diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c index da130f18188..397372f5ac1 100644 --- a/src/modules/db_mysql/db_mysql.c +++ b/src/modules/db_mysql/db_mysql.c @@ -45,6 +45,7 @@ unsigned int my_server_timezone = 0; /* Use FROM_UNIXTIME() for date conversion unsigned long my_client_ver = 0; int db_mysql_unsigned_type = 0; +int db_mysql_opt_ssl_mode = 0; struct mysql_counters_h mysql_cnts_h; counter_def_t mysql_cnt_defs[] = { @@ -100,6 +101,7 @@ static param_export_t params[] = { {"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed}, {"update_affected_found", INT_PARAM, &db_mysql_update_affected_found}, {"unsigned_type", PARAM_INT, &db_mysql_unsigned_type}, + {"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0} }; diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c index bed21f92a74..324e707e5b8 100644 --- a/src/modules/db_mysql/km_my_con.c +++ b/src/modules/db_mysql/km_my_con.c @@ -40,6 +40,8 @@ #include "../../core/ut.h" #include "db_mysql.h" +extern int db_mysql_opt_ssl_mode; + /*! \brief * Create a new connection structure, * open the MySQL connection and set reference count to 1 @@ -49,6 +51,8 @@ struct my_con* db_mysql_new_connection(const struct db_id* id) struct my_con* ptr; char *host, *grp, *egrp; unsigned int connection_flag = 0; + unsigned int optuint = 0; + #if MYSQL_VERSION_ID > 50012 #if MYSQL_VERSION_ID > 80000 && ! defined MARIADB_BASE_VERSION bool rec; @@ -112,6 +116,20 @@ struct my_con* db_mysql_new_connection(const struct db_id* id) mysql_options(ptr->con, MYSQL_OPT_CONNECT_TIMEOUT, (const void*)&db_mysql_timeout_interval); mysql_options(ptr->con, MYSQL_OPT_READ_TIMEOUT, (const void*)&db_mysql_timeout_interval); mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, (const void*)&db_mysql_timeout_interval); +#if MYSQL_VERSION_ID > 50710 + if(db_mysql_opt_ssl_mode!=0) { + if(db_mysql_opt_ssl_mode==1) { + if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) { + LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n", + SSL_MODE_DISABLED); + } + optuint = SSL_MODE_DISABLED; + } else { + optuint = (unsigned int)db_mysql_opt_ssl_mode; + } + mysql_options(ptr->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint); + } +#endif #if MYSQL_VERSION_ID > 50012 /* set reconnect flag if enabled */ if (db_mysql_auto_reconnect) { diff --git a/src/modules/db_mysql/my_con.c b/src/modules/db_mysql/my_con.c index f64a90f0aa7..349595ee8f6 100644 --- a/src/modules/db_mysql/my_con.c +++ b/src/modules/db_mysql/my_con.c @@ -31,6 +31,7 @@ #include #include +extern int db_mysql_opt_ssl_mode; /* * Close the connection and release memory @@ -54,6 +55,7 @@ int my_con_connect(db_con_t* con) { struct my_con* mcon; struct my_uri* muri; + unsigned int optuint = 0; mcon = DB_GET_PAYLOAD(con); muri = DB_GET_PAYLOAD(con->uri); @@ -70,6 +72,20 @@ int my_con_connect(db_con_t* con) (const void*)&my_connect_to)) WARN("failed to set MYSQL_OPT_CONNECT_TIMEOUT\n"); } +#if MYSQL_VERSION_ID > 50710 + if(db_mysql_opt_ssl_mode!=0) { + if(db_mysql_opt_ssl_mode==1) { + if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) { + LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n", + SSL_MODE_DISABLED); + } + optuint = SSL_MODE_DISABLED; + } else { + optuint = (unsigned int)db_mysql_opt_ssl_mode; + } + mysql_options(mcon->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint); + } +#endif #if MYSQL_VERSION_ID >= 40101 if ((my_client_ver >= 50025) ||