database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

Save the result of peer certificate verification

Browse Source 
Since the MARIADB_TLS_VERIFY_TRUST flag might be cleared in my_auth,
we store the original result of peer certificate verification in
mysql->extension->tls_validation.
This value can be obtained via mariadb_get_infov API function
using option MARIADB_TLS_VERIFY_STATUS.
This commit is contained in:
Georg Richter
2024-08-31 07:53:46 +02:00
parent 4a157ffbb5
commit 57f38cf87f
4 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/ma_common.h
View File

@@ -117,6 +117,7 @@ struct st_mariadb_extension {
unsigned long mariadb_client_flag; /* MariaDB specific client flags */ unsigned long mariadb_client_flag; /* MariaDB specific client flags */
unsigned long mariadb_server_capabilities; /* MariaDB specific server capabilities */ unsigned long mariadb_server_capabilities; /* MariaDB specific server capabilities */
my_bool auto_local_infile; my_bool auto_local_infile;
my_bool tls_validation;
}; };
#define OPT_EXT_VAL(a,key) \ #define OPT_EXT_VAL(a,key) \

2
libmariadb/mariadb_lib.c
View File

@@ -4552,7 +4552,7 @@ my_bool mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *arg, ...
*((MARIADB_X509_INFO **)arg)= NULL; *((MARIADB_X509_INFO **)arg)= NULL;
break; break;
case MARIADB_TLS_VERIFY_STATUS: case MARIADB_TLS_VERIFY_STATUS:
*((unsigned int *)arg)= (unsigned int)mysql->net.tls_verify_status; *((unsigned int *)arg)= (unsigned int)mysql->extension->tls_validation;
break; break;
#endif #endif
case MARIADB_MAX_ALLOWED_PACKET: case MARIADB_MAX_ALLOWED_PACKET:

1
libmariadb/secure/schannel.c
View File

@@ -551,6 +551,7 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
my_bool rc= 1; my_bool rc= 1;
SC_CTX *sctx; SC_CTX *sctx;
SECURITY_STATUS sRet; SECURITY_STATUS sRet;
client_cert_handle cert_handle= {0};
DWORD protocol = 0; DWORD protocol = 0;
const CERT_CONTEXT* cert_context = NULL; const CERT_CONTEXT* cert_context = NULL;

4
plugins/auth/my_auth.c
View File

@@ -433,6 +433,8 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
if (ma_pvio_tls_verify_server_cert(mysql->net.pvio->ctls, verify_flags)) if (ma_pvio_tls_verify_server_cert(mysql->net.pvio->ctls, verify_flags))
{ {
/* Save original verification result */
mysql->extension->tls_validation= mysql->net.tls_verify_status;
if (mysql->net.tls_verify_status > MARIADB_TLS_VERIFY_TRUST || if (mysql->net.tls_verify_status > MARIADB_TLS_VERIFY_TRUST ||
(mysql->options.ssl_ca || mysql->options.ssl_capath)) (mysql->options.ssl_ca || mysql->options.ssl_capath))
goto error; goto error;
@@ -445,6 +447,8 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
else if (!password_and_hashing(mysql, mpvio->plugin)) else if (!password_and_hashing(mysql, mpvio->plugin))
goto error; goto error;
} }
else
mysql->extension->tls_validation= mysql->net.tls_verify_status;
} }
#endif /* HAVE_TLS */ #endif /* HAVE_TLS */