diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml b/src/modules/db_mysql/doc/db_mysql_admin.xml
index 51c9b5b728d..f1ff53df0ed 100644
--- a/src/modules/db_mysql/doc/db_mysql_admin.xml
+++ b/src/modules/db_mysql/doc/db_mysql_admin.xml
@@ -46,6 +46,7 @@
mysql - the development libraries for the MySQL database. In some Linux distributions named "libmysqlclient-dev".
+ MariaDB - the development libraries for the MariaDB database. In some Linux distributions named "libmariadbclient-dev".
@@ -198,7 +199,10 @@ modparam("db_mysql", "update_affected_found", 1)
defined.
- Note: this option is supported only by libmysqlclient, not by libmariadbclient.
+ MariaDB client configuration uses the following values: 0, 1 use plain, 2/3/4 for MYSQL_OPT_SSL_ENFORCE,
+ 5 for MYSQL_OPT_SSL_VERIFY_SERVER_CERT (see MariaDB Connector/C documentation)
+
+ Other values are ignored.
@@ -298,4 +302,3 @@ default-character-set = utf8
-
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index d3f57108886..b415ff87655 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -116,7 +116,32 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
(const void *)&db_mysql_timeout_interval);
mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT,
(const void *)&db_mysql_timeout_interval);
-#if MYSQL_VERSION_ID > 50710 && !defined(MARIADB_BASE_VERSION)
+
+#ifdef MARIADB_BASE_VERSION
+ /*
+ * emulate SSL_MODE_XXXX from MySQL
+ */
+
+ switch(db_mysql_opt_ssl_mode) {
+ case 0: /* opt_ssl_mode = 0(off) */
+ case 1: /* SSL_MODE_DISABLED */
+ break;
+ case 2: /* SSL_MODE_PREFERRED */
+ case 3: /* SSL_MODE_REQUIRED */
+ case 4: /* SSL_MODE_VERIFY_CA */
+ mysql_optionsv(ptr->con, MYSQL_OPT_SSL_ENFORCE, (void *)&(int){1});
+ break;
+ case 5: /* SSL_MODE_VERIFY_IDENTITY */
+ mysql_optionsv(ptr->con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+ (void *)&(int){1});
+ break;
+ default:
+ LM_WARN("opt_ssl_mode = %d not supported by MariaDB Connector/C\n",
+ db_mysql_opt_ssl_mode);
+ break;
+ }
+#else
+#ifdef MYSQL_VERSION_ID> 50710
if(db_mysql_opt_ssl_mode != 0) {
unsigned int optuint = 0;
if(db_mysql_opt_ssl_mode == 1) {
@@ -136,7 +161,8 @@ struct my_con *db_mysql_new_connection(const struct db_id *id)
"ignoring\n",
(unsigned int)db_mysql_opt_ssl_mode);
}
-#endif
+#endif /* MYSQL_VERSION_ID */
+#endif /* MARIADB_BASE_VERSION */
#if MYSQL_VERSION_ID > 50012
/* set reconnect flag if enabled */