db_mysql: new parameter opt_ssl_mode - allow controling ssl mode

- can disable or enforce use of ssl - some combinations of libmysqlclient and libssl1.1 can result in crashing when ssl/tls is used, even on 127.0.0.1, this param can be used to disable it (cherry picked from commit 260e25e)
kamailio · Jun 19, 2020 · 31c6199 · 31c6199
1 parent 40549e3
commit 31c6199
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
@@ -45,6 +45,7 @@ unsigned int my_server_timezone = 0; /* Use FROM_UNIXTIME() for date conversion
 
 unsigned long my_client_ver = 0;
 int db_mysql_unsigned_type = 0;
+int db_mysql_opt_ssl_mode = 0;
 
 struct mysql_counters_h mysql_cnts_h;
 counter_def_t mysql_cnt_defs[] =  {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
 	{"insert_delayed",   INT_PARAM, &db_mysql_insert_all_delayed},
 	{"update_affected_found", INT_PARAM, &db_mysql_update_affected_found},
 	{"unsigned_type",    PARAM_INT, &db_mysql_unsigned_type},
+	{"opt_ssl_mode",     PARAM_INT, &db_mysql_opt_ssl_mode},
 	{0, 0, 0}
 };
 

diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
@@ -40,6 +40,8 @@
 #include "../../core/ut.h"
 #include "db_mysql.h"
 
+extern int db_mysql_opt_ssl_mode;
+
 /*! \brief
  * Create a new connection structure,
  * open the MySQL connection and set reference count to 1
@@ -49,6 +51,8 @@ struct my_con* db_mysql_new_connection(const struct db_id* id)
 	struct my_con* ptr;
 	char *host, *grp, *egrp;
 	unsigned int connection_flag = 0;
+	unsigned int optuint = 0;
+
 #if MYSQL_VERSION_ID > 50012
 #if MYSQL_VERSION_ID > 80000 && ! defined MARIADB_BASE_VERSION
 	bool rec;
@@ -112,6 +116,20 @@ struct my_con* db_mysql_new_connection(const struct db_id* id)
 	mysql_options(ptr->con, MYSQL_OPT_CONNECT_TIMEOUT, (const void*)&db_mysql_timeout_interval);
 	mysql_options(ptr->con, MYSQL_OPT_READ_TIMEOUT, (const void*)&db_mysql_timeout_interval);
 	mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, (const void*)&db_mysql_timeout_interval);
+#if MYSQL_VERSION_ID > 50710
+	if(db_mysql_opt_ssl_mode!=0) {
+		if(db_mysql_opt_ssl_mode==1) {
+			if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) {
+				LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n",
+						SSL_MODE_DISABLED);
+			}
+			optuint = SSL_MODE_DISABLED;
+		} else {
+			optuint = (unsigned int)db_mysql_opt_ssl_mode;
+		}
+		mysql_options(ptr->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint);
+	}
+#endif
 #if MYSQL_VERSION_ID > 50012
 	/* set reconnect flag if enabled */
 	if (db_mysql_auto_reconnect) {

diff --git a/src/modules/db_mysql/my_con.c b/src/modules/db_mysql/my_con.c
@@ -31,6 +31,7 @@
 #include <string.h>
 #include <time.h>
 
+extern int db_mysql_opt_ssl_mode;
 
 /*
  * Close the connection and release memory
@@ -54,6 +55,7 @@ int my_con_connect(db_con_t* con)
 {
 	struct my_con* mcon;
 	struct my_uri* muri;
+	unsigned int optuint = 0;
 
 	mcon = DB_GET_PAYLOAD(con);
 	muri = DB_GET_PAYLOAD(con->uri);
@@ -70,6 +72,20 @@ int my_con_connect(db_con_t* con)
 					(const void*)&my_connect_to))
 			WARN("failed to set MYSQL_OPT_CONNECT_TIMEOUT\n");
 	}
+#if MYSQL_VERSION_ID > 50710
+	if(db_mysql_opt_ssl_mode!=0) {
+		if(db_mysql_opt_ssl_mode==1) {
+			if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) {
+				LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n",
+						SSL_MODE_DISABLED);
+			}
+			optuint = SSL_MODE_DISABLED;
+		} else {
+			optuint = (unsigned int)db_mysql_opt_ssl_mode;
+		}
+		mysql_options(mcon->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint);
+	}
+#endif
 
 #if MYSQL_VERSION_ID >= 40101
 	if ((my_client_ver >= 50025) ||