From 596d4cdf1ee18c94ef879069608dbf99550dbc8f Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Wed, 28 Aug 2019 12:07:02 +0200 Subject: [PATCH] auth: gmysql backend, add an option to send the SSL capability flag to the server --- docs/backends/generic-mysql.rst | 8 ++++++++ modules/gmysqlbackend/gmysqlbackend.cc | 4 +++- modules/gmysqlbackend/smysql.cc | 6 +++--- modules/gmysqlbackend/smysql.hh | 3 ++- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/backends/generic-mysql.rst b/docs/backends/generic-mysql.rst index 7dd9a7478..73aa0f54b 100644 --- a/docs/backends/generic-mysql.rst +++ b/docs/backends/generic-mysql.rst @@ -124,6 +124,14 @@ Enable DNSSEC processing for this backend. Default: no. Use the InnoDB READ-COMMITTED transaction isolation level. Default: yes. +.. _setting-gmysql-ssl: + +``gmysql-ssl`` +^^^^^^^^^^^^^^^^^^ +.. versionadded:: 4.2.1 + +Send the CLIENT_SSL capabily flag to the server. SSL suppport is announced by the server via CLIENT_SSL and is enabled if the client returns the same capability. Default: no. + .. _setting-gmysql-timeout: ``gmysql-timeout`` diff --git a/modules/gmysqlbackend/gmysqlbackend.cc b/modules/gmysqlbackend/gmysqlbackend.cc index 48b8c4c1b..22bfeae93 100644 --- a/modules/gmysqlbackend/gmysqlbackend.cc +++ b/modules/gmysqlbackend/gmysqlbackend.cc @@ -60,7 +60,8 @@ void gMySQLBackend::reconnect() getArg("group"), mustDo("innodb-read-committed"), getArgAsNum("timeout"), - mustDo("thread-cleanup"))); + mustDo("thread-cleanup"), + mustDo("ssl"))); } class gMySQLFactory : public BackendFactory @@ -80,6 +81,7 @@ public: declare(suffix,"innodb-read-committed","Use InnoDB READ-COMMITTED transaction isolation level","yes"); declare(suffix,"timeout", "The timeout in seconds for each attempt to read/write to the server", "10"); declare(suffix,"thread-cleanup","Explicitly call mysql_thread_end() when threads end","no"); + declare(suffix,"ssl","Send the SSL capability flag to the server","no"); declare(suffix,"dnssec","Enable DNSSEC processing","no"); diff --git a/modules/gmysqlbackend/smysql.cc b/modules/gmysqlbackend/smysql.cc index 0b0625747..aac31837d 100644 --- a/modules/gmysqlbackend/smysql.cc +++ b/modules/gmysqlbackend/smysql.cc @@ -481,7 +481,7 @@ void SMySQL::connect() d_database.empty() ? NULL : d_database.c_str(), d_port, d_msocket.empty() ? NULL : d_msocket.c_str(), - CLIENT_MULTI_RESULTS)) { + (d_clientSSL ? CLIENT_SSL : 0) | CLIENT_MULTI_RESULTS)) { if (retry == 0) throw sPerrorException("Unable to connect to database"); @@ -497,8 +497,8 @@ void SMySQL::connect() } SMySQL::SMySQL(const string &database, const string &host, uint16_t port, const string &msocket, const string &user, - const string &password, const string &group, bool setIsolation, unsigned int timeout, bool threadCleanup): - d_database(database), d_host(host), d_msocket(msocket), d_user(user), d_password(password), d_group(group), d_timeout(timeout), d_port(port), d_setIsolation(setIsolation), d_threadCleanup(threadCleanup) + const string &password, const string &group, bool setIsolation, unsigned int timeout, bool threadCleanup, bool clientSSL): + d_database(database), d_host(host), d_msocket(msocket), d_user(user), d_password(password), d_group(group), d_timeout(timeout), d_port(port), d_setIsolation(setIsolation), d_threadCleanup(threadCleanup), d_clientSSL(clientSSL) { connect(); } diff --git a/modules/gmysqlbackend/smysql.hh b/modules/gmysqlbackend/smysql.hh index 7a33e8c52..ea6af7579 100644 --- a/modules/gmysqlbackend/smysql.hh +++ b/modules/gmysqlbackend/smysql.hh @@ -33,7 +33,7 @@ public: const string &msocket="",const string &user="", const string &password="", const string &group="", bool setIsolation=false, unsigned int timeout=10, - bool threadCleanup=false); + bool threadCleanup=false, bool clientSSL=false); ~SMySQL(); @@ -63,6 +63,7 @@ private: uint16_t d_port; bool d_setIsolation; bool d_threadCleanup; + bool d_clientSSL; }; #endif /* SSMYSQL_HH */ -- 2.40.0