This bug-report is all from code inspection, so if I've missed
something essential, please correct me. The reason I started looking
at this is that I wanted to add some kind of Kerberos 5 support.
It appears that the SSL mode in mysql is very broken. In
mysql_real_connect you do:
...
#ifdef HAVE_OPENSSL
if (mysql->options.use_ssl)
client_flag|=CLIENT_SSL;
#endif /* HAVE_OPENSSL */
...
#ifdef HAVE_OPENSSL
if ((mysql->server_capabilities & CLIENT_SSL) &&
(mysql->options.use_ssl || (client_flag & CLIENT_SSL)))
{
DBUG_PRINT("info", ("Changing IO layer to SSL"));
client_flag |= CLIENT_SSL;
}
else
{
if (client_flag & CLIENT_SSL)
{
DBUG_PRINT("info", ("Leaving IO layer intact because server doesn't support
SSL"));
}
client_flag &= ~CLIENT_SSL;
}
#endif /* HAVE_OPENSSL */
But this means that if the server doesn't support SSL, or worse, if
some malicious guy turned off the SSL bit from the server to the
client, SSL will not be used, without anyone finding out. If SSL is
requested but isn't used, the connection should be terminated. In
practice this probably means that any enctryption has to be negotiated
before any other (vital) data is transmitted.
/Johan
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
