Modified:
trunk/CHANGES
trunk/mysqlclient/MySqlConnectionStringBuilder.cs
trunk/mysqlclient/MySqlStream.cs
trunk/mysqlclient/NativeDriver.cs
trunk/mysqlclient/docs/MySqlConnection.xml
Log:
SSL now works.
Modified: trunk/CHANGES
===================================================================
--- trunk/CHANGES 2006-11-06 21:07:15 UTC (rev 456)
+++ trunk/CHANGES 2006-11-13 23:11:43 UTC (rev 457)
@@ -1,3 +1,9 @@
+Version 5.0.3
+
+ Other changes
+ -------------
+ SSL now working. [Thanks Alessandro Muzzetta]
+
Version 5.0.2 11-3-2006
Bugs fixed
Modified: trunk/mysqlclient/MySqlConnectionStringBuilder.cs
===================================================================
--- trunk/mysqlclient/MySqlConnectionStringBuilder.cs 2006-11-06 21:07:15 UTC (rev 456)
+++ trunk/mysqlclient/MySqlConnectionStringBuilder.cs 2006-11-13 23:11:43 UTC (rev 457)
@@ -634,6 +634,8 @@
return Keyword.ConnectionReset;
case "ignore prepare":
return Keyword.IgnorePrepare;
+ case "encrypt":
+ return Keyword.UseSSL;
}
throw new ArgumentException(Resources.KeywordNotSupported, key);
}
@@ -669,6 +671,7 @@
case Keyword.AllowZeroDatetime: return AllowZeroDateTime;
case Keyword.UsePerformanceMonitor: return UsePerformanceMonitor;
case Keyword.IgnorePrepare: return IgnorePrepare;
+ case Keyword.UseSSL: return UseSSL;
default: return null; /* this will never happen */
}
}
@@ -704,6 +707,7 @@
case Keyword.AllowZeroDatetime: AllowZeroDateTime = ConvertToBool(value); break;
case Keyword.ProcedureCacheSize: ProcedureCacheSize = ConvertToUInt(value); break;
case Keyword.IgnorePrepare: IgnorePrepare = ConvertToBool(value); break;
+ case Keyword.UseSSL: UseSSL = ConvertToBool(value); break;
}
}
@@ -752,6 +756,7 @@
AllowZeroDatetime,
UsePerformanceMonitor,
ProcedureCacheSize,
- IgnorePrepare
+ IgnorePrepare,
+ UseSSL
}
}
Modified: trunk/mysqlclient/MySqlStream.cs
===================================================================
--- trunk/mysqlclient/MySqlStream.cs 2006-11-06 21:07:15 UTC (rev 456)
+++ trunk/mysqlclient/MySqlStream.cs 2006-11-13 23:11:43 UTC (rev 457)
@@ -439,10 +439,11 @@
bufferStream.Position = 0;
}
outStream.Flush();
+ if (baseStream is CompressedStream)
// we do a flush on the basestream here because we might be sitting on top of
// a compression stream and calling flush on the BufferedStream doesn't always
// call flush on the underlying stream.
- baseStream.Flush();
+ baseStream.Flush();
}
#endregion
Modified: trunk/mysqlclient/NativeDriver.cs
===================================================================
--- trunk/mysqlclient/NativeDriver.cs 2006-11-06 21:07:15 UTC (rev 456)
+++ trunk/mysqlclient/NativeDriver.cs 2006-11-13 23:11:43 UTC (rev 457)
@@ -28,6 +28,9 @@
using System.Text;
using MySql.Data.Types;
using System.Diagnostics;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Authentication;
namespace MySql.Data.MySqlClient
{
@@ -41,6 +44,7 @@
protected ClientFlags connectionFlags;
protected MySqlStream stream;
+ protected Stream baseStream;
private BitArray nullMap;
private int warningCount;
@@ -163,7 +167,6 @@
base.Open();
// connect to one of our specified hosts
- Stream baseStream;
try
{
#if !CF
@@ -193,6 +196,7 @@
if (baseStream == null)
throw new MySqlException("Unable to connect to any of the specified MySQL hosts");
+ int maxSinglePacket = 255 * 255 * 255;
stream = new MySqlStream(baseStream, encoding);
// read off the welcome packet and parse out it's values
@@ -203,35 +207,47 @@
threadId = (int)stream.ReadInteger(4);
encryptionSeed = stream.ReadString();
+ if (version.isAtLeast(4, 0, 8))
+ maxSinglePacket = (256 * 256 * 256) - 1;
+
// read in Server capabilities if they are provided
serverCaps = 0;
if (stream.HasMoreData)
serverCaps = (ClientFlags)stream.ReadInteger(2);
+ if (version.isAtLeast(4, 1, 1))
+ {
+ /* New protocol with 16 bytes to describe server characteristics */
+ serverCharSetIndex = stream.ReadInteger(1);
+ serverStatus = (ServerStatusFlags)stream.ReadInteger(2);
+ stream.SkipBytes(13);
+ string seedPart2 = stream.ReadString();
+ encryptionSeed += seedPart2;
+ }
+
// based on our settings, set our connection flags
SetConnectionFlags();
stream.StartOutput(0, false);
stream.WriteInteger((int)connectionFlags,
version.isAtLeast(4, 1, 0) ? 4 : 2);
- stream.WriteInteger(stream.MaxBlockSize,
- version.isAtLeast(4, 1, 0) ? 4 : 3);
- // 4.1.1 included some new server status info
- if (stream.HasMoreData)
+ if (connectionString.UseSSL && (serverCaps & ClientFlags.SSL) != 0)
{
- /* New protocol with 16 bytes to describe server characteristics */
- serverCharSetIndex = stream.ReadInteger(1);
+ stream.Flush();
- serverStatus = (ServerStatusFlags)stream.ReadInteger(2);
- stream.SkipBytes(13);
+ StartSSL();
+
+ stream.StartOutput(0, false);
+ stream.WriteInteger((int)connectionFlags,
+ version.isAtLeast(4, 1, 0) ? 4 : 2);
}
+ stream.WriteInteger(maxSinglePacket,
+ version.isAtLeast(4, 1, 0) ? 4 : 3);
+
if (version.isAtLeast(4, 1, 1))
{
- string seedPart2 = stream.ReadString();
- encryptionSeed += seedPart2;
-
stream.WriteByte(8);
stream.Write(new byte[23]);
}
@@ -243,12 +259,6 @@
if ((connectionFlags & ClientFlags.COMPRESS) != 0)
stream = new MySqlStream(new CompressedStream(baseStream), encoding);
- // starting with 4.0.8, maxSinglePacket should be 0xffffff
- if (version.isAtLeast(4, 0, 8))
- stream.MaxBlockSize = (256 * 256 * 256) - 1;
- else
- stream.MaxBlockSize = 255 * 255 * 255;
-
// give our stream the server version we are connected to.
// We may have some fields that are read differently based
// on the version of the server we are connected to.
@@ -257,6 +267,42 @@
isOpen = true;
}
+ private void StartSSL()
+ {
+ RemoteCertificateValidationCallback sslValidateCallback;
+
+ sslValidateCallback = new RemoteCertificateValidationCallback(NoServerCheckValidation);
+ SslStream ss = new SslStream(baseStream, true, sslValidateCallback, null);
+ try
+ {
+ X509CertificateCollection certs = new X509CertificateCollection();
+ ss.AuthenticateAsClient(String.Empty, certs, SslProtocols.Default, false);
+ baseStream = ss;
+ stream = new MySqlStream(ss, encoding);
+ stream.SequenceByte = 2;
+ }
+ catch (Exception)
+ {
+ throw;
+ }
+ }
+
+ private static bool ServerCheckValidation(object sender, X509Certificate certificate,
+ X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+ if (sslPolicyErrors == SslPolicyErrors.None)
+ return true;
+
+ // Do not allow this client to communicate with unauthenticated servers.
+ return false;
+ }
+
+ private static bool NoServerCheckValidation(object sender, X509Certificate certificate,
+ X509Chain chain, SslPolicyErrors sslPolicyErrors)
+ {
+ return true;
+ }
+
/// <summary>
/// Return the appropriate set of connection flags for our
/// server capabilities and our user requested options.
@@ -307,6 +353,10 @@
if ((serverCaps & ClientFlags.SECURE_CONNECTION) != 0)
flags |= ClientFlags.SECURE_CONNECTION;
+ // if the server is capable of SSL and the user is requesting SSL
+ if ((serverCaps & ClientFlags.SSL) != 0 && connectionString.UseSSL)
+ flags |= ClientFlags.SSL;
+
connectionFlags = flags;
}
@@ -321,6 +371,7 @@
stream.Write(Crypt.Get411Password(connectionString.Password, this.encryptionSeed));
if ((connectionFlags & ClientFlags.CONNECT_WITH_DB) != 0 && connectionString.Database != null)
stream.WriteString(connectionString.Database);
+
stream.Flush();
// this result means the server wants us to send the password using
@@ -344,6 +395,7 @@
connectionString.Password, encryptionSeed, protocol > 9));
if ((connectionFlags & ClientFlags.CONNECT_WITH_DB) != 0 && connectionString.Database != null)
stream.WriteString(connectionString.Database);
+
stream.Flush();
ReadOk(true);
}
Modified: trunk/mysqlclient/docs/MySqlConnection.xml
===================================================================
--- trunk/mysqlclient/docs/MySqlConnection.xml 2006-11-06 21:07:15 UTC (rev 456)
+++ trunk/mysqlclient/docs/MySqlConnection.xml 2006-11-13 23:11:43 UTC (rev 457)
@@ -777,10 +777,10 @@
<tr>
<td>Encrypt</td>
<td>false</td>
- <td>When <B>true</B>, SSL encryption is used for all data sent between the
+ <td>When <B>true</B>, SSL/TLS encryption is used for all data sent between the
client and server if the server has a certificate installed. Recognized values
-are <B>true</B>, <B>false</B>, <B>yes</B>, and <B>no</B>.<para><b>Note</b> This parameter currently has no
-effect.</para></td>
+are <B>true</B>, <B>false</B>, <B>yes</B>, and <B>no</B>.
+ </td>
</tr>
<tr>
<td>Initial Catalog<para> -or- </para>Database</td>
| Thread |
|---|
| • Connector/NET commit: r457 - in trunk: . mysqlclient mysqlclient/docs | rburnett | 14 Nov |
