Hi, just a quick note to let the list know I am coordinating between Don
and Mark Matthews. Cheers,
Jay
On Thu, 2006-10-26 at 11:07 -0700, Don Cohen wrote:
> Trying to follow directions at
> http://forge.mysql.com/wiki/Contributing
> I include a diff -ur below.
> I've not tried to update the documentation cause I don't understand
> how it's generated. I see lots of different formats. Do they all
> have to be modified separately?
> In any case, what I've added is analogous to requireSSL:
> requireSSLcert (defaults to 'true')
> If requireSSLcert is true then the client requires a certificate
> from the server, otherwise it does not.
> This is useful in java code that is to be downloaded as part of an
> applet to run in a web page. What one normally wants in that case
> is for the applet to contact the server and run without requiring
> the client to import additional certificates.
>
>
> plain text document attachment (mysql-connector-diff), "requireSSLcert
> patch"
> diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/ConnectionProperties.java
> mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ConnectionProperties.java
> ---
> mysql-connector-java-5.0.4/src/com/mysql/jdbc/ConnectionProperties.java 2006-10-19
> 15:17:29.000000000 -0700
> +++
> mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ConnectionProperties.java 2006-10-25
> 14:52:34.000000000 -0700
> @@ -1128,6 +1128,11 @@
> "Require SSL connection if useSSL=true? (defaults to 'false').",
> "3.1.0", SECURITY_CATEGORY, 3);
>
> + private BooleanConnectionProperty requireSSLcert = new BooleanConnectionProperty(
> + "requireSSLcert", true,
> + "Require SSL certificate if using SSL? (defaults to 'true').",
> + "3.1.0", SECURITY_CATEGORY, 3);
> +
> private StringConnectionProperty resourceId = new StringConnectionProperty(
> "resourceId",
> null, "A globally unique name that identifies the resource that this datasource
> or connection is " +
> @@ -2161,6 +2166,9 @@
> public boolean getRequireSSL() {
> return this.requireSSL.getValueAsBoolean();
> }
> + public boolean getRequireSSLcert() {
> + return this.requireSSLcert.getValueAsBoolean();
> + }
>
> protected boolean getRetainStatementAfterResultSetClose() {
> return this.retainStatementAfterResultSetClose.getValueAsBoolean();
> @@ -3224,6 +3232,9 @@
> public void setRequireSSL(boolean property) {
> this.requireSSL.setValue(property);
> }
> + public void setRequireSSLcert(boolean property) {
> + this.requireSSLcert.setValue(property);
> + }
>
> public void setRetainStatementAfterResultSetClose(boolean flag) {
> this.retainStatementAfterResultSetClose.setValue(flag);
> diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/ExportControlled.java
> mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ExportControlled.java
> --- mysql-connector-java-5.0.4/src/com/mysql/jdbc/ExportControlled.java 2006-10-19
> 15:17:29.000000000 -0700
> +++ mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ExportControlled.java 2006-10-26
> 08:34:29.000000000 -0700
> @@ -58,9 +58,14 @@
> */
> protected static void transformSocketToSSLSocket(MysqlIO mysqlIO)
> throws CommunicationsException {
> - javax.net.ssl.SSLSocketFactory sslFact = (javax.net.ssl.SSLSocketFactory)
> javax.net.ssl.SSLSocketFactory
> - .getDefault();
> -
> + javax.net.ssl.SSLSocketFactory sslFact =
> + (mysqlIO.connection.getRequireSSLcert())
> + ?
> + (javax.net.ssl.SSLSocketFactory)
> + javax.net.ssl.SSLSocketFactory.getDefault()
> + :
> + (TrustingSSLSocketFactory)
> + TrustingSSLSocketFactory.getDefault();
> try {
> mysqlIO.mysqlConnection = sslFact.createSocket(
> mysqlIO.mysqlConnection, mysqlIO.host, mysqlIO.port, true);
> @@ -91,4 +96,4 @@
>
> private ExportControlled() { /* prevent instantiation */
> }
> -}
> \ No newline at end of file
> +}
> diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/TrustingSSLSocketFactory.java
> mysql-connector-java-5.0.4+/src/com/mysql/jdbc/TrustingSSLSocketFactory.java
> ---
> mysql-connector-java-5.0.4/src/com/mysql/jdbc/TrustingSSLSocketFactory.java 2006-10-26
> 11:04:34.000000000 -0700
> +++
> mysql-connector-java-5.0.4+/src/com/mysql/jdbc/TrustingSSLSocketFactory.java 2006-10-26
> 10:50:13.000000000 -0700
> @@ -0,0 +1,75 @@
> +package com.mysql.jdbc;
> +import java.security.cert.*;
> +import javax.net.*;
> +import javax.net.ssl.*;
> +import java.net.*;
> +import java.io.*;
> +import java.io.IOException;
> +
> +public class TrustingSSLSocketFactory extends SSLSocketFactory {
> + class MyX509TrustManager implements X509TrustManager {
> + public void checkClientTrusted
> + (X509Certificate[] chain, String authType) {
> + // return without complaint
> + }
> + public void checkServerTrusted
> + (X509Certificate[] chain, String authType)
> + throws CertificateException{
> + // return without complaint
> + }
> + public X509Certificate[] getAcceptedIssuers() {
> + return null;
> + }
> + }
> +
> + private SSLSocketFactory factory;
> + public TrustingSSLSocketFactory() {
> + try {
> + SSLContext sslcontext = SSLContext.getInstance( "TLS");
> + sslcontext.init( null, // No KeyManager required
> + new X509TrustManager[] { new MyX509TrustManager()},
> + new java.security.SecureRandom());
> + factory = ( SSLSocketFactory) sslcontext.getSocketFactory();
> +
> + } catch( Exception ex) {
> + ex.printStackTrace();
> + }
> + }
> +
> + public static javax.net.ssl.SSLSocketFactory getDefault() {
> + return new TrustingSSLSocketFactory();
> + }
> +
> + public Socket createSocket( Socket socket, String s, int i, boolean
> + flag)
> + throws IOException {
> + return factory.createSocket( socket, s, i, flag);
> + }
> +
> + public Socket createSocket( InetAddress inaddr, int i,
> + InetAddress inaddr1, int j) throws IOException {
> + return factory.createSocket( inaddr, i, inaddr1, j);
> + }
> +
> + public Socket createSocket( InetAddress inaddr, int i) throws
> + IOException {
> + return factory.createSocket( inaddr, i);
> + }
> +
> + public Socket createSocket( String s, int i, InetAddress inaddr, int j)
> + throws IOException {
> + return factory.createSocket( s, i, inaddr, j);
> + }
> +
> + public Socket createSocket( String s, int i) throws IOException {
> + return factory.createSocket( s, i);
> + }
> +
> + public String[] getDefaultCipherSuites() {
> + return factory.getSupportedCipherSuites();
> + }
> +
> + public String[] getSupportedCipherSuites() {
> + return factory.getSupportedCipherSuites();
> + }
> +}
>
> --
> MySQL Internals Mailing List
> For list archives: http://lists.mysql.com/internals
> To unsubscribe: http://lists.mysql.com/internals?unsub=1
