git:master:d772b4c2: db_mysql: enable TLS when building with mariadb-connector-c - sr-dev

30 Jan 2024

Module: kamailio
Branch: master
Commit: d772b4c24a3a4995b93287ccf8eac9b80d1a5bac
URL: https://github.com/kamailio/kamailio/commit/d772b4c24a3a4995b93287ccf8eac9b8...
Author: S-P Chan shihping.chan@gmail.com
Committer: Victor Seva linuxmaniac@torreviejawireless.org
Date: 2024-01-30T14:28:26+01:00
db_mysql: enable TLS when building with mariadb-connector-c
- mariadb-connector-c requires at least one non-NULL configuration
  value to use TLS
- emulate MySQL SSL_MODE_XXXX options
---
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:  https://github.com/kamailio/kamailio/commit/d772b4c24a3a4995b93287ccf8eac9b8...
Patch: https://github.com/kamailio/kamailio/commit/d772b4c24a3a4995b93287ccf8eac9b8...
---

diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index d3f57108886..b415ff87655 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -116,7 +116,32 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
    		(const void *)&db_mysql_timeout_interval);
    mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT,
    		(const void *)&db_mysql_timeout_interval);
-#if MYSQL_VERSION_ID > 50710 && !defined(MARIADB_BASE_VERSION)
+
+#ifdef MARIADB_BASE_VERSION
+	/*
+	 * emulate SSL_MODE_XXXX from MySQL
+	 */
+
+	switch(db_mysql_opt_ssl_mode) {
+		case 0: /* opt_ssl_mode = 0(off) */
+		case 1: /* SSL_MODE_DISABLED */
+			break;
+		case 2: /* SSL_MODE_PREFERRED */
+		case 3: /* SSL_MODE_REQUIRED */
+		case 4: /* SSL_MODE_VERIFY_CA */
+			mysql_optionsv(ptr->con, MYSQL_OPT_SSL_ENFORCE, (void *)&(int){1});
+			break;
+		case 5: /* SSL_MODE_VERIFY_IDENTITY */
+			mysql_optionsv(ptr->con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+					(void *)&(int){1});
+			break;
+		default:
+			LM_WARN("opt_ssl_mode = %d not supported by MariaDB Connector/C\n",
+					db_mysql_opt_ssl_mode);
+			break;
+	}
+#else
+#ifdef MYSQL_VERSION_ID> 50710
    if(db_mysql_opt_ssl_mode != 0) {
    	unsigned int optuint = 0;
    	if(db_mysql_opt_ssl_mode == 1) {
@@ -136,7 +161,8 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
    			"ignoring\n",
    			(unsigned int)db_mysql_opt_ssl_mode);
    }
-#endif
+#endif /* MYSQL_VERSION_ID */
+#endif /* MARIADB_BASE_VERSION */
#if MYSQL_VERSION_ID > 50012
    /* set reconnect flag if enabled */

    