4 Feb
2024
4 Feb
'24
1:36 a.m.
Module: kamailio
Branch: 5.7
Commit: ede2af94386b99a87311351fcbdd15280dc11034
URL: https://github.com/kamailio/kamailio/commit/ede2af94386b99a87311351fcbdd152…
Author: S-P Chan <shihping.chan(a)gmail.com>
Committer: S-P Chan <shihping.chan(a)gmail.com>
Date: 2024-02-04T08:12:52+08:00
db_mysql: backport - no TLS with MariaDB Connector/C
- GH #3735
- includes compilation and stretch fixes
- emulate SSL_MODE_XXX from MySQL
- opt_ssl_mode:
- 0|1(off)
- 2|3|4(MYSQL_OPT_SSL_ENFORCE)
- 5(MYSQL_OPT_SSL_VERIFY_SERVER_CERT)
---
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/ede2af94386b99a87311351fcbdd152…
Patch:
https://github.com/kamailio/kamailio/commit/ede2af94386b99a87311351fcbdd152…
---
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index d3f57108886..b4c4dca33b0 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -116,7 +116,36 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
(const void *)&db_mysql_timeout_interval);
mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT,
(const void *)&db_mysql_timeout_interval);
-#if MYSQL_VERSION_ID > 50710 && !defined(MARIADB_BASE_VERSION)
+
+#ifdef MARIADB_BASE_VERSION
+ /*
+ * emulate SSL_MODE_XXXX from MySQL
+ */
+
+ switch(db_mysql_opt_ssl_mode) {
+ case 0: /* opt_ssl_mode = 0(off) */
+ case 1: /* SSL_MODE_DISABLED */
+ break;
+ case 2: /* SSL_MODE_PREFERRED */
+ case 3: /* SSL_MODE_REQUIRED */
+ case 4: /* SSL_MODE_VERIFY_CA */
+#if MYSQL_VERSION_ID >= 100339
+ mysql_options(ptr->con, MYSQL_OPT_SSL_ENFORCE, (void *)&(int){1});
+#else
+ LM_WARN("ssl mode not supported by %s\n", MARIADB_BASE_VERSION);
+#endif
+ break;
+ case 5: /* SSL_MODE_VERIFY_IDENTITY */
+ mysql_options(ptr->con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+ (void *)&(int){1});
+ break;
+ default:
+ LM_WARN("opt_ssl_mode = %d not supported by MariaDB Connector/C\n",
+ db_mysql_opt_ssl_mode);
+ break;
+ }
+#else
+#if MYSQL_VERSION_ID > 50710
if(db_mysql_opt_ssl_mode != 0) {
unsigned int optuint = 0;
if(db_mysql_opt_ssl_mode == 1) {
@@ -136,7 +165,8 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
"ignoring\n",
(unsigned int)db_mysql_opt_ssl_mode);
}
-#endif
+#endif /* MYSQL_VERSION_ID */
+#endif /* MARIADB_BASE_VERSION */
#if MYSQL_VERSION_ID > 50012
/* set reconnect flag if enabled */
301
days inactive
301
days old
0 comments
1 participants
participants (1)
-
S-P Chan