erp5.mariadb: Add support for ssl-cipher and ssl-crl options.

software/erp5/instance-mariadb-input-schema.json

@@ -106,6 +106,14 @@
         "key": {
           "description": "Server's key, in PEM format (mandatory to enable SSL support)",
           "type": "string"
+        },
+        "crl": {
+          "description": "Server's certificate revocation list, in PEM format",
+          "type": "string"
+        },
+        "cipher": {
+          "description": "Permissible cipher specifications, separated by colons",
+          "type": "string"
         }
       },
       "type": "object"

stack/erp5/buildout.cfg

@@ -179,7 +179,7 @@ context =
 [template-mariadb]
 < = download-base
 filename = instance-mariadb.cfg.in
-md5sum = 7946369d6df508d854c786ab653e8cd4
+md5sum = 1e623053708a4d1de7a17d10ea5196c4
 link-binary =
   ${coreutils:location}/bin/basename
   ${coreutils:location}/bin/cat
@@ -210,7 +210,7 @@ md5sum = 5ad1664a39fbab5f8450c7fb36c81945
 [template-my-cnf]
 < = download-base
 filename = my.cnf.in
-md5sum = 21d1e74c964a4882f33c360e9c8a3d44
+md5sum = e0563820db570b77d24eb3ef0b0e0209
 
 [template-mariadb-initial-setup]
 < = download-base

stack/erp5/instance-mariadb.cfg.in

@@ -61,6 +61,9 @@ about laxist file mode. -#}
 {%   if 'ca-crt' in ssl_parameter_dict -%}
 {{     sslfile('ca-crt', ssl_parameter_dict['ca-crt']) }}
 {%   endif -%}
+{%   if 'crl' in ssl_parameter_dict -%}
+{{     sslfile('crl', ssl_parameter_dict['crl']) }}
+{%   endif -%}
 {%- endif %}
 
 {% if full_backup_retention_days > -1 -%}

stack/erp5/my.cnf.in

@@ -76,6 +76,12 @@ ssl_key = {{ parameter_dict['ssl-key'] }}
 {%   if 'ssl-ca-crt' in parameter_dict -%}
 ssl_ca = {{ parameter_dict['ssl-ca-crt'] }}
 {%-  endif %}
+{%   if 'ssl-crl' in parameter_dict -%}
+ssl_crl = {{ parameter_dict['ssl-crl'] }}
+{%-  endif %}
+{%   if 'ssl-cipher' in parameter_dict -%}
+ssl_cipher = {{ parameter_dict['ssl-cipher'] }}
+{%-  endif %}
 {%- endif %}
 
 [client]