Skip to content

Commit ce9385b

Browse files
committed
MDEV-27105 --ssl option set as default for mariadb CLI
but without server cert verification
1 parent 4ce6e78 commit ce9385b

File tree

7 files changed

+21
-11
lines changed

7 files changed

+21
-11
lines changed

client/mysqltest.cc

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6118,12 +6118,8 @@ void do_connect(struct st_command *command)
61186118
mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
61196119
mysql_options(con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
61206120
mysql_options(con_slot->mysql, MARIADB_OPT_TLS_VERSION, opt_tls_version);
6121-
#if MYSQL_VERSION_ID >= 50000
6122-
/* Turn on ssl_verify_server_cert only if host is "localhost" */
6123-
opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");
61246121
mysql_options(con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
61256122
&opt_ssl_verify_server_cert);
6126-
#endif
61276123
}
61286124
#endif
61296125

@@ -9849,12 +9845,8 @@ int main(int argc, char **argv)
98499845
opt_ssl_capath, opt_ssl_cipher);
98509846
mysql_options(con->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
98519847
mysql_options(con->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
9852-
#if MYSQL_VERSION_ID >= 50000
9853-
/* Turn on ssl_verify_server_cert only if host is "localhost" */
9854-
opt_ssl_verify_server_cert= opt_host && !strcmp(opt_host, "localhost");
98559848
mysql_options(con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
98569849
&opt_ssl_verify_server_cert);
9857-
#endif
98589850
}
98599851
#endif
98609852

include/sslopt-longopts.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121

2222
{"ssl", OPT_SSL_SSL,
2323
"Enable SSL for connection (automatically enabled with other flags).",
24-
&opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
24+
&opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 1, 0, 0, 0, 0, 0},
2525
{"ssl-ca", OPT_SSL_CA,
2626
"CA file in PEM format (check OpenSSL docs, implies --ssl).",
2727
&opt_ssl_ca, &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,

include/sslopt-vars.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
#else
2323
#define SSL_STATIC static
2424
#endif
25-
SSL_STATIC my_bool opt_use_ssl = 0;
25+
SSL_STATIC my_bool opt_use_ssl = 1;
2626
SSL_STATIC char *opt_ssl_ca = 0;
2727
SSL_STATIC char *opt_ssl_capath = 0;
2828
SSL_STATIC char *opt_ssl_cert = 0;

mysql-test/main/openssl_1.test

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ drop table t1;
7272
# Handle that openssl gives different error messages from YaSSL.
7373
--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/
7474
--error 1
75-
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
75+
--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
7676
--echo
7777

7878
#

mysql-test/main/ssl_7937,nossl.result

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,10 @@ mysql --ssl-ca=cacert.pem --ssl-verify-server-cert -e "call test.have_ssl()"
1212
ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it
1313
mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
1414
ERROR 2026 (HY000): SSL connection error: SSL is required, but the server does not support it
15+
#
16+
# MDEV-27105 --ssl option set as default for mariadb CLI
17+
#
18+
mysql -e "call test.have_ssl()"
19+
have_ssl
20+
no
1521
drop procedure have_ssl;

mysql-test/main/ssl_7937.result

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,10 @@ have_ssl
1313
yes
1414
mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
1515
ERROR 2026 (HY000): SSL connection error: Failed to verify the server certificate
16+
#
17+
# MDEV-27105 --ssl option set as default for mariadb CLI
18+
#
19+
mysql -e "call test.have_ssl()"
20+
have_ssl
21+
yes
1622
drop procedure have_ssl;

mysql-test/main/ssl_7937.test

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,4 +23,10 @@ create procedure have_ssl()
2323
--echo mysql --ssl --ssl-verify-server-cert -e "call test.have_ssl()"
2424
--replace_regex /SSL connection error.*certificate[^\n]*/SSL connection error: Failed to verify the server certificate/
2525
--exec $MYSQL --ssl --ssl-verify-server-cert -e "call test.have_ssl()" 2>&1
26+
27+
--echo #
28+
--echo # MDEV-27105 --ssl option set as default for mariadb CLI
29+
--echo #
30+
--echo mysql -e "call test.have_ssl()"
31+
--exec $MYSQL -e "call test.have_ssl()"
2632
drop procedure have_ssl;

0 commit comments

Comments
 (0)