From bff19eec79afce8a7ebccdf7dc74cdfbb3c04cbb Mon Sep 17 00:00:00 2001
From: Michal Schorm <mschorm@redhat.com>
Date: Tue, 4 Feb 2025 08:58:42 +0100
Subject: [PATCH] [SSL] Disable option that requires all connections to be SSL
 encrypted by default

The MariaDB C/C++ connector requires SSL connections by default since versin 3.4.0:
  https://mariadb.com/kb/en/mariadb-connector-c-3-4-0-release-notes/

However that was made possible by creation of 'zero configuration SSL':
  https://mariadb.org/mission-impossible-zero-configuration-ssl/
The first LTS that contains it is MariaDB 11.4

Before that the SSL still can be set up, but it requires significant configuration.

The version we currently have in this distribution is MariaDB 10.11.

In order for all utilities and associated software to still work 'out of the box',
without extensive SSL configurations setup, I decided to disable this option.

--

This option is supposed to be re-enabled when MariaDB >= 11.4 is introduced
as the default MariaDB major version in the distribution.

--

Resolves: RHEL-55985 RHEL-69271 RHEL-69269
---
 mariadb-connector-c.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mariadb-connector-c.spec b/mariadb-connector-c.spec
index d28eccd..352093a 100644
--- a/mariadb-connector-c.spec
+++ b/mariadb-connector-c.spec
@@ -7,7 +7,7 @@
 
 Name:           mariadb-connector-c
 Version:        3.4.3
-Release:        1%{?with_debug:.debug}%{?dist}
+Release:        10%{?with_debug:.debug}%{?dist}
 Summary:        The MariaDB Native Client library (C driver)
 License:        LGPL-2.1-or-later
 Source:         https://archive.mariadb.org/connector-c-%{version}/%{name}-%{version}-src.tar.gz
@@ -121,6 +121,8 @@ rm -r win win-iconv external/zlib
        -DWITH_SSL=OPENSSL \
        -DWITH_MYSQLCOMPAT=ON \
        -DPLUGIN_CLIENT_ED25519=DYNAMIC \
+\
+       -DDEFAULT_SSL_VERIFY_SERVER_CERT=OFF \
 \
        -DINSTALL_LAYOUT=RPM \
        -DINSTALL_BINDIR="bin" \
@@ -248,6 +250,9 @@ install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/my.cnf.d/client.cnf
 #      Need to ensure, that the testsuite will also run properly on 'fedpkg local' buid, not damaging the host machine
 
 %changelog
+* Tue Feb 04 2025 Michal Schorm <mschorm@redhat.com> - 3.4.3-10
+- Disable option that requires all connections to be SSL encrypted by default
+
 * Thu Jan 16 2025 Michal Schorm <mschorm@redhat.com> - 3.4.3-1
 - Rebase to 3.4.3