git:master:ea81e6cb: db_mysql: new module param opt_ssl_ca to configure CA certs - sr-dev

14 Feb 2024

Module: kamailio
Branch: master
Commit: ea81e6cb8b2b2d896de7a07ce191876f9f182673
URL: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f...
Author: S-P Chan shihping.chan@gmail.com
Committer: S-P Chan shihping.chan@gmail.com
Date: 2024-02-14T15:08:56+08:00
db_mysql: new module param opt_ssl_ca to configure CA certs
ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection():
driver error: SSL connection error: CA certificate is required
if ssl-mode is VERIFY_CA or VERIFY_IDENTITY
When opt_ssl_mode = 4 | 5 libmysqclient
requires that the trusted CAs be configured.
Fixed with:
mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_mode)
Note: libmariadb3  doesn't require this setting
and uses the system trust store.
---
Modified: src/modules/db_mysql/db_mysql.c
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:  https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f...
Patch: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f...
---

diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
index 1a698329bac..9a7aa8673b5 100644
--- a/src/modules/db_mysql/db_mysql.c
+++ b/src/modules/db_mysql/db_mysql.c
@@ -47,6 +47,7 @@ unsigned int my_server_timezone =
 unsigned long my_client_ver = 0;
 int db_mysql_unsigned_type = 0;
 int db_mysql_opt_ssl_mode = 0;
+char *db_mysql_opt_ssl_ca = NULL;
struct mysql_counters_h mysql_cnts_h;
 counter_def_t mysql_cnt_defs[] = {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
    	{"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed},
    	{"update_affected_found", INT_PARAM, &db_mysql_update_affected_found},
    	{"unsigned_type", PARAM_INT, &db_mysql_unsigned_type},
+		{"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca},
    	{"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}};
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index b4c4dca33b0..226d724f1ae 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -41,6 +41,7 @@
 #include "db_mysql.h"
extern int db_mysql_opt_ssl_mode;
+extern char *db_mysql_opt_ssl_ca;
/*! \brief
  * Create a new connection structure,
@@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
    }
 #endif /* MYSQL_VERSION_ID */
 #endif /* MARIADB_BASE_VERSION */
+	if(db_mysql_opt_ssl_ca)
+		mysql_options(
+				ptr->con, MYSQL_OPT_SSL_CA, (const void *)db_mysql_opt_ssl_ca);
#if MYSQL_VERSION_ID > 50012
    /* set reconnect flag if enabled */

    