database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Remove CLIENT_SSL_VERIFY_SERVER_CERT

Browse Source 
Since TLS server certificate verification is a client
only option, this flag is removed in both client (C/C)
and MariaDB server capability flags.

This patch reverts commit 89d759b93e
(MySQL Bug #21543) and stores the server certificate validation
option in mysql->options.extensions.
This commit is contained in:
Georg Richter
2023-07-23 18:58:26 +02:00
parent 73c9415e6a
commit 8b01c2962b
4 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/mysql_com.h
View File

@ -275,7 +275,7 @@ enum enum_indicator_type
#define CLIENT_DEPRECATE_EOF (1ULL << 24)
#define CLIENT_PROGRESS_OBSOLETE (1ULL << 29)
#define CLIENT_SSL_VERIFY_SERVER_CERT (1ULL << 30)
#define CLIENT_SSL_VERIFY_SERVER_CERT_OBSOLETE (1ULL << 30)
/*
It used to be that if mysql_real_connect() failed, it would delete any
options set by the client, unless the CLIENT_REMEMBER_OPTIONS flag was
@ -326,7 +326,6 @@ enum enum_indicator_type
CLIENT_MULTI_STATEMENTS | \
CLIENT_MULTI_RESULTS | \
CLIENT_PS_MULTI_RESULTS | \
CLIENT_SSL_VERIFY_SERVER_CERT | \
CLIENT_REMEMBER_OPTIONS | \
MARIADB_CLIENT_PROGRESS | \
CLIENT_PLUGIN_AUTH | \
@ -343,9 +342,8 @@ enum enum_indicator_type
If any of the optional flags is supported by the build it will be switched
on before sending to the client during the connection handshake.
*/
#define CLIENT_BASIC_FLAGS (((CLIENT_ALL_FLAGS & ~CLIENT_SSL) \
& ~CLIENT_COMPRESS) \
& ~CLIENT_SSL_VERIFY_SERVER_CERT)
#define CLIENT_BASIC_FLAGS ((CLIENT_ALL_FLAGS & ~CLIENT_SSL) \
& ~CLIENT_COMPRESS)
/**
Is raised when a multi-statement transaction

1
include/sql_common.h
View File

@ -44,6 +44,7 @@ struct st_mysql_options_extention {
struct mysql_async_context *async_context;
HASH connection_attributes;
size_t connection_attributes_length;
my_bool tls_verify_server_cert;
};
typedef struct st_mysql_methods

14
sql-common/client.c
View File

@ -2093,7 +2093,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
If the server does not support ssl, we abort the connection.
*/
if (mysql->options.use_ssl &&
(mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
(mysql->options.extension && mysql->options.extension->tls_verify_server_cert) &&
!(mysql->server_capabilities & CLIENT_SSL))
{
set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
@ -2163,7 +2163,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
DBUG_PRINT("info", ("IO layer change done!"));
/* Verify server cert */
if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
if ((mysql->options.extension && mysql->options.extension->tls_verify_server_cert) &&
ssl_verify_server_cert(net->vio, mysql->host, &cert_error))
{
set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
@ -3847,10 +3847,12 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const void *arg)
mysql->options.use_thread_specific_memory= *(my_bool *) arg;
break;
case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
if (*(my_bool*) arg)
mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
else
mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
if (!mysql->options.extension)
mysql->options.extension= (struct st_mysql_options_extention *)
my_malloc(sizeof(struct st_mysql_options_extention),
MYF(MY_WME | MY_ZEROFILL));
if (mysql->options.extension)
mysql->options.extension->tls_verify_server_cert= *(my_bool*) arg;
break;
case MYSQL_PLUGIN_DIR:
EXTENSION_SET_STRING(&mysql->options, plugin_dir, arg);

1
sql/sql_acl.cc
View File

@ -12759,7 +12759,6 @@ static bool send_server_handshake_packet(MPVIO_EXT *mpvio,
if (ssl_acceptor_fd)
{
thd->client_capabilities |= CLIENT_SSL;
thd->client_capabilities |= CLIENT_SSL_VERIFY_SERVER_CERT;
}
if (data_len)