Issue #1768: prefer mysql_options() with MYSQL_OPT_SSL_* over depreca…

…ted mysql_ssl_set(). And merge some newer TMySQLOption items from mariadb-server\libmariadb\include\mysql.h
HeidiSQL · May 20, 2024 · 5b046b2 · 5b046b2
1 parent db014bd
commit 5b046b2
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 29 deletions.
diff --git a/source/dbconnection.pas b/source/dbconnection.pas
@@ -2359,7 +2359,6 @@ procedure TMySQLConnection.SetActive( Value: Boolean );
   Error, StatusName: String;
   FinalHost, FinalSocket, FinalUsername, FinalPassword: String;
   ErrorHint: String;
-  sslca, sslkey, sslcert, sslcipher: PAnsiChar;
   PluginDir: AnsiString;
   Status: TDBQuery;
   PasswordChangeDialog: TfrmPasswordChange;
@@ -2379,33 +2378,25 @@ procedure TMySQLConnection.SetActive( Value: Boolean );
     FinalPort := FParameters.Port;
 
     if FParameters.WantSSL then begin
-      // Define which TLS protocol versions are allowed BEFORE calling mysql_ssl_set().
+      // Define which TLS protocol versions are allowed.
       // See https://www.heidisql.com/forum.php?t=27158
       // See https://mariadb.com/kb/en/library/mysql_optionsv/
       // See issue #1768
-      // See https://mariadb.com/kb/en/mysql_ssl_set/
       SetOptionResult := FLib.mysql_options(FHandle, Integer(MARIADB_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
-      SetOptionResult := SetOptionResult + FLib.mysql_options(FHandle, Integer(MYSQL_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
-      // mysql_ssl_set() wants nil, while PAnsiChar(AnsiString()) is never nil
-      sslkey := nil;
-      sslcert := nil;
-      sslca := nil;
-      sslcipher := nil;
+      SetOptionResult := SetOptionResult +
+        FLib.mysql_options(FHandle, Integer(MYSQL_OPT_TLS_VERSION), PAnsiChar(AnsiString('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3')));
       if FParameters.SSLPrivateKey <> '' then
-        sslkey := PAnsiChar(AnsiString(FParameters.SSLPrivateKey));
+        SetOptionResult := SetOptionResult +
+          FLib.mysql_options(FHandle, Integer(MYSQL_OPT_SSL_KEY), PAnsiChar(AnsiString(FParameters.SSLPrivateKey)));
       if FParameters.SSLCertificate <> '' then
-        sslcert := PAnsiChar(AnsiString(FParameters.SSLCertificate));
+        SetOptionResult := SetOptionResult +
+          FLib.mysql_options(FHandle, Integer(MYSQL_OPT_SSL_CERT), PAnsiChar(AnsiString(FParameters.SSLCertificate)));
       if FParameters.SSLCACertificate <> '' then
-        sslca := PAnsiChar(AnsiString(FParameters.SSLCACertificate));
+        SetOptionResult := SetOptionResult +
+          FLib.mysql_options(FHandle, Integer(MYSQL_OPT_SSL_CA), PAnsiChar(AnsiString(FParameters.SSLCACertificate)));
       if FParameters.SSLCipher <> '' then
-        sslcipher := PAnsiChar(AnsiString(FParameters.SSLCipher));
-      { TODO : Use Cipher and CAPath parameters }
-      SetOptionResult := SetOptionResult + FLib.mysql_ssl_set(FHandle,
-        sslkey,
-        sslcert,
-        sslca,
-        nil,
-        sslcipher);
+        SetOptionResult := SetOptionResult +
+          FLib.mysql_options(FHandle, Integer(MYSQL_OPT_SSL_CIPHER), PAnsiChar(AnsiString(FParameters.SSLCipher)));
       if SetOptionResult = 0 then
         Log(lcInfo, _('SSL parameters successfully set.'))
       else

diff --git a/source/dbstructures.mysql.pas b/source/dbstructures.mysql.pas
@@ -303,23 +303,21 @@   MYSQL_RES = record
     MYSQL_OPT_MAX_ALLOWED_PACKET,
     MYSQL_OPT_NET_BUFFER_LENGTH,
     MYSQL_OPT_TLS_VERSION,
-    MYSQL_OPT_SSL_MODE,
-    MYSQL_OPT_GET_SERVER_PUBLIC_KEY,
 
     // MariaDB specific
     MYSQL_PROGRESS_CALLBACK=5999,
     MYSQL_OPT_NONBLOCK,
     // MariaDB Connector/C specific
     MYSQL_DATABASE_DRIVER=7000,
-    MARIADB_OPT_SSL_FP,                // deprecated, use MARIADB_OPT_TLS_PEER_FP instead
-    MARIADB_OPT_SSL_FP_LIST,           // deprecated, use MARIADB_OPT_TLS_PEER_FP_LIST instead
-    MARIADB_OPT_TLS_PASSPHRASE,        // passphrase for encrypted certificates
+    MARIADB_OPT_SSL_FP,             // deprecated, use MARIADB_OPT_TLS_PEER_FP instead
+    MARIADB_OPT_SSL_FP_LIST,        // deprecated, use MARIADB_OPT_TLS_PEER_FP_LIST instead
+    MARIADB_OPT_TLS_PASSPHRASE,     // passphrase for encrypted certificates
     MARIADB_OPT_TLS_CIPHER_STRENGTH,
     MARIADB_OPT_TLS_VERSION,
-    MARIADB_OPT_TLS_PEER_FP,           // single finger print for server certificate verification
-    MARIADB_OPT_TLS_PEER_FP_LIST,      // finger print white list for server certificate verification
+    MARIADB_OPT_TLS_PEER_FP,            // single finger print for server certificate verification
+    MARIADB_OPT_TLS_PEER_FP_LIST,       // finger print white list for server certificate verification
     MARIADB_OPT_CONNECTION_READ_ONLY,
-    MYSQL_OPT_CONNECT_ATTRS,           // for mysql_get_optionv
+    MYSQL_OPT_CONNECT_ATTRS,        // for mysql_get_optionv
     MARIADB_OPT_USERDATA,
     MARIADB_OPT_CONNECTION_HANDLER,
     MARIADB_OPT_PORT,
@@ -333,7 +331,14 @@   MYSQL_RES = record
     MARIADB_OPT_MULTI_RESULTS,
     MARIADB_OPT_MULTI_STATEMENTS,
     MARIADB_OPT_INTERACTIVE,
-    MARIADB_OPT_PROXY_HEADER
+    MARIADB_OPT_PROXY_HEADER,
+    MARIADB_OPT_IO_WAIT,
+    MARIADB_OPT_SKIP_READ_RESPONSE,
+    MARIADB_OPT_RESTRICTED_AUTH,
+    MARIADB_OPT_RPL_REGISTER_REPLICA,
+    MARIADB_OPT_STATUS_CALLBACK,
+    MARIADB_OPT_SERVER_PLUGINS,
+    MARIADB_OPT_BULK_UNIT_RESULTS
     );
 
   TMySQLLib = class(TDbLib)