From 82983a30f4c9c9fb7b69bded64b6fc873be1b2f1 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <vuvova@gmail.com>
Date: Wed, 14 Feb 2024 01:21:52 +0100
Subject: [PATCH] make DEFAULT_SSL_VERIFY_SERVER_CERT a cmake option

---
 CMakeLists.txt           |  4 +++-
 include/ma_config.h.in   |  1 +
 libmariadb/mariadb_lib.c | 14 +++++++++++++-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 96a07911..a3bea923 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -25,7 +25,8 @@ get_directory_property(IS_SUBPROJECT PARENT_DIRECTORY)
 SET_PROPERTY(DIRECTORY PROPERTY INCLUDE_DIRECTORIES)
 FOREACH(V WITH_MYSQLCOMPAT WITH_MSI WITH_SIGNCODE WITH_RTC WITH_UNIT_TESTS
     WITH_DYNCOL WITH_EXTERNAL_ZLIB WITH_CURL WITH_SQLITE WITH_SSL WITH_ICONV
-    DEFAULT_CHARSET INSTALL_LAYOUT WITH_TEST_SRCPKG)
+    DEFAULT_CHARSET INSTALL_LAYOUT WITH_TEST_SRCPKG
+    DEFAULT_SSL_VERIFY_SERVER_CERT)
   SET(${V} ${${OPT}${V}})
 ENDFOREACH()
 
@@ -65,6 +66,7 @@ ADD_OPTION(WITH_DYNCOL "Enables support of dynamic columns" ON)
 ADD_OPTION(WITH_EXTERNAL_ZLIB "Enables use of external zlib" OFF)
 ADD_OPTION(WITH_CURL "Enables use of curl" ON)
 ADD_OPTION(WITH_SSL "Enables use of TLS/SSL library" ON)
+ADD_OPTION(DEFAULT_SSL_VERIFY_SERVER_CERT "Default value for MYSQL_OPT_SSL_VERIFY_SERVER_CERT" ON)
 ###############
 
 INCLUDE(${CC_SOURCE_DIR}/cmake/misc.cmake)
diff --git a/include/ma_config.h.in b/include/ma_config.h.in
index c5c758dc..4cabfef3 100644
--- a/include/ma_config.h.in
+++ b/include/ma_config.h.in
@@ -148,3 +148,4 @@
 
 #define MARIADB_DEFAULT_CHARSET "@DEFAULT_CHARSET@"
 
+#cmakedefine DEFAULT_SSL_VERIFY_SERVER_CERT 1
diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
index dd6587a7..e59fee6f 100644
--- a/libmariadb/mariadb_lib.c
+++ b/libmariadb/mariadb_lib.c
@@ -713,10 +713,19 @@ struct st_default_options mariadb_defaults[] =
   {{0}, 0, NULL}
 };
 
+#ifdef DEFAULT_SSL_VERIFY_SERVER_CERT
+#define FIX_SSL_VERIFY_SERVER_CERT(OPTS)
+#else
+#define FIX_SSL_VERIFY_SERVER_CERT(OPTS) (OPTS)->extension->tls_allow_invalid_server_cert=1
+#endif
+
 #define CHECK_OPT_EXTENSION_SET(OPTS)\
     if (!(OPTS)->extension)                                     \
+    {                                                           \
       (OPTS)->extension= (struct st_mysql_options_extension *)  \
-        calloc(1, sizeof(struct st_mysql_options_extension));
+        calloc(1, sizeof(struct st_mysql_options_extension));   \
+      FIX_SSL_VERIFY_SERVER_CERT(OPTS);                         \
+    }
 
 #define OPT_SET_EXTENDED_VALUE_BIN(OPTS, KEY, KEY_LEN, VAL, LEN)\
     CHECK_OPT_EXTENSION_SET(OPTS)                                \
@@ -3522,6 +3531,7 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...)
       goto end;
     }
     if (!mysql->options.extension)
+    {
       if(!(mysql->options.extension= (struct st_mysql_options_extension *)
         calloc(1, sizeof(struct st_mysql_options_extension))))
       {
@@ -3529,6 +3539,8 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...)
         SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
         goto end;
       }
+      FIX_SSL_VERIFY_SERVER_CERT(&mysql->options);
+    }
     mysql->options.extension->async_context= ctxt;
     break;
   case MYSQL_OPT_MAX_ALLOWED_PACKET: