database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Remove CLIENT_SSL_VERIFY_SERVER_CERT

Browse Source 
Since TLS server certificate verification is a client
only option, this flag is removed in both client (C/C)
and MariaDB server capability flags.

This patch reverts commit 89d759b93e
(MySQL Bug #21543) and stores the server certificate validation
option in mysql->options.extensions.
This commit is contained in:
Georg Richter
2023-07-23 18:58:26 +02:00
parent 73c9415e6a
commit 8b01c2962b
4 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
sql-common/client.c
View File

@ -2093,7 +2093,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
If the server does not support ssl, we abort the connection.
*/
if (mysql->options.use_ssl &&
(mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
(mysql->options.extension && mysql->options.extension->tls_verify_server_cert) &&
!(mysql->server_capabilities & CLIENT_SSL))
{
set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
@ -2163,7 +2163,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
DBUG_PRINT("info", ("IO layer change done!"));
/* Verify server cert */
if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
if ((mysql->options.extension && mysql->options.extension->tls_verify_server_cert) &&
ssl_verify_server_cert(net->vio, mysql->host, &cert_error))
{
set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
@ -3847,10 +3847,12 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const void *arg)
mysql->options.use_thread_specific_memory= *(my_bool *) arg;
break;
case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
if (*(my_bool*) arg)
mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
else
mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
if (!mysql->options.extension)
mysql->options.extension= (struct st_mysql_options_extention *)
my_malloc(sizeof(struct st_mysql_options_extention),
MYF(MY_WME | MY_ZEROFILL));
if (mysql->options.extension)
mysql->options.extension->tls_verify_server_cert= *(my_bool*) arg;
break;
case MYSQL_PLUGIN_DIR:
EXTENSION_SET_STRING(&mysql->options, plugin_dir, arg);