database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-07 02:42:49 +03:00
Code Activity

CONC-747: Change behaviour of MARIADB_TLS_DISABLE_PEER_VERIFICATION

Browse Source 
Instead of skipping the verification during handshake,
tls_allow_invalid_server_certificate will be unset during
initialization of the connection handle if environment varible
MARIADB_TLS_DISABLE_PEER_VERIFICATION was set.

This will allow drivers and applications which don't have an API
option to enable/disable peer server certificate verification
to start without TLS/SSL.
This commit is contained in:
Georg Richter
2024-12-02 17:05:58 +01:00
parent f64d977210
commit 9541bd0e90
3 changed files with 3 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libmariadb/mariadb_lib.c
View File

@@ -715,7 +715,8 @@ struct st_default_options mariadb_defaults[] =
};
#ifdef DEFAULT_SSL_VERIFY_SERVER_CERT
#define FIX_SSL_VERIFY_SERVER_CERT(OPTS)
#define FIX_SSL_VERIFY_SERVER_CERT(OPTS)\
(OPTS)->extension->tls_allow_invalid_server_cert= (getenv("MARIADB_TLS_DISABLE_PEER_VERIFICATION") != NULL)
#else
#define FIX_SSL_VERIFY_SERVER_CERT(OPTS) (OPTS)->extension->tls_allow_invalid_server_cert=1
#endif