auth: gmysql backend, add an option to send the SSL capability flag to the server

author Kees Monshouwer <mind04@monshouwer.org>

Wed, 28 Aug 2019 10:07:02 +0000 (12:07 +0200)

committer mind04 <mind04@monshouwer.org>

Mon, 23 Sep 2019 14:06:32 +0000 (16:06 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Wed, 28 Aug 2019 10:07:02 +0000 (12:07 +0200)
committer mind04 <mind04@monshouwer.org>
Mon, 23 Sep 2019 14:06:32 +0000 (16:06 +0200)
diff --git a/docs/backends/generic-mysql.rst b/docs/backends/generic-mysql.rst

index 7dd9a7478a4c9d83a0adf70fa82aa04da26474bc..73aa0f54b3d58b348d3769f91416bcec03248003 100644 (file)
--- a/docs/backends/generic-mysql.rst
+++ b/docs/backends/generic-mysql.rst
@@ -124,6 +124,14 @@ Enable DNSSEC processing for this backend. Default: no.
  
  Use the InnoDB READ-COMMITTED transaction isolation level. Default: yes.
  
+.. _setting-gmysql-ssl:
+
+``gmysql-ssl``
+^^^^^^^^^^^^^^^^^^
+.. versionadded:: 4.2.1
+
+Send the CLIENT_SSL capabily flag to the server. SSL suppport is announced by the server via CLIENT_SSL and is enabled if the client returns the same capability. Default: no.
+
  .. _setting-gmysql-timeout:
  
  ``gmysql-timeout``
diff --git a/modules/gmysqlbackend/gmysqlbackend.cc b/modules/gmysqlbackend/gmysqlbackend.cc

index 48b8c4c1bb7c05bda83289d634d4d9ee4cdc2ef6..22bfeae93c52210d2585ef641e412e4e516965c5 100644 (file)
--- a/modules/gmysqlbackend/gmysqlbackend.cc
+++ b/modules/gmysqlbackend/gmysqlbackend.cc
@@ -60,7 +60,8 @@ void gMySQLBackend::reconnect()
                     getArg("group"),
                     mustDo("innodb-read-committed"),
                     getArgAsNum("timeout"),
-                   mustDo("thread-cleanup")));
+                   mustDo("thread-cleanup"),
+                   mustDo("ssl")));
  }
  
  class gMySQLFactory : public BackendFactory
@@ -80,6 +81,7 @@ public:
      declare(suffix,"innodb-read-committed","Use InnoDB READ-COMMITTED transaction isolation level","yes");
      declare(suffix,"timeout", "The timeout in seconds for each attempt to read/write to the server", "10");
      declare(suffix,"thread-cleanup","Explicitly call mysql_thread_end() when threads end","no");
+    declare(suffix,"ssl","Send the SSL capability flag to the server","no");
  
      declare(suffix,"dnssec","Enable DNSSEC processing","no");
  
diff --git a/modules/gmysqlbackend/smysql.cc b/modules/gmysqlbackend/smysql.cc

index 0b062574776f7bfe9ccc0232c9849d5113df8364..aac31837dfd01fef95b87c7187c5aa8774dc9982 100644 (file)
--- a/modules/gmysqlbackend/smysql.cc
+++ b/modules/gmysqlbackend/smysql.cc
@@ -481,7 +481,7 @@ void SMySQL::connect()
                              d_database.empty() ? NULL : d_database.c_str(),
                              d_port,
                              d_msocket.empty() ? NULL : d_msocket.c_str(),
-                            CLIENT_MULTI_RESULTS)) {
+                            (d_clientSSL ? CLIENT_SSL : 0) | CLIENT_MULTI_RESULTS)) {
  
        if (retry == 0)
          throw sPerrorException("Unable to connect to database");
@@ -497,8 +497,8 @@ void SMySQL::connect()
  }
  
  SMySQL::SMySQL(const string &database, const string &host, uint16_t port, const string &msocket, const string &user,
-               const string &password, const string &group, bool setIsolation, unsigned int timeout, bool threadCleanup):
-  d_database(database), d_host(host), d_msocket(msocket), d_user(user), d_password(password), d_group(group), d_timeout(timeout), d_port(port), d_setIsolation(setIsolation), d_threadCleanup(threadCleanup)
+               const string &password, const string &group, bool setIsolation, unsigned int timeout, bool threadCleanup, bool clientSSL):
+  d_database(database), d_host(host), d_msocket(msocket), d_user(user), d_password(password), d_group(group), d_timeout(timeout), d_port(port), d_setIsolation(setIsolation), d_threadCleanup(threadCleanup), d_clientSSL(clientSSL)
  {
    connect();
  }
diff --git a/modules/gmysqlbackend/smysql.hh b/modules/gmysqlbackend/smysql.hh

index 7a33e8c529d12357430a4cf3418320a6a3860eca..ea6af7579e385af60bf82febfe251d0f85a30833 100644 (file)
--- a/modules/gmysqlbackend/smysql.hh
+++ b/modules/gmysqlbackend/smysql.hh
@@ -33,7 +33,7 @@ public:
           const string &msocket="",const string &user="",
           const string &password="", const string &group="",
           bool setIsolation=false, unsigned int timeout=10,
-         bool threadCleanup=false);
+         bool threadCleanup=false, bool clientSSL=false);
  
    ~SMySQL();
  
@@ -63,6 +63,7 @@ private:
    uint16_t d_port;
    bool d_setIsolation;
    bool d_threadCleanup;
+  bool d_clientSSL;
  };
  
  #endif /* SSMYSQL_HH */
author	Kees Monshouwer <mind04@monshouwer.org>
	Wed, 28 Aug 2019 10:07:02 +0000 (12:07 +0200)
committer	mind04 <mind04@monshouwer.org>
	Mon, 23 Sep 2019 14:06:32 +0000 (16:06 +0200)
docs/backends/generic-mysql.rst		patch \| blob \| history
modules/gmysqlbackend/gmysqlbackend.cc		patch \| blob \| history
modules/gmysqlbackend/smysql.cc		patch \| blob \| history
modules/gmysqlbackend/smysql.hh		patch \| blob \| history