renamed MARIADB_OPT_SSL_PASSWORD to PASSPHRASE

Since MySQL server is picky about cipher suites, cipher suites in GnuTLS switched back to default (NORMAL) without RHE_DSA
2025-08-08 14:02:17 +03:00 · 2016-01-05 09:49:49 +01:00
parent b5cf443681
commit 4cb9b79ced
5 changed files with 7 additions and 7 deletions
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -213,7 +213,7 @@ extern unsigned int mariadb_deinitialize_ssl;
    MYSQL_DATABASE_DRIVER=7000,
    MARIADB_OPT_SSL_FP,             /* single finger print for server certificate verification */
    MARIADB_OPT_SSL_FP_LIST,        /* finger print white list for server certificate verification */
-    MARIADB_OPT_SSL_PASSWORD,       /* password for encrypted certificates */
+    MARIADB_OPT_SSL_PASSPHRASE,     /* passphrase for encrypted certificates */
    MARIADB_OPT_CONNECTION_READ_ONLY,
    MYSQL_OPT_CONNECT_ATTRS,        /* for mysql_get_optionv */
    MARIADB_OPT_USERDATA
--- a/libmariadb/libmariadb.c
+++ b/libmariadb/libmariadb.c
@@ -2948,7 +2948,7 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...)
  case MARIADB_OPT_SSL_FP_LIST:
    OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_fp_list, (char *)arg1);
    break;
-  case MARIADB_OPT_SSL_PASSWORD:
+  case MARIADB_OPT_SSL_PASSPHRASE:
    OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_pw, (char *)arg1);
    break;
  case MARIADB_OPT_CONNECTION_READ_ONLY:
@@ -3119,7 +3119,7 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
  case MARIADB_OPT_SSL_FP_LIST:
    *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_fp_list : NULL;
    break;
-  case MARIADB_OPT_SSL_PASSWORD:
+  case MARIADB_OPT_SSL_PASSPHRASE:
    *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL;
    break;
    /* todo
--- a/libmariadb/secure/gnutls.c
+++ b/libmariadb/secure/gnutls.c
@@ -204,7 +204,7 @@ void *ma_ssl_init(MYSQL *mysql)
    goto error;
  gnutls_session_set_ptr(ssl, (void *)mysql);

-  ssl_error= gnutls_priority_set_direct(ssl, "NORMAL:-DHE-RSA", &err);
+  ssl_error= gnutls_priority_set_direct(ssl, "NORMAL", &err);
  if (ssl_error < 0)
    goto error;

--- a/unittest/libmariadb/connection.c
+++ b/unittest/libmariadb/connection.c
@@ -755,7 +755,7 @@ static int test_get_options(MYSQL *my)
  int options_char[]= {MYSQL_READ_DEFAULT_FILE, MYSQL_READ_DEFAULT_GROUP, MYSQL_SET_CHARSET_NAME,
                       MYSQL_OPT_SSL_KEY, MYSQL_OPT_SSL_CA, MYSQL_OPT_SSL_CERT, MYSQL_OPT_SSL_CAPATH,
                       MYSQL_OPT_SSL_CIPHER, MYSQL_OPT_BIND, MARIADB_OPT_SSL_FP, MARIADB_OPT_SSL_FP_LIST,
-                       MARIADB_OPT_SSL_PASSWORD, 0};
+                       MARIADB_OPT_SSL_PASSPHRASE, 0};

  char *init_command[3]= {"SET @a:=1", "SET @b:=2", "SET @c:=3"};
  int elements= 0;
--- a/unittest/libmariadb/ssl.c.in
+++ b/unittest/libmariadb/ssl.c.in
@@ -55,7 +55,7 @@ static int check_cipher(MYSQL *mysql)

 #ifdef HAVE_GNUTLS
  {
-    return strcmp(cipher, "AES-128-GCM");
+    return strcmp(cipher, "AES-256-CBC");
  }
 #elif HAVE_OPENSSL
  if (!strcmp(cipher, "DHE-RSA-AES256-SHA") ||
@@ -388,7 +388,7 @@ static int test_password_protected(MYSQL *my)
                       "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/client-cert.pem",
                       "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca-cert.pem", 0, 0);

-  mysql_options(mysql, MARIADB_OPT_SSL_PASSWORD, "qwerty");
+  mysql_options(mysql, MARIADB_OPT_SSL_PASSPHRASE, "qwerty");

  FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
           port, socketname, 0), mysql_error(mysql));