database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

CONC-692: Provide X509 peer certificate information

Browse Source 
Added a new structure MARIADB_X509_INFO, which
contains information about servers certificate.
The information can be obtained via mysql_get_infov API
function:

MARIADB_X509_INFO *info;
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info);
This commit is contained in:
Georg Richter
2024-04-24 11:21:28 +02:00
parent fef3e4ed6d
commit 19dffea4dc
8 changed files with 226 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
unittest/libmariadb/connection.c
View File

@@ -1369,6 +1369,7 @@ static int test_conc276(MYSQL *unused __attribute__((unused)))
MYSQL *mysql= mysql_init(NULL);
int rc;
my_bool val= 1;
MARIADB_X509_INFO *info;
mysql_options(mysql, MYSQL_OPT_SSL_ENFORCE, &val);
mysql_options(mysql, MYSQL_OPT_RECONNECT, &val);
@@ -1380,7 +1381,15 @@ static int test_conc276(MYSQL *unused __attribute__((unused)))
return FAIL;
}
diag("Cipher in use: %s", mysql_get_ssl_cipher(mysql));
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info);
diag("subject: %s", info->subject);
diag("issuer: %s", info->issuer);
diag("fingerprint: %s", info->fingerprint);
diag("not before : %04d.%02d.%02d", info->not_before.tm_year + 1900,
info->not_before.tm_mon + 1, info->not_before.tm_mday);
diag("not after : %04d.%02d.%02d", info->not_after.tm_year + 1900,
info->not_after.tm_mon + 1, info->not_after.tm_mday);
rc= mariadb_reconnect(mysql);
check_mysql_rc(rc, mysql);
@@ -2309,7 +2318,49 @@ static int test_conc632(MYSQL *my __attribute__((unused)))
return OK;
}
static int test_x509(MYSQL *my __attribute__((unused)))
{
MYSQL *mysql1, *mysql2;
my_bool val= 1;
my_bool verify= 0;
char fp[65];
MARIADB_X509_INFO *info;
mysql1= mysql_init(NULL);
mysql2= mysql_init(NULL);
mysql_options(mysql1, MYSQL_OPT_SSL_ENFORCE, &val);
mysql_options(mysql2, MYSQL_OPT_SSL_ENFORCE, &val);
mysql_options(mysql1, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify);
if (!(my_test_connect(mysql1, hostname, username,
password, schema, port,
socketname, 0)))
{
diag("connection failed");
return FAIL;
}
mariadb_get_infov(mysql1, MARIADB_TLS_PEER_CERT_INFO, &info);
memset(fp, 0, 65);
diag("fingerprint: %s", info->fingerprint);
mysql_options(mysql2, MARIADB_OPT_TLS_PEER_FP, info->fingerprint);
if (!(my_test_connect(mysql2, hostname, username,
password, schema, port,
socketname, 0)))
{
diag("connection failed");
return FAIL;
}
mariadb_get_infov(mysql2, MARIADB_TLS_PEER_CERT_INFO, &info);
FAIL_IF(info->verify_mode != MARIADB_VERIFY_FINGERPRINT, "Fingerprint verification expected");
mysql_close(mysql1);
mysql_close(mysql2);
return OK;
}
struct my_tests_st my_tests[] = {
{"test_x509", test_x509, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_conc632", test_conc632, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_status_callback", test_status_callback, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_conc365", test_conc365, TEST_CONNECTION_NONE, 0, NULL, NULL},