database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-07 02:42:49 +03:00
Code Activity

CONC-394: Some TLS related options are not settable in configuration file

Browse Source 
The following options are now supported in configuration files:
* ssl_enforce (bool)
* ssl_crl (string)
* ssl_crlpath (string)
This commit is contained in:
Georg Richter
2019-04-06 11:42:24 +02:00
parent a8bec1c68a
commit ad385b954a
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libmariadb/mariadb_lib.c
View File

@@ -621,6 +621,8 @@ struct st_default_options mariadb_defaults[] =
{MYSQL_OPT_SSL_CERT, MARIADB_OPTION_STR,"ssl-cert"}, {MYSQL_OPT_SSL_CERT, MARIADB_OPTION_STR,"ssl-cert"},
{MYSQL_OPT_SSL_CA, MARIADB_OPTION_STR,"ssl-ca"}, {MYSQL_OPT_SSL_CA, MARIADB_OPTION_STR,"ssl-ca"},
{MYSQL_OPT_SSL_CAPATH, MARIADB_OPTION_STR,"ssl-capath"}, {MYSQL_OPT_SSL_CAPATH, MARIADB_OPTION_STR,"ssl-capath"},
{MYSQL_OPT_SSL_CRL, MARIADB_OPTION_STR,"ssl-crl"},
{MYSQL_OPT_SSL_CRLPATH, MARIADB_OPTION_STR,"ssl-crlpath"},
{MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MARIADB_OPTION_BOOL,"ssl-verify-server-cert"}, {MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MARIADB_OPTION_BOOL,"ssl-verify-server-cert"},
{MYSQL_SET_CHARSET_DIR, MARIADB_OPTION_STR, "character-sets-dir"}, {MYSQL_SET_CHARSET_DIR, MARIADB_OPTION_STR, "character-sets-dir"},
{MYSQL_SET_CHARSET_NAME, MARIADB_OPTION_STR, "default-character-set"}, {MYSQL_SET_CHARSET_NAME, MARIADB_OPTION_STR, "default-character-set"},
@@ -648,6 +650,7 @@ struct st_default_options mariadb_defaults[] =
{MARIADB_OPT_TLS_VERSION, MARIADB_OPTION_STR, "tls_version"}, {MARIADB_OPT_TLS_VERSION, MARIADB_OPTION_STR, "tls_version"},
{MYSQL_SERVER_PUBLIC_KEY, MARIADB_OPTION_STR, "server_public_key"}, {MYSQL_SERVER_PUBLIC_KEY, MARIADB_OPTION_STR, "server_public_key"},
{MYSQL_OPT_BIND, MARIADB_OPTION_STR, "bind-address"}, {MYSQL_OPT_BIND, MARIADB_OPTION_STR, "bind-address"},
{MYSQL_OPT_SSL_ENFORCE, MARIADB_OPTION_BOOL, "ssl-enforce"},
{0, 0, NULL} {0, 0, NULL}
}; };

43
unittest/libmariadb/misc.c
View File

@@ -1385,7 +1385,50 @@ static int test_conc395(MYSQL *unused __attribute__((unused)))
} }
#endif #endif
static int test_sslenforce(MYSQL *unused __attribute__((unused)))
{
MYSQL *mysql;
FILE *fp= NULL;
const char *env= getenv("MYSQL_TMP_DIR");
char cnf_file1[FN_REFLEN + 1];
if (travis_test)
return SKIP;
if (!env)
env= "/tmp";
setenv("HOME", env, 1);
snprintf(cnf_file1, FN_REFLEN, "%s%c.my.cnf", env, FN_LIBCHAR);
if (travis_test)
return SKIP;
FAIL_IF(!access(cnf_file1, R_OK), "access");
mysql= mysql_init(NULL);
fp= fopen(cnf_file1, "w");
FAIL_IF(!fp, "fopen");
/* Mix dash and underscore */
fprintf(fp, "[client]\nssl_enforce=1\n");
fclose(fp);
mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
my_test_connect(mysql, hostname, username, password,
schema, 0, socketname, 0);
remove(cnf_file1);
FAIL_IF(!mysql_get_ssl_cipher(mysql), "no secure connection");
mysql_close(mysql);
return OK;
}
struct my_tests_st my_tests[] = { struct my_tests_st my_tests[] = {
{"test_sslenforce", test_sslenforce, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_conc384", test_conc384, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_conc384", test_conc384, TEST_CONNECTION_NONE, 0, NULL, NULL},
#ifndef _WIN32 #ifndef _WIN32
{"test_mdev12965", test_mdev12965, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_mdev12965", test_mdev12965, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},