From 7ccbf23af60fc1b928268f5c5730c3f3aefdfe90 Mon Sep 17 00:00:00 2001
From: "dave@tiredofit.ca" <dave@tiredofit.ca>
Date: Mon, 19 Dec 2022 08:21:35 -0800
Subject: [PATCH] Release 3.7.1 - See CHANGELOG.md

---
 CHANGELOG.md                          |  9 +++++++
 README.md                             |  3 ++-
 install/assets/defaults/10-db-backup  |  2 ++
 install/assets/functions/10-db-backup | 34 +++++++++++++--------------
 4 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a2795b8..a6f52d4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+## 3.7.1 2022-12-19 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Add MYSQL_ENABLE_TLS environment variable to switch on and off
+
+   ### Reverted
+      - Set default for MYSQL_TLS_CA_FILE to accomodate for most use cases
+
+
 ## 3.7.0 2022-12-16 <dave at tiredofit dot ca>
 
    ### Added
diff --git a/README.md b/README.md
index e63ae06..2976a4a 100644
--- a/README.md
+++ b/README.md
@@ -183,9 +183,10 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 | `MYSQL_MAX_ALLOWED_PACKET`     | Max allowed packet if backing up MySQL / MariaDB                                                                                      | `512M`                    |
 | `MYSQL_SINGLE_TRANSACTION`     | Backup in a single transaction with MySQL / MariaDB                                                                                   | `TRUE`                    |
 | `MYSQL_STORED_PROCEDURES`      | Backup stored procedures with MySQL / MariaDB                                                                                         | `TRUE`                    |
+| `MYSQL_ENABLE_TLS`             | Enable TLS functionality for MySQL client                                                                                             | `FALSE`                   |
 | `MYSQL_TLS_VERIFY`             | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host                                                        | `FALSE`                   |
 | `MYSQL_TLS_VERSION`            | What TLS `v1.1` `v1.2` `v1.3` version to utilize                                                                                      | `TLSv1.1,TLSv1.2,TLSv1.3` |
-| `MYSQL_TLS_CA_FILE`            | Filename to load custom CA certificate for connecting via TLS e.g. `/etc/ssl/cert.pem` should suffice for most non self signed setups |                           |
+| `MYSQL_TLS_CA_FILE`            | Filename to load custom CA certificate for connecting via TLS  | `/etc/ssl/cert.pem`                          |
 | `MYSQL_TLS_CERT_FILE`          | Filename to load client certificate for connecting via TLS                                                                            |                           |
 | `MYSQL_TLS_KEY_FILE`           | Filename to load client key for connecting via TLS                                                                                    |                           |
 
diff --git a/install/assets/defaults/10-db-backup b/install/assets/defaults/10-db-backup
index 3430944..398550e 100644
--- a/install/assets/defaults/10-db-backup
+++ b/install/assets/defaults/10-db-backup
@@ -12,9 +12,11 @@ ENABLE_CHECKSUM=${ENABLE_CHECKSUM:-"TRUE"}
 ENABLE_PARALLEL_COMPRESSION=${ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
 MANUAL_RUN_FOREVER=${MANUAL_RUN_FOREVER:-"TRUE"}
 MODE=${MODE:-"AUTO"}
+MYSQL_ENABLE_TLS=${MYSQL_ENABLE_TLS:-"FALSE"}
 MYSQL_MAX_ALLOWED_PACKET=${MYSQL_MAX_ALLOWED_PACKET:-"512M"}
 MYSQL_SINGLE_TRANSACTION=${MYSQL_SINGLE_TRANSACTION:-"TRUE"}
 MYSQL_STORED_PROCEDURES=${MYSQL_STORED_PROCEDURES:-"TRUE"}
+MYSQL_TLS_CA_FILE=${MYSQL_TLS_CA_FILE:-"/etc/ssl/cert/pem"}
 MYSQL_TLS_VERIFY=${MYSQL_TLS_VERIFY:-"FALSE"}
 MYSQL_TLS_VERSION=${MYSQL_TLS_VERSION:-"TLSv1.1,TLSv1.2,TLSv1.3"}
 PARALLEL_COMPRESSION_THREADS=${PARALLEL_COMPRESSION_THREADS:-"$(nproc)"}
diff --git a/install/assets/functions/10-db-backup b/install/assets/functions/10-db-backup
index c4a2e02..ea3a9b7 100644
--- a/install/assets/functions/10-db-backup
+++ b/install/assets/functions/10-db-backup
@@ -49,24 +49,22 @@ bootstrap_variables() {
             sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
             [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS'
             [[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS}
-            if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
-                mysql_tls=TRUE
-                mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
-            fi
-            if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
-                mysql_tls=TRUE
-                mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
-            fi
-            if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
-                mysql_tls=TRUE
-                mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
-            fi
-            if var_true "${TLS_VERIFY}" ; then
-                mysql_tls=TRUE
-                mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
-            fi
-            if var_true "${mysql_tls}" ; then
-                mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
+            if var_true "${MYSQL_ENABLE_TLS}" ; then
+                if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
+                    mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
+                fi
+                if var_true "${TLS_VERIFY}" ; then
+                    mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
+                fi
+                if [ -n "${MYSQL_TLS_VERSION}" ; then
+                    mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
+                fi
             fi
         ;;
         "mssql" | "microsoftsql" )