas, each instance has its own ca, certificate and key.
This makes the connection through TLS impossible because we can only set certificate once for everything (ca is probably good because we have to option to set capath with multiple ca certificates).

With the above configuration (as expected) we get the following errors on the replicas:

mysql> select * from mysql_server_ping_log;;
+--------------+------+------------------+----------------------+----------------------------------------------+
| hostname     | port | time_start_us    | ping_success_time_us | ping_error                                   |
+--------------+------+------------------+----------------------+----------------------------------------------+
| 10.200.17.10 | 3306 | 1702674162555450 | 0                    | SSL connection error: tlsv1 alert unknown ca |
| 10.200.17.2  | 3306 | 1702674167549303 | 400                  | NULL                                         |
| 10.200.17.6  | 3306 | 1702674167549348 | 0                    | SSL connection error: tlsv1 alert unknown ca |
| 10.200.17.10 | 3306 | 1702674167549323 | 0                    | SSL connection error: tlsv1 alert unknown ca |
| 10.200.17.8  | 3306 | 1702674167555705 | 0                    | SSL connection error: tlsv1 alert unknown ca |

[kuzmik]

We'd really like this as well!

[shameemshah]

I'm also encountering with the same issue. Any guidance or help would be greatly appreciated.

[kuzmik]

It's been released as part of 2.6.0!

Added new feature mysql_servers_ssl_params #4458

• Allows overriding the global SSL parameters in a per-host basis.
• Introduces new configuration table mysql_servers_ssl_params.