Skip to content
Permalink
Browse files

ODBC-240 Added use of Peer Fingerprint and FP list

Changed connection string option names to be TLSPEERFP and
TLSPEERFPLIST, respectively. While leaved old names(SSLFP and SSLFPLIST) as aliases.
Added input fields to the setup dialog on Windows.
Previous commit missed memory freeing for the new field - added here.
  • Loading branch information...
lawrinn committed Sep 12, 2019
1 parent f2129e5 commit df066bd89ab3bcbc410544e572dfc5368a415b48
Showing with 40 additions and 13 deletions.
  1. +6 −0 dsn/odbc_dsn.c
  2. +13 −7 dsn/odbc_dsn.rc
  3. BIN dsn/resource.h
  4. +9 −0 ma_connection.c
  5. +10 −4 ma_dsn.c
  6. +2 −2 ma_dsn.h
@@ -94,6 +94,8 @@ MADB_DsnMap DsnMap[] = {
{&DsnKeys[32], 4, cbTls13, 4, 0},
{&DsnKeys[33], 4, cbForceTls, 0, 0},
{&DsnKeys[34], 4, txtServerKey, 260, 0},
{&DsnKeys[25], 4, txtTlsPeerFp, 41, 0},
{&DsnKeys[26], 4, txtTlsPeerFpList, 260, 0 },
{NULL, 0, 0, 0, 0}
};

@@ -656,6 +658,10 @@ INT_PTR CALLBACK DialogDSNProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lPara
res= SelectPath(hDlg, txtServerKey, L"Select Server Public Key File", FALSE, OpenCurSelection);
OpenCurSelection= OpenCurSelection && !res;
return res;
case pbFpListBrowse:
res= SelectPath(hDlg, txtTlsPeerFpList, L"Select File with SHA1 fingerprints of server certificates", FALSE, OpenCurSelection);
OpenCurSelection= OpenCurSelection && !res;
return res;
case rbTCP:
case rbPipe:
if (HIWORD(wParam) == BN_CLICKED)
@@ -194,15 +194,21 @@ BEGIN

CONTROL "Force TLS Use",cbForceTls,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,84,80,97,10,WS_EX_TRANSPARENT

LTEXT "Allowed TLS versions(Not checking any means, that all are allowed)",IDC_STATIC,15,94,264,8,0,WS_EX_TRANSPARENT
CONTROL "v.1.1",cbTls11,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,15,105,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.2",cbTls12,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,45,105,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.3",cbTls13,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,105,30,10,WS_EX_TRANSPARENT
LTEXT "Permit only specific TLS versions",IDC_STATIC,15,91,110,8,0,WS_EX_TRANSPARENT
CONTROL "v.1.1",cbTls11,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,125,91,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.2",cbTls12,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,155,91,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.3",cbTls13,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,185,91,30,10,WS_EX_TRANSPARENT

LTEXT "Server public key",IDC_STATIC,15,119,68,8,0,WS_EX_TRANSPARENT
EDITTEXT txtServerKey,84,119,110,10,ES_AUTOHSCROLL
PUSHBUTTON "Browse",pbServerKeyBrowse,195,117,30,14
LTEXT "Server public key",IDC_STATIC,15,104,68,8,0,WS_EX_TRANSPARENT
EDITTEXT txtServerKey,84,104,110,10,ES_AUTOHSCROLL
PUSHBUTTON "Browse",pbServerKeyBrowse,195,102,30,14

LTEXT "Tls Peer Fingerprint", IDC_STATIC, 15, 118, 68, 8, 0, WS_EX_TRANSPARENT
EDITTEXT txtTlsPeerFp, 84, 118, 110, 10, ES_AUTOHSCROLL

LTEXT "Fingerprints List File", IDC_STATIC, 15, 132, 68, 8, 0, WS_EX_TRANSPARENT
EDITTEXT txtTlsPeerFpList, 84, 132, 110, 10, ES_AUTOHSCROLL
PUSHBUTTON "Browse", pbFpListBrowse, 195, 130, 30, 14

PUSHBUTTON "Cancel",IDCANCEL,178,149,50,14
PUSHBUTTON "Next >",PB_NEXT,104,149,50,14
BIN +272 Bytes (100%) dsn/resource.h
Binary file not shown.
@@ -786,6 +786,15 @@ SQLRETURN MADB_DbcConnectDB(MADB_Dbc *Connection,
mysql_optionsv(Connection->mariadb, MYSQL_SERVER_PUBLIC_KEY, Dsn->ServerKey);
}

if (!MADB_IS_EMPTY(Dsn->TlsPeerFp))
{
mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PEER_FP, (void*)Dsn->TlsPeerFp);
}
if (!MADB_IS_EMPTY(Dsn->TlsPeerFpList))
{
mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PEER_FP_LIST, (void*)Dsn->TlsPeerFpList);
}

if (!mysql_real_connect(Connection->mariadb,
Dsn->Socket ? "localhost" : Dsn->ServerName, Dsn->UserName, Dsn->Password,
Dsn->Catalog && Dsn->Catalog[0] ? Dsn->Catalog : NULL, Dsn->Port, Dsn->Socket, client_flags))
@@ -27,6 +27,9 @@
#define DSNKEY_UID_INDEX 8
#define DSNKEY_PWD_INDEX 9
#define DSNKEY_DATABASE_INDEX 10
#define DSNKEY_FP_INDEX 25
#define DSNKEY_FPLIST_INDEX 26


MADB_DsnKey DsnKeys[]=
{
@@ -60,8 +63,8 @@ MADB_DsnKey DsnKeys[]=
{"SSLCAPATH", offsetof(MADB_Dsn, SslCaPath), DSN_TYPE_STRING, 0, 0},
{"SSLCIPHER", offsetof(MADB_Dsn, SslCipher), DSN_TYPE_STRING, 0, 0},
{"SSLVERIFY", offsetof(MADB_Dsn, SslVerify), DSN_TYPE_BOOL, 0, 0},
{"SSLFP", offsetof(MADB_Dsn, SslFp), DSN_TYPE_STRING, 0, 0},
{"SSLFPLIST", offsetof(MADB_Dsn, SslFpList), DSN_TYPE_STRING, 0, 0},
{"TLSPEERFP", offsetof(MADB_Dsn, TlsPeerFp), DSN_TYPE_STRING, 0, 0},
{"TLSPEERFPLIST", offsetof(MADB_Dsn, TlsPeerFpList), DSN_TYPE_STRING, 0, 0},
{"SSLCRL", offsetof(MADB_Dsn, SslCrl), DSN_TYPE_STRING, 0, 0},
{"SSLCRLPATH", offsetof(MADB_Dsn, SslCrlPath), DSN_TYPE_STRING, 0, 0},
{"SOCKET", offsetof(MADB_Dsn, Socket), DSN_TYPE_STRING, 0, 0},
@@ -75,6 +78,8 @@ MADB_DsnKey DsnKeys[]=
{"USER", DSNKEY_UID_INDEX, DSN_TYPE_STRING, 0, 1},
{"PASSWORD", DSNKEY_PWD_INDEX, DSN_TYPE_STRING, 0, 1},
{"DB", DSNKEY_DATABASE_INDEX, DSN_TYPE_COMBO, 0, 1},
{"SSLFP", DSNKEY_FP_INDEX, DSN_TYPE_STRING, 0, 1},
{"SSLFPLIST", DSNKEY_FPLIST_INDEX, DSN_TYPE_STRING, 0, 1},

/* Terminating Null */
{NULL, 0, DSN_TYPE_BOOL,0,0}
@@ -147,9 +152,10 @@ void MADB_DSN_Free(MADB_Dsn *Dsn)
MADB_FREE(Dsn->SslCipher);
MADB_FREE(Dsn->SslCrl);
MADB_FREE(Dsn->SslCrlPath);
MADB_FREE(Dsn->SslFp);
MADB_FREE(Dsn->SslFpList);
MADB_FREE(Dsn->TlsPeerFp);
MADB_FREE(Dsn->TlsPeerFpList);
MADB_FREE(Dsn->SaveFile);
MADB_FREE(Dsn->ServerKey);

if (Dsn->FreeMe)
MADB_FREE(Dsn);
@@ -127,8 +127,8 @@ typedef struct st_madb_dsn
char *SslCipher;
char *SslCrl;
char *SslCrlPath;
char *SslFp;
char *SslFpList;
char *TlsPeerFp;
char *TlsPeerFpList;
my_bool SslVerify;
char TlsVersion;
my_bool ForceTls;

0 comments on commit df066bd

Please sign in to comment.
You can’t perform that action at this time.