diff options
| author | Ramil Kalimullin <ramil.kalimullin@oracle.com> | 2017-03-10 01:19:50 +0400 |
|---|---|---|
| committer | Gipson Pulla <gipson.pulla@oracle.com> | 2017-03-10 14:11:26 +0530 |
| commit | 060b1eadf4913f7066484ea34ec62feead1bca44 (patch) | |
| tree | 50788eb0f7e19ad589bdaa83fc3c721b59e9bf4f /include | |
| parent | 19150f7e7ac6e47e67b82c675f13ef1e550d429d (diff) | |
| download | mariadb-git-060b1eadf4913f7066484ea34ec62feead1bca44.tar.gz | |
BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION
MYSQL_OPT_SSL_MODE option introduced.
It is set in case of --ssl-mode=REQUIRED and permits only SSL connection.
(cherry picked from commit 3b2d28578c526f347f5cfe763681eff365731f99)
Diffstat (limited to 'include')
| -rw-r--r-- | include/mysql.h | 9 | ||||
| -rw-r--r-- | include/mysql.h.pp | 6 | ||||
| -rw-r--r-- | include/sql_common.h | 3 | ||||
| -rw-r--r-- | include/sslopt-case.h | 4 | ||||
| -rw-r--r-- | include/sslopt-vars.h | 6 |
5 files changed, 19 insertions, 9 deletions
diff --git a/include/mysql.h b/include/mysql.h index da29cb342cc..7ebf2f725a2 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -167,7 +167,7 @@ enum mysql_option MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH, - MYSQL_ENABLE_CLEARTEXT_PLUGIN + MYSQL_ENABLE_CLEARTEXT_PLUGIN, MYSQL_OPT_SSL_MODE }; /** @@ -224,6 +224,11 @@ enum mysql_protocol_type MYSQL_PROTOCOL_PIPE, MYSQL_PROTOCOL_MEMORY }; +enum mysql_ssl_mode +{ + SSL_MODE_REQUIRED= 3 +}; + typedef struct character_set { unsigned int number; /* character set number */ diff --git a/include/mysql.h.pp b/include/mysql.h.pp index c2c5ba35044..0f292d921ee 100644 --- a/include/mysql.h.pp +++ b/include/mysql.h.pp @@ -263,7 +263,7 @@ enum mysql_option MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH, - MYSQL_ENABLE_CLEARTEXT_PLUGIN + MYSQL_ENABLE_CLEARTEXT_PLUGIN, MYSQL_OPT_SSL_MODE }; struct st_mysql_options_extention; struct st_mysql_options { @@ -307,6 +307,10 @@ enum mysql_protocol_type MYSQL_PROTOCOL_DEFAULT, MYSQL_PROTOCOL_TCP, MYSQL_PROTOCOL_SOCKET, MYSQL_PROTOCOL_PIPE, MYSQL_PROTOCOL_MEMORY }; +enum mysql_ssl_mode +{ + SSL_MODE_REQUIRED= 3 +}; typedef struct character_set { unsigned int number; diff --git a/include/sql_common.h b/include/sql_common.h index a2ea3ac45e7..05bbb5a4f53 100644 --- a/include/sql_common.h +++ b/include/sql_common.h @@ -1,7 +1,7 @@ #ifndef SQL_COMMON_INCLUDED #define SQL_COMMON_INCLUDED -/* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,6 +32,7 @@ struct st_mysql_options_extention { char *plugin_dir; char *default_auth; my_bool enable_cleartext_plugin; + unsigned int ssl_mode; }; typedef struct st_mysql_methods diff --git a/include/sslopt-case.h b/include/sslopt-case.h index 57702b3b352..0fddafc4fa9 100644 --- a/include/sslopt-case.h +++ b/include/sslopt-case.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_CASE_INCLUDED #define SSLOPT_CASE_INCLUDED -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -38,7 +38,7 @@ exit(1); } else - opt_ssl_required= 1; + opt_ssl_mode= SSL_MODE_REQUIRED; break; #endif /* MYSQL_CLIENT */ #endif diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index 6c9bd4296ef..a037538f693 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_VARS_INCLUDED #define SSLOPT_VARS_INCLUDED -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,11 +31,11 @@ SSL_STATIC char *opt_ssl_key = 0; #ifdef MYSQL_CLIENT SSL_STATIC my_bool opt_ssl_verify_server_cert= 0; -SSL_STATIC my_bool opt_ssl_required= 0; +SSL_STATIC uint opt_ssl_mode= 0; #endif /* MYSQL_CLIENT */ #else /* HAVE_OPENSSL */ -#define opt_ssl_required 0 +#define opt_ssl_mode 0 #endif /* HAVE_OPENSSL */ #endif /* SSLOPT_VARS_INCLUDED */ |