[sr-dev] git:5.7:ede2af94: db_mysql: backport - no TLS with MariaDB Connector/C

S-P Chan via sr-dev Sat, 03 Feb 2024 16:37:27 -0800

Module: kamailio
Branch: 5.7
Commit: ede2af94386b99a87311351fcbdd15280dc11034
URL: 
https://github.com/kamailio/kamailio/commit/ede2af94386b99a87311351fcbdd15280dc11034


Author: S-P Chan <shihping.c...@gmail.com>
Committer: S-P Chan <shihping.c...@gmail.com>
Date: 2024-02-04T08:12:52+08:00

db_mysql: backport - no TLS with MariaDB Connector/C

- GH #3735
- includes compilation and stretch fixes
- emulate SSL_MODE_XXX from MySQL
- opt_ssl_mode:
  - 0|1(off)
  - 2|3|4(MYSQL_OPT_SSL_ENFORCE)
  - 5(MYSQL_OPT_SSL_VERIFY_SERVER_CERT)

---

Modified: src/modules/db_mysql/km_my_con.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/ede2af94386b99a87311351fcbdd15280dc11034.diff
Patch: 
https://github.com/kamailio/kamailio/commit/ede2af94386b99a87311351fcbdd15280dc11034.patch

---

diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index d3f57108886..b4c4dca33b0 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -116,7 +116,36 @@ struct my_con *db_mysql_new_connection(const struct db_id 
*id)
                        (const void *)&db_mysql_timeout_interval);
        mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT,
                        (const void *)&db_mysql_timeout_interval);
-#if MYSQL_VERSION_ID > 50710 && !defined(MARIADB_BASE_VERSION)
+
+#ifdef MARIADB_BASE_VERSION
+       /*
+        * emulate SSL_MODE_XXXX from MySQL
+        */
+
+       switch(db_mysql_opt_ssl_mode) {
+               case 0: /* opt_ssl_mode = 0(off) */
+               case 1: /* SSL_MODE_DISABLED */
+                       break;
+               case 2: /* SSL_MODE_PREFERRED */
+               case 3: /* SSL_MODE_REQUIRED */
+               case 4: /* SSL_MODE_VERIFY_CA */
+#if MYSQL_VERSION_ID >= 100339
+                       mysql_options(ptr->con, MYSQL_OPT_SSL_ENFORCE, (void 
*)&(int){1});
+#else
+                       LM_WARN("ssl mode not supported by %s\n", 
MARIADB_BASE_VERSION);
+#endif
+                       break;
+               case 5: /* SSL_MODE_VERIFY_IDENTITY */
+                       mysql_options(ptr->con, 
MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                                       (void *)&(int){1});
+                       break;
+               default:
+                       LM_WARN("opt_ssl_mode = %d not supported by MariaDB 
Connector/C\n",
+                                       db_mysql_opt_ssl_mode);
+                       break;
+       }
+#else
+#if MYSQL_VERSION_ID > 50710
        if(db_mysql_opt_ssl_mode != 0) {
                unsigned int optuint = 0;
                if(db_mysql_opt_ssl_mode == 1) {
@@ -136,7 +165,8 @@ struct my_con *db_mysql_new_connection(const struct db_id 
*id)
                                "ignoring\n",
                                (unsigned int)db_mysql_opt_ssl_mode);
        }
-#endif
+#endif /* MYSQL_VERSION_ID */
+#endif /* MARIADB_BASE_VERSION */
 
 #if MYSQL_VERSION_ID > 50012
        /* set reconnect flag if enabled */

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:5.7:ede2af94: db_mysql: backport - no TLS with MariaDB Connector/C

Reply via email to