From 6cfcdbdbc60222b928bef9f483e145f69572257a Mon Sep 17 00:00:00 2001
From: Kjetil Torgrim Homme <kjetil.homme@redpill-linpro.com>
Date: Fri, 25 Nov 2022 12:43:29 +0100
Subject: [PATCH 1/2] do not emit other ssl directives when ssl = false

This is needed for newer versions of MariaDB, see issue #1509
---
 templates/my.cnf.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/my.cnf.erb b/templates/my.cnf.erb
index 7d1f1486b..3680d81d0 100644
--- a/templates/my.cnf.erb
+++ b/templates/my.cnf.erb
@@ -4,7 +4,7 @@
 <%   if v.is_a?(Hash) -%>
 [<%=   k %>]
 <%     v.sort.map do |ki, vi| -%>
-<%       if ki == 'ssl-disable' or (ki =~ /^ssl/ and v['ssl-disable'] == true) -%>
+<%       if ki == 'ssl-disable' or (ki =~ /^ssl/ and v['ssl-disable'] == true) or (ki =~ /^ssl-/ and v['ssl'] == false) -%>
 <%         next %>
 <%       elsif vi == true or vi == '' -%>
 <%=        ki %>

From b54ccd4c993e674991c6e9f2d6fee45936f2e0c4 Mon Sep 17 00:00:00 2001
From: Kjetil Torgrim Homme <kjetil.homme@redpill-linpro.com>
Date: Mon, 5 Dec 2022 20:30:38 +0100
Subject: [PATCH 2/2] tests to verify ssl options are filtered out from my.cnf
 when ssl is disabled

---
 spec/classes/mycnf_template_spec.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/spec/classes/mycnf_template_spec.rb b/spec/classes/mycnf_template_spec.rb
index d15514b31..277711067 100644
--- a/spec/classes/mycnf_template_spec.rb
+++ b/spec/classes/mycnf_template_spec.rb
@@ -47,6 +47,13 @@
         it { is_expected.to contain_file('mysql-config-file').with_content(%r{ssl = false}) }
       end
 
+      describe 'ssl set to false filters out ssl options' do
+        let(:params) { { override_options: { 'mysqld' => { 'ssl' => false, 'ssl-disable' => false, 'ssl-key' => '/etc/key.pem' } } } }
+
+        it { is_expected.to contain_file('mysql-config-file').with_content(%r{ssl = false}) }
+        it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl-key}) }
+      end
+
       # ssl-disable (and ssl) are special cased within mysql.
       describe 'possibility of disabling ssl completely' do
         let(:params) { { override_options: { 'mysqld' => { 'ssl' => true, 'ssl-disable' => true } } } }
@@ -54,6 +61,14 @@
         it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl = true}) }
       end
 
+      describe 'ssl-disable filters other ssl options' do
+        let(:params) { { override_options: { 'mysqld' => { 'ssl' => true, 'ssl-disable' => true, 'ssl-key' => '/etc/key.pem' } } } }
+
+        it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl = true}) }
+        it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl-disable}) }
+        it { is_expected.to contain_file('mysql-config-file').without_content(%r{ssl-key}) }
+      end
+
       describe 'a non ssl option set to true' do
         let(:params) { { override_options: { 'mysqld' => { 'test' => true } } } }