MDEV-14027: Determine TLS/SSL library version

2025-08-08 14:02:17 +03:00 · 2017-10-15 06:01:59 +02:00
parent e815469f21
commit 7b02cbb721
7 changed files with 45 additions and 13 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -334,7 +334,7 @@ CONFIGURE_FILE(${CC_SOURCE_DIR}/include/mariadb_version.h.in
 INCLUDE_DIRECTORIES(${CC_BINARY_DIR}/include)

 IF(WIN32)
-  SET(SYSTEM_LIBS ws2_32 advapi32 kernel32 shlwapi)
+  SET(SYSTEM_LIBS ws2_32 advapi32 kernel32 shlwapi version)
 ELSE()
  SET(SYSTEM_LIBS ${SYSTEM_LIBS} ${LIBPTHREAD} ${LIBDL} ${LIBM})
  IF(ICONV_EXTERNAL)
--- a/include/ma_tls.h
+++ b/include/ma_tls.h
@@ -1,6 +1,9 @@
 #ifndef _ma_tls_h_
 #define _ma_tls_h_

+#define TLS_VERSION_LENGTH 64
+extern char tls_library_version[TLS_VERSION_LENGTH];
+
 enum enum_pvio_tls_type {
  SSL_TYPE_DEFAULT=0,
 #ifdef _WIN32
--- a/libmariadb/ma_tls.c
+++ b/libmariadb/ma_tls.c
@@ -153,7 +153,7 @@ static my_bool ma_pvio_tls_compare_fp(const char *cert_fp,
    char d1, d2;
    if (*p == ':')
      p++;
-    if (p - fp > fp_len -1)
+    if (p - fp > (int)fp_len -1)
      return 1;
    if ((d1 = ma_hex2int(*p)) == - 1 ||
        (d2 = ma_hex2int(*(p+1))) == -1 ||
--- a/libmariadb/mariadb_lib.c
+++ b/libmariadb/mariadb_lib.c
@@ -3708,15 +3708,9 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
    break;
  case MARIADB_TLS_LIBRARY:
 #ifdef HAVE_TLS
-#ifdef HAVE_GNUTLS
-    *((const char **)arg)= "GNUTLS";
-#elif HAVE_OPENSSL
-    *((const char **)arg)= "OPENSSL";
-#elif HAVE_SCHANNEL
-    *((const char **)arg)= "SCHANNEL";
-#endif
+    *((char **)arg)= tls_library_version;
 #else
-    *((char **)arg)= "OFF";
+    *((char **)arg)= "Off";
 #endif
    break;
  case MARIADB_CLIENT_VERSION:
--- a/libmariadb/secure/gnutls.c
+++ b/libmariadb/secure/gnutls.c
@@ -969,6 +969,8 @@ int ma_tls_start(char *errmsg, size_t errmsg_len)
    ma_tls_get_error(errmsg, errmsg_len, rc);
    goto end;
  }
+  snprint(tls_library_version, TLS_VERSION_LENGTH - 1, "GnuTLS %s",
+          gnutls_check_version(NULL));
  ma_tls_initialized= TRUE;
 end:
  pthread_mutex_unlock(&LOCK_gnutls_config);
--- a/libmariadb/secure/openssl.c
+++ b/libmariadb/secure/openssl.c
@@ -26,6 +26,7 @@
 #include <mysql/client_plugin.h>
 #include <string.h>
 #include <openssl/ssl.h> /* SSL and SSL_CTX */
+#include <openssl/crypto.h> /* for OpenSSL_version */
 #include <openssl/err.h> /* error reporting */
 #include <openssl/conf.h>
 #include <openssl/md4.h>
@@ -60,7 +61,7 @@ extern my_bool ma_tls_initialized;
 extern unsigned int mariadb_deinitialize_ssl;

 #define MAX_SSL_ERR_LEN 100
-
+char tls_library_version[TLS_VERSION_LENGTH];
 static pthread_mutex_t LOCK_openssl_config;
 #ifndef HAVE_OPENSSL_1_1_API
 static pthread_mutex_t *LOCK_crypto= NULL;
@@ -319,6 +320,13 @@ int ma_tls_start(char *errmsg __attribute__((unused)), size_t errmsg_len __attri
  ma_BIO_method.bwrite= ma_bio_write;
 #endif
  rc= 0;
+  snprintf(tls_library_version, TLS_VERSION_LENGTH - 1, "%s",
+#if defined(LIBRESSL_VERSION_NUMBER) || !defined(HAVE_OPENSSL_1_1_API)
+           SSLeay_version(SSLEAY_VERSION));
+#else
+           OpenSSL_version(OPENSSL_VERSION));
+#endif
+
  ma_tls_initialized= TRUE;
 end:
  pthread_mutex_unlock(&LOCK_openssl_config);
--- a/libmariadb/secure/schannel.c
+++ b/libmariadb/secure/schannel.c
@@ -21,8 +21,8 @@

 #pragma comment (lib, "crypt32.lib")
 #pragma comment (lib, "secur32.lib")
+#pragma comment (lib, "version.lib")

-//#define VOID void

 extern my_bool ma_tls_initialized;

@@ -31,6 +31,8 @@ extern my_bool ma_tls_initialized;
 #define PROT_TLS1_2 4
 #define PROT_TLS1_3 8

+char tls_library_version[TLS_VERSION_LENGTH];
+
 static struct
 {
  DWORD cipher_id;
@@ -161,7 +163,6 @@ cipher_map[] =
 #define MAX_ALG_ID 50

 void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo);
-void ma_schannel_set_win_error(MYSQL *mysql);

 /*
  Initializes SSL and allocate global
@@ -176,7 +177,31 @@ void ma_schannel_set_win_error(MYSQL *mysql);
 */
 int ma_tls_start(char *errmsg, size_t errmsg_len)
 {
+  DWORD size;
+  DWORD handle;

+  if ((size= GetFileVersionInfoSize("schannel.dll", &handle)))
+  {
+    LPBYTE VersionInfo;
+    if ((VersionInfo = (LPBYTE)malloc(size)))
+    {
+      unsigned int len;
+      VS_FIXEDFILEINFO *fileinfo;
+
+      GetFileVersionInfo("schannel.dll", 0, size, VersionInfo);
+      VerQueryValue(VersionInfo, "\\", (LPVOID *)&fileinfo, &len);
+      snprintf(tls_library_version, TLS_VERSION_LENGTH - 1, "Schannel %d.%d.%d.%d\n",
+        HIWORD(fileinfo->dwFileVersionMS),
+        LOWORD(fileinfo->dwFileVersionMS),
+        HIWORD(fileinfo->dwFileVersionLS),
+        LOWORD(fileinfo->dwFileVersionLS));
+      free(VersionInfo);
+      goto end;
+    }
+  }
+  /* this shouldn't happen anyway */
+  strcpy(tls_library_version, "Schannel 0.0.0.0");
+end:
  ma_tls_initialized = TRUE;
  return 0;
 }