git:master:260e25e1: db_mysql: new parameter opt_ssl_mode - allow controling ssl mode - sr-dev

14 Jun 2020

Module: kamailio
Branch: master
Commit: 260e25e15c4aa68533ee560bd8fcbdd5ee7b7d6f
URL: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd5...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2020-06-14T11:18:15+02:00
db_mysql: new parameter opt_ssl_mode - allow controling ssl mode
- can disable or enforce use of ssl
- some combinations of libmysqlclient and libssl1.1 can result in
crashing when ssl/tls is used, even on 127.0.0.1, this param can be used
to disable it
---
Modified: src/modules/db_mysql/db_mysql.c
Modified: src/modules/db_mysql/km_my_con.c
Modified: src/modules/db_mysql/my_con.c
---
Diff:  https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd5...
Patch: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd5...
---

diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
index da130f1818..397372f5ac 100644
--- a/src/modules/db_mysql/db_mysql.c
+++ b/src/modules/db_mysql/db_mysql.c
@@ -45,6 +45,7 @@ unsigned int my_server_timezone = 0; /* Use FROM_UNIXTIME() for date conversion
unsigned long my_client_ver = 0;
 int db_mysql_unsigned_type = 0;
+int db_mysql_opt_ssl_mode = 0;
struct mysql_counters_h mysql_cnts_h;
 counter_def_t mysql_cnt_defs[] =  {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
    {"insert_delayed",   INT_PARAM, &db_mysql_insert_all_delayed},
    {"update_affected_found", INT_PARAM, &db_mysql_update_affected_found},
    {"unsigned_type",    PARAM_INT, &db_mysql_unsigned_type},
+	{"opt_ssl_mode",     PARAM_INT, &db_mysql_opt_ssl_mode},
    {0, 0, 0}
 };
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index bed21f92a7..324e707e5b 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -40,6 +40,8 @@
 #include "../../core/ut.h"
 #include "db_mysql.h"
+extern int db_mysql_opt_ssl_mode;
+
 /*! \brief
  * Create a new connection structure,
  * open the MySQL connection and set reference count to 1
@@ -49,6 +51,8 @@ struct my_con* db_mysql_new_connection(const struct db_id* id)
    struct my_con* ptr;
    char *host, *grp, *egrp;
    unsigned int connection_flag = 0;
+	unsigned int optuint = 0;
+
 #if MYSQL_VERSION_ID > 50012
 #if MYSQL_VERSION_ID > 80000 && ! defined MARIADB_BASE_VERSION
    bool rec;
@@ -112,6 +116,20 @@ struct my_con* db_mysql_new_connection(const struct db_id* id)
    mysql_options(ptr->con, MYSQL_OPT_CONNECT_TIMEOUT, (const void*)&db_mysql_timeout_interval);
    mysql_options(ptr->con, MYSQL_OPT_READ_TIMEOUT, (const void*)&db_mysql_timeout_interval);
    mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, (const void*)&db_mysql_timeout_interval);
+#if MYSQL_VERSION_ID > 50710
+	if(db_mysql_opt_ssl_mode!=0) {
+		if(db_mysql_opt_ssl_mode==1) {
+			if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) {
+				LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n",
+						SSL_MODE_DISABLED);
+			}
+			optuint = SSL_MODE_DISABLED;
+		} else {
+			optuint = (unsigned int)db_mysql_opt_ssl_mode;
+		}
+		mysql_options(ptr->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint);
+	}
+#endif
 #if MYSQL_VERSION_ID > 50012
    /* set reconnect flag if enabled */
    if (db_mysql_auto_reconnect) {
diff --git a/src/modules/db_mysql/my_con.c b/src/modules/db_mysql/my_con.c
index f64a90f0aa..349595ee8f 100644
--- a/src/modules/db_mysql/my_con.c
+++ b/src/modules/db_mysql/my_con.c
@@ -31,6 +31,7 @@
 #include <string.h>
 #include <time.h>
+extern int db_mysql_opt_ssl_mode;
/*
  * Close the connection and release memory
@@ -54,6 +55,7 @@ int my_con_connect(db_con_t* con)
 {
    struct my_con* mcon;
    struct my_uri* muri;
+	unsigned int optuint = 0;
mcon = DB_GET_PAYLOAD(con);
    muri = DB_GET_PAYLOAD(con->uri);
@@ -70,6 +72,20 @@ int my_con_connect(db_con_t* con)
    				(const void*)&my_connect_to))
    		WARN("failed to set MYSQL_OPT_CONNECT_TIMEOUT\n");
    }
+#if MYSQL_VERSION_ID > 50710
+	if(db_mysql_opt_ssl_mode!=0) {
+		if(db_mysql_opt_ssl_mode==1) {
+			if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) {
+				LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n",
+						SSL_MODE_DISABLED);
+			}
+			optuint = SSL_MODE_DISABLED;
+		} else {
+			optuint = (unsigned int)db_mysql_opt_ssl_mode;
+		}
+		mysql_options(mcon->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint);
+	}
+#endif
#if MYSQL_VERSION_ID >= 40101
    if ((my_client_ver >= 50025) ||

    