Modified:
trunk/ChangeLog
trunk/driver/connect.c
trunk/setup/MYODBCSetupDataSourceDialog.cpp
trunk/setup/MYODBCSetupDataSourceTab2.cpp
trunk/setup/MYODBCSetupDataSourceTab2.h
trunk/util/MYODBCUtil.h
trunk/util/MYODBCUtilClearDataSource.c
trunk/util/MYODBCUtilDefaultDataSource.c
trunk/util/MYODBCUtilReadConnectStr.c
trunk/util/MYODBCUtilReadDataSource.c
trunk/util/MYODBCUtilReadDataSourceStr.c
trunk/util/MYODBCUtilWriteConnectStr.c
trunk/util/MYODBCUtilWriteDataSource.c
trunk/util/MYODBCUtilWriteDataSourceStr.c
Log:
SSL connections could not be established properly. Added the server certificate
verification flag. (Bug #29955)
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/ChangeLog 2008-02-20 17:35:30 UTC (rev 1037)
@@ -10,6 +10,8 @@
(Bug #16653)
* Catalog data was truncated due to NAME_LEN only allocating a single byte
for characters. (Bug #32864)
+ * SSL connections could not be established properly. Added the server
+ certificate verification flag. (Bug #29955)
----
Modified: trunk/driver/connect.c
===================================================================
--- trunk/driver/connect.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/driver/connect.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -146,8 +146,9 @@
/* set SSL parameters */
mysql_ssl_set(mysql, ds->pszSSLKEY, ds->pszSSLCERT, ds->pszSSLCA,
ds->pszSSLCAPATH, ds->pszSSLCIPHER);
- mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
- (const char *)&opt_ssl_verify_server_cert);
+ if (ds->pszSSLVERIFY)
+ mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+ (const char *)&opt_ssl_verify_server_cert);
if (!mysql_real_connect(mysql, ds->pszSERVER, ds->pszUSER, ds->pszPASSWORD,
ds->pszDATABASE, port, ds->pszSOCKET, flags))
@@ -692,3 +693,4 @@
return SQL_SUCCESS;
}
+
Modified: trunk/setup/MYODBCSetupDataSourceDialog.cpp
===================================================================
--- trunk/setup/MYODBCSetupDataSourceDialog.cpp 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/setup/MYODBCSetupDataSourceDialog.cpp 2008-02-20 17:35:30 UTC (rev 1037)
@@ -229,6 +229,8 @@
pDataSource->pszSSLCAPATH = _global_strdup(
ptab2->getSSLCAPath().toAscii() );
if ( !ptab2->getSSLCipher().isEmpty() )
pDataSource->pszSSLCIPHER = _global_strdup(
ptab2->getSSLCipher().toAscii() );
+ if ( !ptab2->getSSLVerify().isEmpty() )
+ pDataSource->pszSSLVERIFY = _global_strdup(
ptab2->getSSLVerify().toAscii() );
#else
if ( !ptab1->getDataSourceName().isEmpty() )
@@ -262,6 +264,8 @@
pDataSource->pszSSLCAPATH = _global_strdup(
ptab2->getSSLCAPath().ascii() );
if ( !ptab2->getSSLCipher().isEmpty() )
pDataSource->pszSSLCIPHER = _global_strdup(
ptab2->getSSLCipher().ascii() );
+ if ( !ptab2->getSSLVerify().isEmpty() )
+ pDataSource->pszSSLVERIFY = _global_strdup(
ptab2->getSSLVerify().ascii() );
#endif
unsigned int nFlags = ptab3->getFlags();
@@ -397,6 +401,7 @@
ptab2->setSSLCA( pDataSource->pszSSLCA );
ptab2->setSSLCAPath( pDataSource->pszSSLCAPATH );
ptab2->setSSLCipher( pDataSource->pszSSLCIPHER );
+ ptab2->setSSLVerify( pDataSource->pszSSLVERIFY );
ptab1->setUser( pDataSource->pszUSER );
if ( pDataSource->pszOPTION )
@@ -454,6 +459,7 @@
connect( ptab2->plineeditSSLCA, SIGNAL(signalAssistText(const QString&)),
ptextbrowserAssist, SLOT(setHtml(const QString&)) );
connect( ptab2->plineeditSSLCAPath, SIGNAL(signalAssistText(const QString&)),
ptextbrowserAssist, SLOT(setHtml(const QString&)) );
connect( ptab2->plineeditSSLCipher, SIGNAL(signalAssistText(const QString&)),
ptextbrowserAssist, SLOT(setHtml(const QString&)) );
+ connect( ptab2->pcheckboxSSLVerify, SIGNAL(signalAssistText(const QString&)),
ptextbrowserAssist, SLOT(setHtml(const QString&)) );
connect( ptab3->ptab3a->pcheckboxReturnMatchingRows,
SIGNAL(signalAssistText(const QString&)), ptextbrowserAssist, SLOT(setHtml(const
QString&)) );
connect( ptab3->ptab3a->pcheckboxAllowBigResults, SIGNAL(signalAssistText(const
QString&)), ptextbrowserAssist, SLOT(setHtml(const QString&)) );
connect( ptab3->ptab3a->pcheckboxUseCompressedProtocol,
SIGNAL(signalAssistText(const QString&)), ptextbrowserAssist, SLOT(setHtml(const
QString&)) );
@@ -690,6 +696,8 @@
stringConnectIn+= ";SSLCAPATH=" + ptab2->getSSLCAPath();
if (!ptab2->getSSLCipher().isEmpty())
stringConnectIn+= ";SSLCIPHER=" + ptab2->getSSLCipher();
+ if (!ptab2->getSSLVerify().isEmpty())
+ stringConnectIn+= ";SSLVERIFY=" + ptab2->getSSLVerify();
return stringConnectIn;
}
@@ -1068,3 +1076,4 @@
+
Modified: trunk/setup/MYODBCSetupDataSourceTab2.cpp
===================================================================
--- trunk/setup/MYODBCSetupDataSourceTab2.cpp 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/setup/MYODBCSetupDataSourceTab2.cpp 2008-02-20 17:35:30 UTC (rev 1037)
@@ -29,7 +29,8 @@
QString stringSSLCert,
QString stringSSLCA,
QString stringSSLCAPath,
- QString stringSSLCipher )
+ QString stringSSLCipher,
+ QString stringSSLVerify )
: QWidget( pwidgetParent )
{
@@ -43,6 +44,7 @@
plineeditSSLCA->setText( stringSSLCA );
plineeditSSLCAPath->setText( stringSSLCAPath );
plineeditSSLCipher->setText( stringSSLCipher );
+ pcheckboxSSLVerify->setChecked( stringSSLVerify == "1" ? TRUE : FALSE );
}
MYODBCSetupDataSourceTab2::MYODBCSetupDataSourceTab2( QWidget *pwidgetParent )
@@ -96,6 +98,11 @@
plineeditSSLCipher->setText( stringSSLCipher );
}
+void MYODBCSetupDataSourceTab2::setSSLVerify( const QString &stringSSLVerify )
+{
+ pcheckboxSSLVerify->setChecked( stringSSLVerify == "1" ? TRUE : FALSE );
+}
+
QString MYODBCSetupDataSourceTab2::getPort()
{
return plineeditPort->text();
@@ -141,6 +148,11 @@
return plineeditSSLCipher->text();
}
+QString MYODBCSetupDataSourceTab2::getSSLVerify()
+{
+ return pcheckboxSSLVerify->isChecked() ? "1" : "";
+}
+
void MYODBCSetupDataSourceTab2::doInit()
{
QString stringPort( tr("The TCP/IP port to use if server is not
localhost.\nOptional: Yes (silently uses default)\nDefault: 3306") );
@@ -152,6 +164,7 @@
QString stringSSLCA( tr("The path to a file that contains a list of \ntrusted
SSL CAs.\nOptional: Yes") );
QString stringSSLCAPath( tr("The path to a directory that contains \ntrusted
SSL CA certificates in PEM format.\nOptional: Yes") );
QString stringSSLCipher( tr("A list of allowable ciphers to use for SSL
encryption.\nExample: ALL:-AES:-EXP\nOptional: Yes") );
+ QString stringSSLVerify( tr("The option causes the server's Common Name value
in its certificate to be verified against the hostname used when connecting to the server,
and the connection is rejected if there is a mismatch\nDefault: disabled") );
#if QT_VERSION >= 0x040000
QGridLayout * playoutFields = new QGridLayout();
setLayout( playoutFields );
@@ -276,7 +289,18 @@
QToolTip::add( plineeditSSLCipher, stringSSLCipher );
#endif
nRow++;
+
+ pcheckboxSSLVerify = new MYODBCSetupCheckBox( "Verify SSL Certificate", this );
+ pcheckboxSSLVerify->setAssistText( stringSSLVerify );
+ playoutFields->addWidget( pcheckboxSSLVerify, nRow, nColField );
+#if QT_VERSION >= 0x040000
+ pcheckboxSSLVerify->setToolTip( stringSSLVerify );
+#else
+ QToolTip::add( pcheckboxSSLVerify, stringSSLVerify );
+#endif
+ nRow++;
}
+
Modified: trunk/setup/MYODBCSetupDataSourceTab2.h
===================================================================
--- trunk/setup/MYODBCSetupDataSourceTab2.h 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/setup/MYODBCSetupDataSourceTab2.h 2008-02-20 17:35:30 UTC (rev 1037)
@@ -31,6 +31,7 @@
#include "MYODBCSetup.h"
#include "MYODBCSetupLineEdit.h"
#include "MYODBCSetupComboBoxDatabases.h"
+#include "MYODBCSetupCheckBox.h"
class MYODBCSetupDataSourceDialog;
@@ -49,7 +50,8 @@
QString stringSSLCert,
QString stringSSLCA,
QString stringSSLCAPath,
- QString stringSSLCipher );
+ QString stringSSLCipher,
+ QString stringSSLVerify );
MYODBCSetupDataSourceTab2( QWidget *pwidgetParent );
@@ -62,6 +64,7 @@
void setSSLCA( const QString &stringSSLCA );
void setSSLCAPath( const QString &stringSSLCApath );
void setSSLCipher( const QString &stringSSLCipher );
+ void setSSLVerify( const QString &stringSSLVerify );
QString getPort();
QString getSocket();
@@ -72,6 +75,7 @@
QString getSSLCA();
QString getSSLCAPath();
QString getSSLCipher();
+ QString getSSLVerify();
signals:
void signalRequestCharsetNames();
@@ -86,6 +90,7 @@
MYODBCSetupLineEdit * plineeditSSLCA;
MYODBCSetupLineEdit * plineeditSSLCAPath;
MYODBCSetupLineEdit * plineeditSSLCipher;
+ MYODBCSetupCheckBox * pcheckboxSSLVerify;
void doInit();
};
@@ -93,3 +98,4 @@
#endif
+
Modified: trunk/util/MYODBCUtil.h
===================================================================
--- trunk/util/MYODBCUtil.h 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtil.h 2008-02-20 17:35:30 UTC (rev 1037)
@@ -181,6 +181,7 @@
char *pszSSLCA; /* pathname to SSL certificate authority file
*/
char *pszSSLCAPATH; /* pathname to a directory that contains SSL ceritificate
authority files */
char *pszSSLCIPHER; /* pathname to a list of allowable ciphers
*/
+ char *pszSSLVERIFY; /* verify server certificate (see
--ssl-verify-server-cert */
char *pszCHARSET; /* default charset to use for connection */
MYODBCUTIL_DATASOURCE_MODE nMode; /* ConfigDSN mode or SQLDriverConnect
mode. */
@@ -252,3 +253,4 @@
#endif
+
Modified: trunk/util/MYODBCUtilClearDataSource.c
===================================================================
--- trunk/util/MYODBCUtilClearDataSource.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilClearDataSource.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -104,6 +104,11 @@
_global_free (pDataSource->pszSSLCIPHER);
pDataSource->pszSSLCIPHER = NULL;
}
+ if( pDataSource->pszSSLVERIFY)
+ {
+ _global_free (pDataSource->pszSSLVERIFY);
+ pDataSource->pszSSLVERIFY = NULL;
+ }
if( pDataSource->pszSSLKEY)
{
_global_free (pDataSource->pszSSLKEY);
Modified: trunk/util/MYODBCUtilDefaultDataSource.c
===================================================================
--- trunk/util/MYODBCUtilDefaultDataSource.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilDefaultDataSource.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -90,6 +90,11 @@
_global_free (pDataSource->pszSSLKEY);
pDataSource->pszSSLKEY = NULL;
}
+ if( pDataSource->pszSSLVERIFY && !pDataSource->pszSSLVERIFY[0] )
+ {
+ _global_free (pDataSource->pszSSLVERIFY);
+ pDataSource->pszSSLVERIFY = NULL;
+ }
if (pDataSource->pszCHARSET && !pDataSource->pszCHARSET[0] )
{
_global_free(pDataSource->pszCHARSET);
@@ -108,3 +113,4 @@
return TRUE;
}
+
Modified: trunk/util/MYODBCUtilReadConnectStr.c
===================================================================
--- trunk/util/MYODBCUtilReadConnectStr.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilReadConnectStr.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -197,6 +197,11 @@
if ( !pDataSource->pszSSLKEY )
pDataSource->pszSSLKEY = (char *)_global_strndup(
pAnchorChar, pScanChar - pAnchorChar );
}
+ else if ( strcasecmp( pszName, "SSLVERIFY" ) == 0 )
+ {
+ if ( !pDataSource->pszSSLVERIFY )
+ pDataSource->pszSSLVERIFY = (char *)_global_strndup(
pAnchorChar, pScanChar - pAnchorChar );
+ }
else if (strcasecmp(pszName, "CHARSET") == 0)
{
if (!pDataSource->pszCHARSET)
@@ -243,3 +248,4 @@
}
+
Modified: trunk/util/MYODBCUtilReadDataSource.c
===================================================================
--- trunk/util/MYODBCUtilReadDataSource.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilReadDataSource.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -211,6 +211,11 @@
if ( !pDataSource->pszSSLKEY )
pDataSource->pszSSLKEY = _global_strdup( szValue );
}
+ else if ( strcasecmp( pszEntryName, "SSLVERIFY" ) == 0 )
+ {
+ if ( !pDataSource->pszSSLVERIFY )
+ pDataSource->pszSSLVERIFY = _global_strdup( szValue );
+ }
else if (strcasecmp(pszEntryName, "CHARSET") == 0)
{
if (!pDataSource->pszCHARSET)
@@ -279,3 +284,4 @@
return TRUE;
}
+
Modified: trunk/util/MYODBCUtilReadDataSourceStr.c
===================================================================
--- trunk/util/MYODBCUtilReadDataSourceStr.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilReadDataSourceStr.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -282,6 +282,11 @@
if ( !pDataSource->pszSSLKEY )
pDataSource->pszSSLKEY = (char *)_global_strndup(
pAnchorChar, pScanChar - pAnchorChar );
}
+ else if ( strcasecmp( pszName, "SSLVERIFY" ) == 0 )
+ {
+ if ( !pDataSource->pszSSLVERIFY )
+ pDataSource->pszSSLVERIFY = (char *)_global_strndup(
pAnchorChar, pScanChar - pAnchorChar );
+ }
else if (strcasecmp(pszName, "CHARSET") == 0)
{
if (!pDataSource->pszCHARSET)
@@ -325,3 +330,4 @@
}
+
Modified: trunk/util/MYODBCUtilWriteConnectStr.c
===================================================================
--- trunk/util/MYODBCUtilWriteConnectStr.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilWriteConnectStr.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -191,6 +191,16 @@
return FALSE;
}
+ if ( pDataSource->pszSSLVERIFY )
+ {
+ if ( !MYODBCUtilInsertStr( pszStr, "SSLVERIFY=", nMaxLen, &nIndex ) )
+ return FALSE;
+ if ( !MYODBCUtilInsertStr( pszStr, pDataSource->pszSSLVERIFY, nMaxLen,
&nIndex ) )
+ return FALSE;
+ if ( nIndex && !MYODBCUtilInsertStr( pszStr, ";", nMaxLen, &nIndex )
)
+ return FALSE;
+ }
+
if (pDataSource->pszCHARSET)
{
if (nIndex && !MYODBCUtilInsertStr(pszStr, ";", nMaxLen, &nIndex))
@@ -208,3 +218,4 @@
}
+
Modified: trunk/util/MYODBCUtilWriteDataSource.c
===================================================================
--- trunk/util/MYODBCUtilWriteDataSource.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilWriteDataSource.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -85,6 +85,9 @@
if ( pDataSource->pszSSLKEY &&
!SQLWritePrivateProfileString( pDataSource->pszDSN, "SSLKEY",
pDataSource->pszSSLKEY, "odbc.ini" ) )
return FALSE;
+ if ( pDataSource->pszSSLVERIFY &&
+ !SQLWritePrivateProfileString( pDataSource->pszDSN, "SSLVERIFY",
pDataSource->pszSSLVERIFY, "odbc.ini" ) )
+ return FALSE;
if (pDataSource->pszCHARSET &&
!SQLWritePrivateProfileString(pDataSource->pszDSN, "CHARSET",
pDataSource->pszCHARSET, "odbc.ini"))
@@ -94,3 +97,4 @@
}
+
Modified: trunk/util/MYODBCUtilWriteDataSourceStr.c
===================================================================
--- trunk/util/MYODBCUtilWriteDataSourceStr.c 2008-02-18 02:35:06 UTC (rev 1036)
+++ trunk/util/MYODBCUtilWriteDataSourceStr.c 2008-02-20 17:35:30 UTC (rev 1037)
@@ -212,6 +212,16 @@
return FALSE;
}
+ if ( pDataSource->pszSSLVERIFY )
+ {
+ MYODBCUTILWRITEDATASOURCESTR_DELIM;
+
+ if ( !MYODBCUtilInsertStr( pszStr, "SSLVERIFY=", nMaxLen, &nIndex ) )
+ return FALSE;
+ if ( !MYODBCUtilInsertStr( pszStr, pDataSource->pszSSLVERIFY, nMaxLen,
&nIndex ) )
+ return FALSE;
+ }
+
if (pDataSource->pszCHARSET)
{
MYODBCUTILWRITEDATASOURCESTR_DELIM;
@@ -233,3 +243,4 @@
}
+
| Thread |
|---|
| • Connector/ODBC 3.51 commit: r1037 - in trunk: . driver setup util | bdegtyariov | 20 Feb |
