MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:vvaintroub Date:June 12 2009 6:23pm
Subject:Connector/NET commit: r1646 - in trunk: . MySql.Data/Provider/Properties MySql.Data/Provider/Source
View as plain text  
Modified:
   trunk/CHANGES
   trunk/MySql.Data/Provider/Properties/Resources.resx
   trunk/MySql.Data/Provider/Source/MySqlConnectionStringBuilder.cs
   trunk/MySql.Data/Provider/Source/MysqlDefs.cs
   trunk/MySql.Data/Provider/Source/NativeDriver.cs
Log:
Add "SSL Mode" option for connections that indicates whether to use SSL connections and how
to validate server certificate. Deprecated use of "encrypt" in connection strings(bug#38700)


Modified: trunk/CHANGES
===================================================================
--- trunk/CHANGES	2009-06-12 17:53:56 UTC (rev 1645)
+++ trunk/CHANGES	2009-06-12 18:23:51 UTC (rev 1646)
@@ -1,3 +1,5 @@
+- Add "SSL Mode" option for connections that indicates whether to use SSL connections and how
+  to validate server certificate. Deprecated use of "encrypt" in connection strings(bug#38700)
 Version 6.0.4
 - fixed regression where using stored procs with datasets (bug #44460)
 - fixed compilation under VS 2005 (bug #44822)

Modified: trunk/MySql.Data/Provider/Properties/Resources.resx
===================================================================
--- trunk/MySql.Data/Provider/Properties/Resources.resx	2009-06-12 17:53:56 UTC (rev 1645)
+++ trunk/MySql.Data/Provider/Properties/Resources.resx	2009-06-12 18:23:51 UTC (rev 1646)
@@ -343,4 +343,7 @@
 	<data name="DataNotInSupportedFormat" xml:space="preserve">    
     <value>The given value was not in a supported format.</value>  
   </data>
+  	<data name="NoServerSSLSupport" xml:space="preserve">
+    <value>The host {0} does not support SSL connections.</value>
+  </data>
 	<resheader name="resmimetype"><value>text/microsoft-resx</value></resheader><resheader name="version"><value>2.0</value></resheader><resheader name="reader"><value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value></resheader><resheader name="writer"><value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value></resheader></root>

Modified: trunk/MySql.Data/Provider/Source/MySqlConnectionStringBuilder.cs
===================================================================
--- trunk/MySql.Data/Provider/Source/MySqlConnectionStringBuilder.cs	2009-06-12 17:53:56 UTC (rev 1645)
+++ trunk/MySql.Data/Provider/Source/MySqlConnectionStringBuilder.cs	2009-06-12 18:23:51 UTC (rev 1646)
@@ -42,10 +42,11 @@
         uint procCacheSize, connectionLifetime;
         MySqlConnectionProtocol protocol;
         MySqlDriverType driverType;
+        MySqlSslMode sslMode;
         bool compress, connectionReset, allowBatch, logging;
         bool oldSyntax, persistSI, usePerfMon, pooling;
         bool allowZeroDatetime, convertZeroDatetime;
-        bool useUsageAdvisor, useSSL;
+        bool useUsageAdvisor;
         bool ignorePrepare, useProcedureBodies;
         bool autoEnlist, respectBinaryFlags, treatBlobsAsUTF8;
         string blobAsUtf8IncludePattern, blobAsUtf8ExcludePattern;
@@ -86,7 +87,7 @@
             defaultValues.Add(Keyword.AllowZeroDatetime, false);
             defaultValues.Add(Keyword.UsePerformanceMonitor, false);
             defaultValues.Add(Keyword.ProcedureCacheSize, 25);
-            defaultValues.Add(Keyword.UseSSL, false);
+            defaultValues.Add(Keyword.Encrypt, false);
             defaultValues.Add(Keyword.IgnorePrepare, true);
             defaultValues.Add(Keyword.UseProcedureBodies, true);
             defaultValues.Add(Keyword.AutoEnlist, true);
@@ -100,6 +101,7 @@
             defaultValues.Add(Keyword.InteractiveSession, false);
             defaultValues.Add(Keyword.FunctionsReturnString, false);
             defaultValues.Add(Keyword.UseAffectedRows, false);
+            defaultValues.Add(Keyword.SslMode, MySqlSslMode.None);
         }
 
         /// <summary>
@@ -465,19 +467,20 @@
             }
         }
 
+
 #if !CF && !MONO
         [Category("Authentication")]
-        [Description("Should the connection use SSL.  This currently has no effect.")]
+        [Description("Should the connection use SSL.")]
         [DefaultValue(false)]
-        [RefreshProperties(RefreshProperties.All)]
+        [Obsolete("Use Ssl Mode instead.")]
 #endif
-            internal bool UseSSL
+        internal bool Encrypt
         {
-            get { return useSSL; }
+            get { return SslMode != MySqlSslMode.None; }
             set
             {
-                SetValue("UseSSL", value); 
-                useSSL = value;
+                SetValue("Encrypt", value);
+                sslMode = value ? MySqlSslMode.Prefered : MySqlSslMode.None;
             }
         }
 
@@ -930,6 +933,24 @@
             }
         }
 
+#if !CF
+        /// <summary>
+        /// Indicates whether to use SSL connections and how to handle server certificate errors.
+        /// </summary>
+        [DisplayName("SslMode")]
+        [Category("Security")]
+        [Description("SSL properties for connection")]
+#endif
+        public MySqlSslMode SslMode
+        {
+            get { return sslMode; }
+            set
+            {
+                SetValue("Ssl Mode", value);
+                sslMode = value;
+            }
+        }
+
         #endregion
 
         #region Conversion Routines
@@ -1002,6 +1023,13 @@
                                          typeof (MySqlDriverType), value.ToString(), true);
         }
 
+        private static MySqlSslMode ConvertToSslMode(object value)
+        {
+            if (value is MySqlSslMode)
+                return (MySqlSslMode)value;
+            return (MySqlSslMode)Enum.Parse(typeof(MySqlSslMode), value.ToString(), true);
+        }
+
         #endregion
 
         #region Internal Properties
@@ -1148,7 +1176,7 @@
                 case "IGNORE PREPARE":
                     return Keyword.IgnorePrepare;
                 case "ENCRYPT":
-                    return Keyword.UseSSL;
+                    return Keyword.Encrypt;
                 case "PROCEDURE BODIES":
                 case "USE PROCEDURE BODIES":
                     return Keyword.UseProcedureBodies;
@@ -1176,6 +1204,8 @@
                     return Keyword.FunctionsReturnString;
                 case "USE AFFECTED ROWS":
                     return Keyword.UseAffectedRows;
+                case "SSL MODE":
+                    return Keyword.SslMode;
             }
             throw new ArgumentException(Resources.KeywordNotSupported, key);
         }
@@ -1238,8 +1268,8 @@
                     return UsePerformanceMonitor;
                 case Keyword.IgnorePrepare:
                     return IgnorePrepare;
-                case Keyword.UseSSL:
-                    return UseSSL;
+                case Keyword.Encrypt:
+                    return Encrypt;
                 case Keyword.UseProcedureBodies:
                     return UseProcedureBodies;
                 case Keyword.AutoEnlist:
@@ -1264,6 +1294,8 @@
                     return functionsReturnString;
                 case Keyword.UseAffectedRows:
                     return useAffectedRows;
+                case Keyword.SslMode:
+                    return sslMode;
                 default:
                     return null; /* this will never happen */
             }
@@ -1349,8 +1381,11 @@
                     procCacheSize = ConvertToUInt(value); break;
                 case Keyword.IgnorePrepare: 
                     ignorePrepare = ConvertToBool(value); break;
-                case Keyword.UseSSL: 
-                    useSSL = ConvertToBool(value); break;
+                case Keyword.Encrypt: 
+                    if (!clearing)
+                        Logger.LogWarning("Encrypt is now obsolete. Use Ssl Mode instead");
+                    sslMode = ConvertToBool(value)?MySqlSslMode.Prefered:MySqlSslMode.None;
+                    break;
                 case Keyword.UseProcedureBodies: 
                     useProcedureBodies = ConvertToBool(value); break;
                 case Keyword.AutoEnlist:
@@ -1375,6 +1410,8 @@
                     functionsReturnString = ConvertToBool(value); break;
                 case Keyword.UseAffectedRows:
                     useAffectedRows = ConvertToBool(value); break;
+                case Keyword.SslMode:
+                    sslMode = ConvertToSslMode(value); break;
             }
         }
 
@@ -1545,7 +1582,7 @@
         UsePerformanceMonitor,
         ProcedureCacheSize,
         IgnorePrepare,
-        UseSSL,
+        Encrypt,
         UseProcedureBodies,
         AutoEnlist,
         RespectBinaryFlags,
@@ -1557,6 +1594,7 @@
         AllowUserVariables,
         InteractiveSession,
         FunctionsReturnString,
-        UseAffectedRows
+        UseAffectedRows,
+        SslMode
     }
 }

Modified: trunk/MySql.Data/Provider/Source/MysqlDefs.cs
===================================================================
--- trunk/MySql.Data/Provider/Source/MysqlDefs.cs	2009-06-12 17:53:56 UTC (rev 1645)
+++ trunk/MySql.Data/Provider/Source/MysqlDefs.cs	2009-06-12 18:23:51 UTC (rev 1646)
@@ -338,6 +338,34 @@
     }
 
     /// <summary>
+    /// SSL options for connection.
+    /// </summary>
+    public enum MySqlSslMode
+    {
+        /// <summary>
+        /// Do not use SSL.
+        /// </summary>
+        None,
+        /// <summary>
+        /// Use SSL, if server supports it.
+        /// </summary>
+        Prefered,
+        /// <summary>
+        /// Always use SSL. Deny connection if server does not support SSL.
+        /// Do not perform server certificate validation. 
+        /// </summary>
+        Required,
+        /// <summary>
+        /// Always use SSL. Validate server SSL certificate, but different host name mismatch.
+        /// </summary>
+        VerifyCA,
+        /// <summary>
+        /// Always use SSL and perform full certificate validation.
+        /// </summary>
+        VerifyFull
+    }
+
+    /// <summary>
     /// Specifies the connection types supported
     /// </summary>
     public enum MySqlDriverType

Modified: trunk/MySql.Data/Provider/Source/NativeDriver.cs
===================================================================
--- trunk/MySql.Data/Provider/Source/NativeDriver.cs	2009-06-12 17:53:56 UTC (rev 1645)
+++ trunk/MySql.Data/Provider/Source/NativeDriver.cs	2009-06-12 18:23:51 UTC (rev 1646)
@@ -254,12 +254,21 @@
                                 version.isAtLeast(4, 1, 0) ? 4 : 2);
 
 #if !CF
-            if (connectionString.UseSSL && (serverCaps & ClientFlags.SSL) != 0)
+            if ((serverCaps & ClientFlags.SSL) ==0)
             {
+                if ((connectionString.SslMode != MySqlSslMode.None)
+                && (connectionString.SslMode != MySqlSslMode.Prefered))
+                {
+                    // Client requires SSL connections.
+                    string message = String.Format(Resources.NoServerSSLSupport,
+                        Settings.Server);
+                    throw new MySqlException(message);
+                }
+            }
+            else if (connectionString.SslMode != MySqlSslMode.None)
+            {
                 stream.SendPacket(packet);
-
                 StartSSL();
-
                 packet.Clear();
                 packet.WriteInteger((int) connectionFlags,
                                     version.isAtLeast(4, 1, 0) ? 4 : 2);
@@ -297,40 +306,41 @@
 
         private void StartSSL()
         {
-            RemoteCertificateValidationCallback sslValidateCallback;
+            RemoteCertificateValidationCallback sslValidateCallback =
+                new RemoteCertificateValidationCallback(ServerCheckValidation);
+            SslStream ss = new SslStream(baseStream, true, sslValidateCallback, null);
+            X509CertificateCollection certs = new X509CertificateCollection();
+            ss.AuthenticateAsClient(Settings.Server, certs, SslProtocols.Default, false);
+            baseStream = ss;
+            stream = new MySqlStream(ss, encoding, false);
+            stream.SequenceByte = 2;
 
-            sslValidateCallback = new RemoteCertificateValidationCallback(NoServerCheckValidation);
-            SslStream ss = new SslStream(baseStream, true, sslValidateCallback, null);
-            try
-            {
-                X509CertificateCollection certs = new X509CertificateCollection();
-                ss.AuthenticateAsClient(String.Empty, certs, SslProtocols.Default, false);
-                baseStream = ss;
-                stream = new MySqlStream(ss, encoding, false);
-                stream.SequenceByte = 2;
-            }
-            catch (Exception)
-            {
-                throw;
-            }
         }
 
-/*        private static bool ServerCheckValidation(object sender, X509Certificate certificate,
+        private bool ServerCheckValidation(object sender, X509Certificate certificate,
                                                   X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
             if (sslPolicyErrors == SslPolicyErrors.None)
                 return true;
 
-            // Do not allow this client to communicate with unauthenticated servers.
+            if (Settings.SslMode == MySqlSslMode.Prefered ||
+                Settings.SslMode == MySqlSslMode.Required)
+            {
+                //Tolerate all certificate errors.
+                return true;
+            }
+
+            if (Settings.SslMode == MySqlSslMode.VerifyCA && 
+                sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch)
+            {
+                // Tolerate name mismatch in certificate, if full validation is not requested.
+                return true;
+            }
+
             return false;
         }
-        */
-        private static bool NoServerCheckValidation(object sender, X509Certificate certificate,
-                                                    X509Chain chain, SslPolicyErrors sslPolicyErrors)
-        {
-            return true;
-        }
 
+
         #endregion
 
 #endif
@@ -393,7 +403,7 @@
                 flags |= ClientFlags.SECURE_CONNECTION;
 
             // if the server is capable of SSL and the user is requesting SSL
-            if ((serverCaps & ClientFlags.SSL) != 0 && connectionString.UseSSL)
+            if ((serverCaps & ClientFlags.SSL) != 0 && connectionString.SslMode != MySqlSslMode.None)
                 flags |= ClientFlags.SSL;
 
             connectionFlags = flags;

Thread
Connector/NET commit: r1646 - in trunk: . MySql.Data/Provider/Properties MySql.Data/Provider/Sourcevvaintroub12 Jun