database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

MDEV-31855 SSL cert validation protocol extension

Browse Source 
* extend the client auth plugin API with a new callback
* relax the plugin version check to allow load a plugin with the
  same major version, even if the minor versions differ
* implement the protocol extension:
  - don't abort at once if the certificate is self signed and
    no CA was explicitly specified
  - allow it if it passes fingerprint check
  - allow it if plugin has hash_password_bin callback, password was
    non-empty and the control hash matches server's
This commit is contained in:
Sergei Golubchik
2023-08-20 14:41:03 +02:00
parent 50f65db279
commit a99570c118
18 changed files with 144 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libmariadb/mariadb_lib.c
View File

@@ -1440,6 +1440,8 @@ mysql_real_connect(MYSQL *mysql, const char *host, const char *user,
if (!mysql->options.extension || !mysql->options.extension->status_callback)
mysql_optionsv(mysql, MARIADB_OPT_STATUS_CALLBACK, NULL, NULL);
reset_tls_self_signed_error(mysql);
/* if host contains a semicolon, we need to parse connection string */
if (host && strchr(host, ';'))
{
@@ -2444,6 +2446,7 @@ mysql_close(MYSQL *mysql)
mysql_close_memory(mysql);
mysql_close_options(mysql);
ma_clear_session_state(mysql);
reset_tls_self_signed_error(mysql);
if (mysql->net.extension)
{