diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2022-05-23 12:43:22 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2022-07-28 17:18:39 +0200 |
| commit | ce9385b73cd8f12186ee683ad7f1fc284de11ffe (patch) | |
| tree | 13fb669b4a86e7f1673d04a4b0a690513eebd7f5 | |
| parent | 4ce6e78059c1a91765c91afa5330737bd7568d0a (diff) | |
| download | mariadb-git-ce9385b73cd8f12186ee683ad7f1fc284de11ffe.tar.gz | |
MDEV-27105 --ssl option set as default for mariadb CLI
but without server cert verification
| -rw-r--r-- | client/mysqltest.cc | 8 | ||||
| -rw-r--r-- | include/sslopt-longopts.h | 2 | ||||
| -rw-r--r-- | include/sslopt-vars.h | 2 | ||||
| -rw-r--r-- | mysql-test/main/openssl_1.test | 2 | ||||
| -rw-r--r-- | mysql-test/main/ssl_7937,nossl.result | 6 | ||||
| -rw-r--r-- | mysql-test/main/ssl_7937.result | 6 | ||||
| -rw-r--r-- | mysql-test/main/ssl_7937.test | 6 |
7 files changed, 21 insertions, 11 deletions
diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 7d807e00c1d..03cf635fd3d 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -6118,12 +6118,8 @@ void do_connect(struct st_command *command) mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); mysql_options(con_slot->mysql, MARIADB_OPT_TLS_VERSION, opt_tls_version); -#if MYSQL_VERSION_ID >= 50000 - /* Turn on ssl_verify_server_cert only if host is "localhost" */ - opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost"); mysql_options(con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &opt_ssl_verify_server_cert); -#endif } #endif @@ -9849,12 +9845,8 @@ int main(int argc, char **argv) opt_ssl_capath, opt_ssl_cipher); mysql_options(con->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(con->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); -#if MYSQL_VERSION_ID >= 50000 - /* Turn on ssl_verify_server_cert only if host is "localhost" */ - opt_ssl_verify_server_cert= opt_host && !strcmp(opt_host, "localhost"); mysql_options(con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &opt_ssl_verify_server_cert); -#endif } #endif diff --git a/include/sslopt-longopts.h b/include/sslopt-longopts.h index d0278a1645d..b6983b2e718 100644 --- a/include/sslopt-longopts.h +++ b/include/sslopt-longopts.h @@ -21,7 +21,7 @@ {"ssl", OPT_SSL_SSL, "Enable SSL for connection (automatically enabled with other flags).", - &opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0}, + &opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 1, 0, 0, 0, 0, 0}, {"ssl-ca", OPT_SSL_CA, "CA file in PEM format (check OpenSSL docs, implies --ssl).", &opt_ssl_ca, &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG, diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index e28f19b919d..d263e5dbd90 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -22,7 +22,7 @@ #else #define SSL_STATIC static #endif -SSL_STATIC my_bool opt_use_ssl = 0; +SSL_STATIC my_bool opt_use_ssl = 1; SSL_STATIC char *opt_ssl_ca = 0; SSL_STATIC char *opt_ssl_capath = 0; SSL_STATIC char *opt_ssl_cert = 0; diff --git a/mysql-test/main/openssl_1.test b/mysql-test/main/openssl_1.test index fff65624b12..a85d1783ace 100644 --- a/mysql-test/main/openssl_1.test +++ b/mysql-test/main/openssl_1.test @@ -72,7 +72,7 @@ drop table t1; # Handle that openssl gives different error messages from YaSSL. --replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ --error 1 ---exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 --echo # diff --git a/mysql-test/main/ssl_7937,nossl.result b/mysql-test/main/ssl_7937,nossl.result index 72693233bc8..0842d2353e3 100644 --- a/mysql-test/main/ssl_7937,nossl.result +++ b/mysql-test/main/ssl_7937,nossl.result @@ -12,4 +12,10 @@ mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()" ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()" ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it +# +# MDEV-27105 --ssl option set as default for mariadb CLI +# +mysql -e "call test.have_ssl()" +have_ssl +no drop procedure have_ssl; diff --git a/mysql-test/main/ssl_7937.result b/mysql-test/main/ssl_7937.result index a94ca3b3529..fddefd383d6 100644 --- a/mysql-test/main/ssl_7937.result +++ b/mysql-test/main/ssl_7937.result @@ -13,4 +13,10 @@ have_ssl yes mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()" ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate +# +# MDEV-27105 --ssl option set as default for mariadb CLI +# +mysql -e "call test.have_ssl()" +have_ssl +yes drop procedure have_ssl; diff --git a/mysql-test/main/ssl_7937.test b/mysql-test/main/ssl_7937.test index 59c13107e01..72270c56aba 100644 --- a/mysql-test/main/ssl_7937.test +++ b/mysql-test/main/ssl_7937.test @@ -23,4 +23,10 @@ create procedure have_ssl() --echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()" --replace_regex /SSL connection error.*certificate[^\n]*/SSL connection error: Failed to verify the server certificate/ --exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1 + +--echo # +--echo # MDEV-27105 --ssl option set as default for mariadb CLI +--echo # +--echo mysql -e "call test.have_ssl()" +--exec $MYSQL -e "call test.have_ssl()" drop procedure have_ssl; |