Set TLS options BEFORE calling mysql_ssl_set(). Probably helps fixing…

… issue #1768
HeidiSQL · May 18, 2024 · a378e6e · a378e6e
1 parent 6fac701
commit a378e6e
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 11 deletions.
diff --git a/out/locale/en/LC_MESSAGES/default.po b/out/locale/en/LC_MESSAGES/default.po
@@ -7,15 +7,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: HeidiSQL\n"
 "POT-Creation-Date: 2012-11-05 21:40\n"
-"PO-Revision-Date: 2024-04-29 07:40+0200\n"
+"PO-Revision-Date: 2024-05-18 17:39+0200\n"
 "Last-Translator: Ansgar Becker <anse@heidisql.com>\n"
 "Language-Team: English (http://www.transifex.com/projects/p/heidisql/language/en/)\n"
 "Language: en\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 3.4.2\n"
+"X-Generator: Poedit 3.4.4\n"
 
 #. AboutBox..Caption
 #: about.dfm:5
@@ -4001,6 +4001,9 @@ msgstr "Your %s is incompatible to %s, or your system is missing a dependent lib
 msgid "SSL parameters successfully set."
 msgstr "SSL parameters successfully set."
 
+msgid "SSL parameters not fully set. Result: %d"
+msgstr "SSL parameters not fully set. Result: %d"
+
 #: dbconnection.pas:1151
 msgid "Attempt to create SSH process, waiting %ds for response ..."
 msgstr "Attempt to create SSH process, waiting %ds for response ..."

diff --git a/source/dbconnection.pas b/source/dbconnection.pas
@@ -2379,6 +2379,13 @@ procedure TMySQLConnection.SetActive( Value: Boolean );
     FinalPort := FParameters.Port;
 
     if FParameters.WantSSL then begin
+      // Define which TLS protocol versions are allowed BEFORE calling mysql_ssl_set().
+      // See https://www.heidisql.com/forum.php?t=27158
+      // See https://mariadb.com/kb/en/library/mysql_optionsv/
+      // See issue #1768
+      // See https://mariadb.com/kb/en/mysql_ssl_set/
+      SetOptionResult := FLib.mysql_options(FHandle, Integer(MARIADB_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
+      SetOptionResult := SetOptionResult + FLib.mysql_options(FHandle, Integer(MYSQL_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
       // mysql_ssl_set() wants nil, while PAnsiChar(AnsiString()) is never nil
       sslkey := nil;
       sslcert := nil;
@@ -2393,13 +2400,17 @@ procedure TMySQLConnection.SetActive( Value: Boolean );
       if FParameters.SSLCipher <> '' then
         sslcipher := PAnsiChar(AnsiString(FParameters.SSLCipher));
       { TODO : Use Cipher and CAPath parameters }
-      FLib.mysql_ssl_set(FHandle,
+      SetOptionResult := SetOptionResult + FLib.mysql_ssl_set(FHandle,
         sslkey,
         sslcert,
         sslca,
         nil,
         sslcipher);
-      Log(lcInfo, _('SSL parameters successfully set.'));
+      if SetOptionResult = 0 then
+        Log(lcInfo, _('SSL parameters successfully set.'))
+      else
+        Log(lcError, f_('SSL parameters not fully set. Result: %d', [SetOptionResult]));
+      SetOptionResult := 0;
     end;
 
     case FParameters.NetType of
@@ -2451,12 +2462,6 @@ procedure TMySQLConnection.SetActive( Value: Boolean );
       raise EDbError.Create(f_('Plugin directory %s could not be set.', [PluginDir]));
     end;
 
-    // Define which TLS protocol versions are allowed.
-    // See https://www.heidisql.com/forum.php?t=27158
-    // See https://mariadb.com/kb/en/library/mysql_optionsv/
-    FLib.mysql_options(FHandle, Integer(MARIADB_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
-    FLib.mysql_options(FHandle, Integer(MYSQL_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
-
     // Enable cleartext plugin
     if Parameters.CleartextPluginEnabled then
       FLib.mysql_options(FHandle, Integer(MYSQL_ENABLE_CLEARTEXT_PLUGIN), PAnsiChar('1'));

diff --git a/source/dbstructures.mysql.pas b/source/dbstructures.mysql.pas
@@ -358,7 +358,7 @@   TMySQLLib = class(TDbLib)
     mysql_ping: function(Handle: PMYSQL): Integer; stdcall;
     mysql_real_connect: function(Handle: PMYSQL; const Host, User, Passwd, Db: PAnsiChar; Port: Cardinal; const UnixSocket: PAnsiChar; ClientFlag: Cardinal): PMYSQL; stdcall;
     mysql_real_query: function(Handle: PMYSQL; const Query: PAnsiChar; Length: Cardinal): Integer; stdcall;
-    mysql_ssl_set: function(Handle: PMYSQL; const key, cert, CA, CApath, cipher: PAnsiChar): Byte; stdcall;
+    mysql_ssl_set: function(Handle: PMYSQL; const key, cert, CA, CApath, cipher: PAnsiChar): Integer; stdcall;
     mysql_stat: function(Handle: PMYSQL): PAnsiChar; stdcall;
     mysql_store_result: function(Handle: PMYSQL): PMYSQL_RES; stdcall;
     mysql_thread_id: function(Handle: PMYSQL): Cardinal; stdcall;