diff options
| author | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2022-10-19 02:51:01 +0200 |
|---|---|---|
| committer | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2022-11-22 14:07:39 +0100 |
| commit | f0820400ee427f1398034c6881c803e42cfd249e (patch) | |
| tree | 08490b376feb0bd63813a77bd4421e03b738dbe8 | |
| parent | 71c93fb8fd894e39b81b801a67ccb9de535b6ce8 (diff) | |
| download | mariadb-git-f0820400ee427f1398034c6881c803e42cfd249e.tar.gz | |
MDEV-29817: Issues with handling options for SSL CRLs (and some others)
This patch adds the correct setting of the "--ssl-verify-server-cert"
option in the client-side utilities such as mysqlcheck and mysqlslap,
as well as the correct setting of the "--ssl-crl" option when executing
queries on the slave side, and also add the correct option codes in
the "sslopts-logopts.h" file (in the latter case, incorrect values
are not a problem right now, but may cause subtle test failures in
the future, if the option handling code changes).
| -rw-r--r-- | client/mysqlcheck.c | 2 | ||||
| -rw-r--r-- | client/mysqlslap.c | 2 | ||||
| -rw-r--r-- | include/sslopt-longopts.h | 4 | ||||
| -rw-r--r-- | sql/slave.cc | 6 |
4 files changed, 9 insertions, 5 deletions
diff --git a/client/mysqlcheck.c b/client/mysqlcheck.c index 090644e5cb0..37a76d5699b 100644 --- a/client/mysqlcheck.c +++ b/client/mysqlcheck.c @@ -1111,6 +1111,8 @@ static int dbConnect(char *host, char *user, char *passwd) mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } + mysql_options(&mysql_connection, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/client/mysqlslap.c b/client/mysqlslap.c index 6a41d595bff..f46c0d9c221 100644 --- a/client/mysqlslap.c +++ b/client/mysqlslap.c @@ -306,6 +306,8 @@ void set_mysql_connect_options(MYSQL *mysql) mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } + mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/include/sslopt-longopts.h b/include/sslopt-longopts.h index be64e7f6590..8268ca1ada5 100644 --- a/include/sslopt-longopts.h +++ b/include/sslopt-longopts.h @@ -39,10 +39,10 @@ {"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl).", &opt_ssl_key, &opt_ssl_key, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, - {"ssl-crl", OPT_SSL_KEY, "Certificate revocation list (implies --ssl).", + {"ssl-crl", OPT_SSL_CRL, "Certificate revocation list (implies --ssl).", &opt_ssl_crl, &opt_ssl_crl, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, - {"ssl-crlpath", OPT_SSL_KEY, + {"ssl-crlpath", OPT_SSL_CRLPATH, "Certificate revocation list path (implies --ssl).", &opt_ssl_crlpath, &opt_ssl_crlpath, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, diff --git a/sql/slave.cc b/sql/slave.cc index 60a62d71cf6..41e0e3c86eb 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -7210,9 +7210,9 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi, mi->ssl_ca[0]?mi->ssl_ca:0, mi->ssl_capath[0]?mi->ssl_capath:0, mi->ssl_cipher[0]?mi->ssl_cipher:0); - mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, - &mi->ssl_verify_server_cert); - mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, + mysql_options(mysql, MYSQL_OPT_SSL_CRL, + mi->ssl_crl[0] ? mi->ssl_crl : 0); + mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, mi->ssl_crlpath[0] ? mi->ssl_crlpath : 0); mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &mi->ssl_verify_server_cert); |