database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

MDEV-14027: Determine TLS/SSL library version

Browse Source
This commit is contained in:
Georg Richter
2017-10-15 06:01:59 +02:00
parent e815469f21
commit 7b02cbb721
7 changed files with 45 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -334,7 +334,7 @@ CONFIGURE_FILE(${CC_SOURCE_DIR}/include/mariadb_version.h.in
INCLUDE_DIRECTORIES(${CC_BINARY_DIR}/include) INCLUDE_DIRECTORIES(${CC_BINARY_DIR}/include)
IF(WIN32) IF(WIN32)
SET(SYSTEM_LIBS ws2_32 advapi32 kernel32 shlwapi) SET(SYSTEM_LIBS ws2_32 advapi32 kernel32 shlwapi version)
ELSE() ELSE()
SET(SYSTEM_LIBS ${SYSTEM_LIBS} ${LIBPTHREAD} ${LIBDL} ${LIBM}) SET(SYSTEM_LIBS ${SYSTEM_LIBS} ${LIBPTHREAD} ${LIBDL} ${LIBM})
IF(ICONV_EXTERNAL) IF(ICONV_EXTERNAL)

3
include/ma_tls.h
View File

@@ -1,6 +1,9 @@
#ifndef _ma_tls_h_ #ifndef _ma_tls_h_
#define _ma_tls_h_ #define _ma_tls_h_
#define TLS_VERSION_LENGTH 64
extern char tls_library_version[TLS_VERSION_LENGTH];
enum enum_pvio_tls_type { enum enum_pvio_tls_type {
SSL_TYPE_DEFAULT=0, SSL_TYPE_DEFAULT=0,
#ifdef _WIN32 #ifdef _WIN32

2
libmariadb/ma_tls.c
View File

@@ -153,7 +153,7 @@ static my_bool ma_pvio_tls_compare_fp(const char *cert_fp,
char d1, d2; char d1, d2;
if (*p == ':') if (*p == ':')
p++; p++;
if (p - fp > fp_len -1) if (p - fp > (int)fp_len -1)
return 1; return 1;
if ((d1 = ma_hex2int(*p)) == - 1 || if ((d1 = ma_hex2int(*p)) == - 1 ||
(d2 = ma_hex2int(*(p+1))) == -1 || (d2 = ma_hex2int(*(p+1))) == -1 ||

10
libmariadb/mariadb_lib.c
View File

@@ -3708,15 +3708,9 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
break; break;
case MARIADB_TLS_LIBRARY: case MARIADB_TLS_LIBRARY:
#ifdef HAVE_TLS #ifdef HAVE_TLS
#ifdef HAVE_GNUTLS *((char **)arg)= tls_library_version;
*((const char **)arg)= "GNUTLS";
#elif HAVE_OPENSSL
*((const char **)arg)= "OPENSSL";
#elif HAVE_SCHANNEL
*((const char **)arg)= "SCHANNEL";
#endif
#else #else
*((char **)arg)= "OFF"; *((char **)arg)= "Off";
#endif #endif
break; break;
case MARIADB_CLIENT_VERSION: case MARIADB_CLIENT_VERSION:

2
libmariadb/secure/gnutls.c
View File

@@ -969,6 +969,8 @@ int ma_tls_start(char *errmsg, size_t errmsg_len)
ma_tls_get_error(errmsg, errmsg_len, rc); ma_tls_get_error(errmsg, errmsg_len, rc);
goto end; goto end;
} }
snprint(tls_library_version, TLS_VERSION_LENGTH - 1, "GnuTLS %s",
gnutls_check_version(NULL));
ma_tls_initialized= TRUE; ma_tls_initialized= TRUE;
end: end:
pthread_mutex_unlock(&LOCK_gnutls_config); pthread_mutex_unlock(&LOCK_gnutls_config);

10
libmariadb/secure/openssl.c
View File

@@ -26,6 +26,7 @@
#include <mysql/client_plugin.h> #include <mysql/client_plugin.h>
#include <string.h> #include <string.h>
#include <openssl/ssl.h> /* SSL and SSL_CTX */ #include <openssl/ssl.h> /* SSL and SSL_CTX */
#include <openssl/crypto.h> /* for OpenSSL_version */
#include <openssl/err.h> /* error reporting */ #include <openssl/err.h> /* error reporting */
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/md4.h> #include <openssl/md4.h>
@@ -60,7 +61,7 @@ extern my_bool ma_tls_initialized;
extern unsigned int mariadb_deinitialize_ssl; extern unsigned int mariadb_deinitialize_ssl;
#define MAX_SSL_ERR_LEN 100 #define MAX_SSL_ERR_LEN 100
char tls_library_version[TLS_VERSION_LENGTH];
static pthread_mutex_t LOCK_openssl_config; static pthread_mutex_t LOCK_openssl_config;
#ifndef HAVE_OPENSSL_1_1_API #ifndef HAVE_OPENSSL_1_1_API
static pthread_mutex_t *LOCK_crypto= NULL; static pthread_mutex_t *LOCK_crypto= NULL;
@@ -319,6 +320,13 @@ int ma_tls_start(char *errmsg __attribute__((unused)), size_t errmsg_len __attri
ma_BIO_method.bwrite= ma_bio_write; ma_BIO_method.bwrite= ma_bio_write;
#endif #endif
rc= 0; rc= 0;
snprintf(tls_library_version, TLS_VERSION_LENGTH - 1, "%s",
#if defined(LIBRESSL_VERSION_NUMBER) || !defined(HAVE_OPENSSL_1_1_API)
SSLeay_version(SSLEAY_VERSION));
#else
OpenSSL_version(OPENSSL_VERSION));
#endif
ma_tls_initialized= TRUE; ma_tls_initialized= TRUE;
end: end:
pthread_mutex_unlock(&LOCK_openssl_config); pthread_mutex_unlock(&LOCK_openssl_config);

29
libmariadb/secure/schannel.c
View File

@@ -21,8 +21,8 @@
#pragma comment (lib, "crypt32.lib") #pragma comment (lib, "crypt32.lib")
#pragma comment (lib, "secur32.lib") #pragma comment (lib, "secur32.lib")
#pragma comment (lib, "version.lib")
//#define VOID void
extern my_bool ma_tls_initialized; extern my_bool ma_tls_initialized;
@@ -31,6 +31,8 @@ extern my_bool ma_tls_initialized;
#define PROT_TLS1_2 4 #define PROT_TLS1_2 4
#define PROT_TLS1_3 8 #define PROT_TLS1_3 8
char tls_library_version[TLS_VERSION_LENGTH];
static struct static struct
{ {
DWORD cipher_id; DWORD cipher_id;
@@ -161,7 +163,6 @@ cipher_map[] =
#define MAX_ALG_ID 50 #define MAX_ALG_ID 50
void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo); void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo);
void ma_schannel_set_win_error(MYSQL *mysql);
/* /*
Initializes SSL and allocate global Initializes SSL and allocate global
@@ -176,7 +177,31 @@ void ma_schannel_set_win_error(MYSQL *mysql);
*/ */
int ma_tls_start(char *errmsg, size_t errmsg_len) int ma_tls_start(char *errmsg, size_t errmsg_len)
{ {
DWORD size;
DWORD handle;
if ((size= GetFileVersionInfoSize("schannel.dll", &handle)))
{
LPBYTE VersionInfo;
if ((VersionInfo = (LPBYTE)malloc(size)))
{
unsigned int len;
VS_FIXEDFILEINFO *fileinfo;
GetFileVersionInfo("schannel.dll", 0, size, VersionInfo);
VerQueryValue(VersionInfo, "\\", (LPVOID *)&fileinfo, &len);
snprintf(tls_library_version, TLS_VERSION_LENGTH - 1, "Schannel %d.%d.%d.%d\n",
HIWORD(fileinfo->dwFileVersionMS),
LOWORD(fileinfo->dwFileVersionMS),
HIWORD(fileinfo->dwFileVersionLS),
LOWORD(fileinfo->dwFileVersionLS));
free(VersionInfo);
goto end;
}
}
/* this shouldn't happen anyway */
strcpy(tls_library_version, "Schannel 0.0.0.0");
end:
ma_tls_initialized = TRUE; ma_tls_initialized = TRUE;
return 0; return 0;
} }