diff --git a/bin/pt-archiver b/bin/pt-archiver index 874a2234..af0ccfaf 100755 --- a/bin/pt-archiver +++ b/bin/pt-archiver @@ -4421,7 +4421,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4943,11 +4944,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -5384,6 +5386,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-config-diff b/bin/pt-config-diff index c82398b6..94020013 100755 --- a/bin/pt-config-diff +++ b/bin/pt-config-diff @@ -4193,7 +4193,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4715,11 +4716,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -5156,6 +5158,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-deadlock-logger b/bin/pt-deadlock-logger index a3110119..cec2dfe2 100755 --- a/bin/pt-deadlock-logger +++ b/bin/pt-deadlock-logger @@ -3258,7 +3258,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -3780,11 +3781,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4221,6 +4223,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-diskstats b/bin/pt-diskstats index 76e0cb14..ded40200 100755 --- a/bin/pt-diskstats +++ b/bin/pt-diskstats @@ -3828,7 +3828,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4350,11 +4351,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4791,6 +4793,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-duplicate-key-checker b/bin/pt-duplicate-key-checker index c38f6e86..e75fd9cc 100755 --- a/bin/pt-duplicate-key-checker +++ b/bin/pt-duplicate-key-checker @@ -3845,7 +3845,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4367,11 +4368,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4808,6 +4810,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-find b/bin/pt-find index 9d953277..a71b41b8 100755 --- a/bin/pt-find +++ b/bin/pt-find @@ -2572,7 +2572,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -3094,11 +3095,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -3535,6 +3537,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-fk-error-logger b/bin/pt-fk-error-logger index fb14a224..1d8a0ee6 100755 --- a/bin/pt-fk-error-logger +++ b/bin/pt-fk-error-logger @@ -2763,7 +2763,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -3285,11 +3286,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -3726,6 +3728,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-heartbeat b/bin/pt-heartbeat index 855ded6f..a018ea59 100755 --- a/bin/pt-heartbeat +++ b/bin/pt-heartbeat @@ -3744,7 +3744,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4266,11 +4267,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4707,6 +4709,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-index-usage b/bin/pt-index-usage index 1185ade7..4b62a7cf 100755 --- a/bin/pt-index-usage +++ b/bin/pt-index-usage @@ -5249,7 +5249,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -5771,11 +5772,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -6212,6 +6214,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-kill b/bin/pt-kill index 981fa5bc..4e3ad04a 100755 --- a/bin/pt-kill +++ b/bin/pt-kill @@ -5575,7 +5575,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -6097,11 +6098,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -6538,6 +6540,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-online-schema-change b/bin/pt-online-schema-change index 903ea34b..1b8a799d 100755 --- a/bin/pt-online-schema-change +++ b/bin/pt-online-schema-change @@ -6577,7 +6577,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -7099,11 +7100,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -7540,6 +7542,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-query-digest b/bin/pt-query-digest index cdf6ba6b..dbbc7c38 100755 --- a/bin/pt-query-digest +++ b/bin/pt-query-digest @@ -11833,7 +11833,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -12355,11 +12356,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -12796,6 +12798,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-slave-delay b/bin/pt-slave-delay index a9c4d063..ff2b4840 100755 --- a/bin/pt-slave-delay +++ b/bin/pt-slave-delay @@ -3097,7 +3097,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -3619,11 +3620,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4060,6 +4062,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-slave-restart b/bin/pt-slave-restart index a336b3f7..72e15d71 100755 --- a/bin/pt-slave-restart +++ b/bin/pt-slave-restart @@ -3746,7 +3746,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4268,11 +4269,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4709,6 +4711,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-table-checksum b/bin/pt-table-checksum index 6e811f71..3d1a24e2 100755 --- a/bin/pt-table-checksum +++ b/bin/pt-table-checksum @@ -332,7 +332,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -854,11 +855,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -1295,6 +1297,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-table-sync b/bin/pt-table-sync index 9d389748..0d82eac1 100755 --- a/bin/pt-table-sync +++ b/bin/pt-table-sync @@ -8605,7 +8605,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -9127,11 +9128,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -9568,6 +9570,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-upgrade b/bin/pt-upgrade index e3d869e3..6ebc54c4 100755 --- a/bin/pt-upgrade +++ b/bin/pt-upgrade @@ -3569,7 +3569,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4091,11 +4092,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4532,6 +4534,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/bin/pt-variable-advisor b/bin/pt-variable-advisor index a966883a..20fd21ad 100755 --- a/bin/pt-variable-advisor +++ b/bin/pt-variable-advisor @@ -4004,7 +4004,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { my $fh = $self->{fh}; @@ -4526,11 +4527,12 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - my $protocol = 'https'; # optimistic, but... + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); @@ -4967,6 +4969,11 @@ sub get_from_mysql { return; } + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) { diff --git a/lib/HTTP/Micro.pm b/lib/HTTP/Micro.pm index 859d5ddd..9cc35853 100644 --- a/lib/HTTP/Micro.pm +++ b/lib/HTTP/Micro.pm @@ -237,7 +237,8 @@ sub _split_url { ref($self->{fh}) eq 'IO::Socket::SSL' or die(qq/SSL connection failed for $host\n/); if ( $self->{fh}->can("verify_hostname") ) { - $self->{fh}->verify_hostname( $host, $ssl_verify_args ); + $self->{fh}->verify_hostname( $host, $ssl_verify_args ) + or die(qq/SSL certificate not valid for $host\n/); } else { # Can't use $self->{fh}->verify_hostname because the IO::Socket::SSL diff --git a/lib/VersionCheck.pm b/lib/VersionCheck.pm index 18294fae..07454a4f 100644 --- a/lib/VersionCheck.pm +++ b/lib/VersionCheck.pm @@ -138,17 +138,17 @@ sub version_check { PTDEBUG && _d(scalar @$instances_to_check, 'instances to check'); return unless @$instances_to_check; - # Get the list of program to check from Percona. Try using - # https first; fallback to http if that fails (probably because - # IO::Socket::SSL isn't installed). - my $protocol = 'https'; # optimistic, but... + # Skip Version Check altogether if SSL not available + my $protocol = 'https'; eval { require IO::Socket::SSL; }; if ( $EVAL_ERROR ) { PTDEBUG && _d($EVAL_ERROR); - $protocol = 'http'; + PTDEBUG && _d("SSL not available, won't run version_check"); + return; } PTDEBUG && _d('Using', $protocol); + # Get list of programs to check from Percona. my $advice = pingback( instances => $instances_to_check, protocol => $protocol, @@ -644,6 +644,13 @@ sub get_from_mysql { return; } + # hardcode the variables we report + # so in case of MITM attack, we don't report sensitive data + if ($item->{item} eq 'MySQL' && $item->{type} eq 'mysql_variable') { + $item->{vars} = ['version_comment', 'version']; + } + + my @versions; my %version_for; foreach my $instance ( @$instances ) {