MDEV-27181: Galera SST scripts should use ssl_capath for CA directory

1. Galera SST scripts should use ssl_capath (not ssl_ca) for CA
   directory. The current implementation tries to automatically
   detect the path using the trailing slash in the ssl_ca variable
   value, but this approach is not compatible with the server
   configuration. Now, by analogy with the server, SST scripts
   also use a separate ssl_capath variable. In addition, a similar
   tcapath variable has been added for the old-style configuration
   (in the "sst" section).
2. Openssl utility detection made more reliable.
3. Removed extra spaces in automatically generated command lines -
   to simplify debugging of the SST scripts.
4. In general, the code for detecting the presence or absence of
   auxiliary utilities has been improved - it is made more reliable
   in some configurations (and for shells other than bash).

mysql-test/std_data/capath/3106f582.0

@@ -0,0 +1 @@
+cacert.pem

mysql-test/std_data/capath/cacert.pem

@@ -0,0 +1,79 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d0:4d:23:85:ee:59:b3:fa
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
+ Validity
+ Not Before: Jan 27 10:11:10 2019 GMT
+ Not After : Jan 22 10:11:10 2039 GMT
+ Subject: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:e8:0e:a7:84:d3:75:30:06:30:b2:10:b9:d1:88:
+ 36:2b:5e:f8:c8:44:57:cb:67:72:ab:96:95:33:d5:
+ 88:d1:8f:23:50:98:ba:6d:20:00:80:bd:35:d5:c1:
+ bf:98:49:c4:0a:15:4a:34:a6:21:9b:2e:8c:15:09:
+ f0:63:81:02:c2:7c:e2:53:e0:f7:a1:1a:40:5e:8f:
+ 41:4a:4c:56:d4:20:f1:d5:a7:c1:53:2e:ff:7e:37:
+ 17:cc:7e:74:bd:e2:22:33:ce:8c:77:62:a4:c5:3f:
+ 44:35:7b:7e:b9:f5:7d:8c:7a:27:58:fd:2c:42:86:
+ 2e:e7:6b:01:99:7b:fe:7d:a7:a1:4f:3e:39:39:54:
+ 1f:61:de:74:66:d1:77:4f:43:1b:66:70:29:85:de:
+ fc:8f:8e:1b:7b:a2:66:48:26:7f:9b:a6:fd:4a:e4:
+ dc:eb:ed:bd:f8:e3:f1:57:98:13:6f:f1:a3:2a:e3:
+ 73:bd:8d:7c:6f:4b:59:35:bc:b5:42:3e:99:a7:13:
+ 8d:be:2e:5c:9a:c6:5b:ab:ae:bf:00:e9:c8:ee:05:
+ 22:8e:d5:67:1a:47:9a:6d:9c:f9:42:3e:15:34:f8:
+ 31:ec:b4:7e:d3:92:95:b0:b8:f9:66:f3:bd:1d:31:
+ 2c:b1:90:62:a1:f8:4e:a6:5d:26:22:f0:e1:fe:16:
+ 2b:69
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier: 
+ CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93
+ X509v3 Authority Key Identifier: 
+ keyid:CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93
+
+ X509v3 Basic Constraints: 
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ df:fd:74:29:5b:5e:9a:8b:09:02:40:59:73:cb:71:47:3f:97:
+ 3d:a9:fd:c4:8c:01:29:c9:86:b8:71:55:ff:72:0e:50:dc:c8:
+ b5:e6:91:41:52:47:21:30:cc:4d:e7:3b:4b:db:55:ea:7d:46:
+ eb:53:e0:b7:1b:80:7c:b1:0c:d3:d1:bc:a0:73:ae:96:1f:fd:
+ 05:52:7e:54:d5:03:52:69:7b:34:5f:27:d7:98:da:98:76:73:
+ e6:bb:50:59:2a:94:90:67:03:1c:a4:76:2f:ee:ef:59:60:09:
+ 48:33:03:2b:52:ed:83:42:f8:71:19:7f:d8:be:40:ed:20:01:
+ 90:3c:7e:1c:8b:d2:9f:f3:2f:09:1f:50:c8:10:e1:8a:d9:a5:
+ 49:9c:0b:74:17:b9:2b:68:f6:1e:73:c2:73:10:38:b3:35:e2:
+ 87:91:1b:a1:d1:9b:81:9d:1b:32:cc:03:6e:4c:82:95:81:11:
+ 42:56:e2:16:2b:22:65:db:40:2c:ca:dc:03:f4:d5:07:cf:f5:
+ 13:b2:cf:51:5b:24:cd:c7:d1:9b:42:8e:f9:df:5d:1e:5a:09:
+ a3:4f:a9:0b:f4:21:c5:bb:ff:02:93:67:e8:2d:ee:ab:d9:59:
+ 76:03:2c:a1:bd:fb:dc:af:b6:82:94:71:85:53:a8:18:0d:3a:
+ 9e:42:eb:59
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIJANBNI4XuWbP6MA0GCSqGSIb3DQEBCwUAMFYxDzANBgNV
+BAMMBmNhY2VydDELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYD
+VQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjAeFw0xOTAxMjcxMDExMTBa
+Fw0zOTAxMjIxMDExMTBaMFYxDzANBgNVBAMMBmNhY2VydDELMAkGA1UEBhMCRkkx
+ETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwH
+TWFyaWFEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgOp4TTdTAG
+MLIQudGINite+MhEV8tncquWlTPViNGPI1CYum0gAIC9NdXBv5hJxAoVSjSmIZsu
+jBUJ8GOBAsJ84lPg96EaQF6PQUpMVtQg8dWnwVMu/343F8x+dL3iIjPOjHdipMU/
+RDV7frn1fYx6J1j9LEKGLudrAZl7/n2noU8+OTlUH2HedGbRd09DG2ZwKYXe/I+O
+G3uiZkgmf5um/Urk3Ovtvfjj8VeYE2/xoyrjc72NfG9LWTW8tUI+macTjb4uXJrG
+W6uuvwDpyO4FIo7VZxpHmm2c+UI+FTT4Mey0ftOSlbC4+WbzvR0xLLGQYqH4TqZd
+JiLw4f4WK2kCAwEAAaNQME4wHQYDVR0OBBYEFMpxmYnwcqt1ZrtlagMEcqV7laaT
+MB8GA1UdIwQYMBaAFMpxmYnwcqt1ZrtlagMEcqV7laaTMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBAN/9dClbXpqLCQJAWXPLcUc/lz2p/cSMASnJhrhx
+Vf9yDlDcyLXmkUFSRyEwzE3nO0vbVep9RutT4LcbgHyxDNPRvKBzrpYf/QVSflTV
+A1JpezRfJ9eY2ph2c+a7UFkqlJBnAxykdi/u71lgCUgzAytS7YNC+HEZf9i+QO0g
+AZA8fhyL0p/zLwkfUMgQ4YrZpUmcC3QXuSto9h5zwnMQOLM14oeRG6HRm4GdGzLM
+A25MgpWBEUJW4hYrImXbQCzK3AP01QfP9ROyz1FbJM3H0ZtCjvnfXR5aCaNPqQv0
+IcW7/wKTZ+gt7qvZWXYDLKG9+9yvtoKUcYVTqBgNOp5C61k=
+-----END CERTIFICATE-----

mysql-test/std_data/capath/ed1f42db.0

@@ -0,0 +1 @@
+cacert.pem

mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath,debug.rdiff

@@ -0,0 +1,191 @@
+--- r/galera_sst_rsync_encrypt_with_server.result
++++ r/galera_sst_rsync_encrypt_with_server,debug.reject
+@@ -519,4 +519,188 @@
+ 1
+ DROP TABLE t1;
+ COMMIT;
++Performing State Transfer on a server that has been killed and restarted
++while a DDL was in progress on it
++connection node_1;
++CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB;
++SET AUTOCOMMIT=OFF;
++START TRANSACTION;
++INSERT INTO t1 VALUES (1,'node1_committed_before');
++INSERT INTO t1 VALUES (2,'node1_committed_before');
++INSERT INTO t1 VALUES (3,'node1_committed_before');
++INSERT INTO t1 VALUES (4,'node1_committed_before');
++INSERT INTO t1 VALUES (5,'node1_committed_before');
++connection node_2;
++START TRANSACTION;
++INSERT INTO t1 VALUES (6,'node2_committed_before');
++INSERT INTO t1 VALUES (7,'node2_committed_before');
++INSERT INTO t1 VALUES (8,'node2_committed_before');
++INSERT INTO t1 VALUES (9,'node2_committed_before');
++INSERT INTO t1 VALUES (10,'node2_committed_before');
++COMMIT;
++SET GLOBAL debug_dbug = 'd,sync.alter_opened_table';
++connection node_1;
++ALTER TABLE t1 ADD COLUMN f2 INTEGER;
++connection node_2;
++SET wsrep_sync_wait = 0;
++Killing server ...
++connection node_1;
++SET AUTOCOMMIT=OFF;
++START TRANSACTION;
++INSERT INTO t1 (id,f1) VALUES (11,'node1_committed_during');
++INSERT INTO t1 (id,f1) VALUES (12,'node1_committed_during');
++INSERT INTO t1 (id,f1) VALUES (13,'node1_committed_during');
++INSERT INTO t1 (id,f1) VALUES (14,'node1_committed_during');
++INSERT INTO t1 (id,f1) VALUES (15,'node1_committed_during');
++COMMIT;
++START TRANSACTION;
++INSERT INTO t1 (id,f1) VALUES (16,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (17,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (18,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (19,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (20,'node1_to_be_committed_after');
++connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1;
++SET AUTOCOMMIT=OFF;
++START TRANSACTION;
++INSERT INTO t1 (id,f1) VALUES (21,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (22,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (23,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (24,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (25,'node1_to_be_rollbacked_after');
++connection node_2;
++Performing --wsrep-recover ...
++connection node_2;
++Starting server ...
++Using --wsrep-start-position when starting mysqld ...
++SET AUTOCOMMIT=OFF;
++START TRANSACTION;
++INSERT INTO t1 (id,f1) VALUES (26,'node2_committed_after');
++INSERT INTO t1 (id,f1) VALUES (27,'node2_committed_after');
++INSERT INTO t1 (id,f1) VALUES (28,'node2_committed_after');
++INSERT INTO t1 (id,f1) VALUES (29,'node2_committed_after');
++INSERT INTO t1 (id,f1) VALUES (30,'node2_committed_after');
++COMMIT;
++connection node_1;
++INSERT INTO t1 (id,f1) VALUES (31,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (32,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (33,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (34,'node1_to_be_committed_after');
++INSERT INTO t1 (id,f1) VALUES (35,'node1_to_be_committed_after');
++COMMIT;
++SET AUTOCOMMIT=OFF;
++START TRANSACTION;
++INSERT INTO t1 (id,f1) VALUES (36,'node1_committed_after');
++INSERT INTO t1 (id,f1) VALUES (37,'node1_committed_after');
++INSERT INTO t1 (id,f1) VALUES (38,'node1_committed_after');
++INSERT INTO t1 (id,f1) VALUES (39,'node1_committed_after');
++INSERT INTO t1 (id,f1) VALUES (40,'node1_committed_after');
++COMMIT;
++connection node_1a_galera_st_kill_slave_ddl;
++INSERT INTO t1 (id,f1) VALUES (41,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (42,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (43,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (44,'node1_to_be_rollbacked_after');
++INSERT INTO t1 (id,f1) VALUES (45,'node1_to_be_rollbacked_after');
++ROLLBACK;
++SET AUTOCOMMIT=ON;
++SET SESSION wsrep_sync_wait=15;
++SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1';
++EXPECT_3
++3
++SELECT COUNT(*) AS EXPECT_35 FROM t1;
++EXPECT_35
++35
++SELECT * FROM t1;
++id f1 f2
++1 node1_committed_before NULL
++2 node1_committed_before NULL
++3 node1_committed_before NULL
++4 node1_committed_before NULL
++5 node1_committed_before NULL
++6 node2_committed_before NULL
++7 node2_committed_before NULL
++8 node2_committed_before NULL
++9 node2_committed_before NULL
++10 node2_committed_before NULL
++11 node1_committed_during NULL
++12 node1_committed_during NULL
++13 node1_committed_during NULL
++14 node1_committed_during NULL
++15 node1_committed_during NULL
++16 node1_to_be_committed_after NULL
++17 node1_to_be_committed_after NULL
++18 node1_to_be_committed_after NULL
++19 node1_to_be_committed_after NULL
++20 node1_to_be_committed_after NULL
++26 node2_committed_after NULL
++27 node2_committed_after NULL
++28 node2_committed_after NULL
++29 node2_committed_after NULL
++30 node2_committed_after NULL
++31 node1_to_be_committed_after NULL
++32 node1_to_be_committed_after NULL
++33 node1_to_be_committed_after NULL
++34 node1_to_be_committed_after NULL
++35 node1_to_be_committed_after NULL
++36 node1_committed_after NULL
++37 node1_committed_after NULL
++38 node1_committed_after NULL
++39 node1_committed_after NULL
++40 node1_committed_after NULL
++SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
++COUNT(*) = 0
++1
++COMMIT;
++connection node_1;
++SET AUTOCOMMIT=ON;
++SET SESSION wsrep_sync_wait=15;
++SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1';
++EXPECT_3
++3
++SELECT COUNT(*) AS EXPECT_35 FROM t1;
++EXPECT_35
++35
++SELECT * FROM t1;
++id f1 f2
++1 node1_committed_before NULL
++2 node1_committed_before NULL
++3 node1_committed_before NULL
++4 node1_committed_before NULL
++5 node1_committed_before NULL
++6 node2_committed_before NULL
++7 node2_committed_before NULL
++8 node2_committed_before NULL
++9 node2_committed_before NULL
++10 node2_committed_before NULL
++11 node1_committed_during NULL
++12 node1_committed_during NULL
++13 node1_committed_during NULL
++14 node1_committed_during NULL
++15 node1_committed_during NULL
++16 node1_to_be_committed_after NULL
++17 node1_to_be_committed_after NULL
++18 node1_to_be_committed_after NULL
++19 node1_to_be_committed_after NULL
++20 node1_to_be_committed_after NULL
++26 node2_committed_after NULL
++27 node2_committed_after NULL
++28 node2_committed_after NULL
++29 node2_committed_after NULL
++30 node2_committed_after NULL
++31 node1_to_be_committed_after NULL
++32 node1_to_be_committed_after NULL
++33 node1_to_be_committed_after NULL
++34 node1_to_be_committed_after NULL
++35 node1_to_be_committed_after NULL
++36 node1_committed_after NULL
++37 node1_committed_after NULL
++38 node1_committed_after NULL
++39 node1_committed_after NULL
++40 node1_committed_after NULL
++SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
++COUNT(*) = 0
++1
++DROP TABLE t1;
++COMMIT;
++SET GLOBAL debug_dbug = $debug_orig;
+ include/assert_grep.inc [Using stunnel for SSL encryption]