MDEV-14027: Determine TLS/SSL library version

9EOR9 · 9EOR9 · commit 113418caf2f8 · 2017-10-15T06:01:59.000+02:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -338,7 +338,7 @@ CONFIGURE_FILE(${CC_SOURCE_DIR}/include/mariadb_version.h.in
 INCLUDE_DIRECTORIES(${CC_BINARY_DIR}/include)
 
 IF(WIN32)
-  SET(SYSTEM_LIBS ws2_32 advapi32 kernel32 shlwapi)
+  SET(SYSTEM_LIBS ws2_32 advapi32 kernel32 shlwapi version)
 ELSE()
   SET(SYSTEM_LIBS ${SYSTEM_LIBS} ${LIBPTHREAD} ${LIBDL} ${LIBM})
   IF(ICONV_EXTERNAL)
diff --git a/include/ma_tls.h b/include/ma_tls.h
@@ -1,6 +1,9 @@
 #ifndef _ma_tls_h_
 #define _ma_tls_h_
 
+#define TLS_VERSION_LENGTH 64
+extern char tls_library_version[TLS_VERSION_LENGTH];
+
 enum enum_pvio_tls_type {
   SSL_TYPE_DEFAULT=0,
 #ifdef _WIN32
diff --git a/libmariadb/ma_tls.c b/libmariadb/ma_tls.c
@@ -153,7 +153,7 @@ static my_bool ma_pvio_tls_compare_fp(const char *cert_fp,
     char d1, d2;
     if (*p == ':')
       p++;
-    if (p - fp > fp_len -1)
+    if (p - fp > (int)fp_len -1)
       return 1;
     if ((d1 = ma_hex2int(*p)) == - 1 ||
         (d2 = ma_hex2int(*(p+1))) == -1 ||
diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
@@ -3709,15 +3709,9 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
     break;
   case MARIADB_TLS_LIBRARY:
 #ifdef HAVE_TLS
-#ifdef HAVE_GNUTLS
-    *((const char **)arg)= "GNUTLS";
-#elif HAVE_OPENSSL
-    *((const char **)arg)= "OPENSSL";
-#elif HAVE_SCHANNEL
-    *((const char **)arg)= "SCHANNEL";
-#endif
+    *((char **)arg)= tls_library_version;
 #else
-    *((char **)arg)= "OFF";
+    *((char **)arg)= "Off";
 #endif
     break;
   case MARIADB_CLIENT_VERSION:
diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c
@@ -969,6 +969,8 @@ int ma_tls_start(char *errmsg, size_t errmsg_len)
     ma_tls_get_error(errmsg, errmsg_len, rc);
     goto end;
   }
+  snprint(tls_library_version, TLS_VERSION_LENGTH - 1, "GnuTLS %s",
+          gnutls_check_version(NULL));
   ma_tls_initialized= TRUE;
 end:
   pthread_mutex_unlock(&LOCK_gnutls_config);
diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c
@@ -26,6 +26,7 @@
 #include <mysql/client_plugin.h>
 #include <string.h>
 #include <openssl/ssl.h> /* SSL and SSL_CTX */
+#include <openssl/crypto.h> /* for OpenSSL_version */
 #include <openssl/err.h> /* error reporting */
 #include <openssl/conf.h>
 #include <openssl/md4.h>
@@ -60,7 +61,7 @@ extern my_bool ma_tls_initialized;
 extern unsigned int mariadb_deinitialize_ssl;
 
 #define MAX_SSL_ERR_LEN 100
-
+char tls_library_version[TLS_VERSION_LENGTH];
 static pthread_mutex_t LOCK_openssl_config;
 #ifndef HAVE_OPENSSL_1_1_API
 static pthread_mutex_t *LOCK_crypto= NULL;
@@ -319,6 +320,13 @@ int ma_tls_start(char *errmsg __attribute__((unused)), size_t errmsg_len __attri
   ma_BIO_method.bwrite= ma_bio_write;
 #endif
   rc= 0;
+  snprintf(tls_library_version, TLS_VERSION_LENGTH - 1, "%s",
+#if defined(LIBRESSL_VERSION_NUMBER) || !defined(HAVE_OPENSSL_1_1_API)
+           SSLeay_version(SSLEAY_VERSION));
+#else
+           OpenSSL_version(OPENSSL_VERSION));
+#endif
+
   ma_tls_initialized= TRUE;
 end:
   pthread_mutex_unlock(&LOCK_openssl_config);
diff --git a/libmariadb/secure/schannel.c b/libmariadb/secure/schannel.c
@@ -21,8 +21,8 @@
 
 #pragma comment (lib, "crypt32.lib")
 #pragma comment (lib, "secur32.lib")
+#pragma comment (lib, "version.lib")
 
-//#define VOID void
 
 extern my_bool ma_tls_initialized;
 
@@ -31,6 +31,8 @@ extern my_bool ma_tls_initialized;
 #define PROT_TLS1_2 4
 #define PROT_TLS1_3 8
 
+char tls_library_version[TLS_VERSION_LENGTH];
+
 static struct
 {
   DWORD cipher_id;
@@ -161,7 +163,6 @@ cipher_map[] =
 #define MAX_ALG_ID 50
 
 void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo);
-void ma_schannel_set_win_error(MYSQL *mysql);
 
 /*
   Initializes SSL and allocate global
@@ -176,7 +177,31 @@ void ma_schannel_set_win_error(MYSQL *mysql);
 */
 int ma_tls_start(char *errmsg, size_t errmsg_len)
 {
+  DWORD size;
+  DWORD handle;
 
+  if ((size= GetFileVersionInfoSize("schannel.dll", &handle)))
+  {
+    LPBYTE VersionInfo;
+    if ((VersionInfo = (LPBYTE)malloc(size)))
+    {
+      unsigned int len;
+      VS_FIXEDFILEINFO *fileinfo;
+
+      GetFileVersionInfo("schannel.dll", 0, size, VersionInfo);
+      VerQueryValue(VersionInfo, "\\", (LPVOID *)&fileinfo, &len);
+      snprintf(tls_library_version, TLS_VERSION_LENGTH - 1, "Schannel %d.%d.%d.%d\n",
+        HIWORD(fileinfo->dwFileVersionMS),
+        LOWORD(fileinfo->dwFileVersionMS),
+        HIWORD(fileinfo->dwFileVersionLS),
+        LOWORD(fileinfo->dwFileVersionLS));
+      free(VersionInfo);
+      goto end;
+    }
+  }
+  /* this shouldn't happen anyway */
+  strcpy(tls_library_version, "Schannel 0.0.0.0");
+end:
   ma_tls_initialized = TRUE;
   return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -969,6 +969,8 @@ int ma_tls_start(char *errmsg, size_t errmsg_len)`
`969`	`969`	`ma_tls_get_error(errmsg, errmsg_len, rc);`
`970`	`970`	`goto end;`
`971`	`971`	`}`
	`972`	`+ snprint(tls_library_version, TLS_VERSION_LENGTH - 1, "GnuTLS %s",`
	`973`	`+ gnutls_check_version(NULL));`
`972`	`974`	`ma_tls_initialized= TRUE;`
`973`	`975`	`end:`
`974`	`976`	`pthread_mutex_unlock(&LOCK_gnutls_config);`