Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Since we use TLS and not SSL functions and structures were renamed 
from SSL to TLS
  • Loading branch information
@9EOR9
9EOR9 committed Mar 16, 2016
1 parent f68b89b commit 4b1e94b
Show file tree
Hide file tree
Showing 18 changed files with 329 additions and 1,182 deletions.
9 changes: 5 additions & 4 deletions include/ma_common.h
View file
Expand Up @@ -49,13 +49,14 @@ struct st_mysql_options_extension {
const char *proc_info,
unsigned int proc_info_length);
MARIADB_DB_DRIVER *db_driver;
char *ssl_fp; /* finger print of server certificate */
char *ssl_fp_list; /* white list of finger prints */
char *ssl_pw; /* password for encrypted certificates */
char *tls_fp; /* finger print of server certificate */
char *tls_fp_list; /* white list of finger prints */
char *tls_pw; /* password for encrypted certificates */
my_bool multi_command; /* indicates if client wants to send multiple
commands in one packet */
char *url; /* for connection handler we need to save URL for reconnect */
unsigned int ssl_cipher_strength;
unsigned int tls_cipher_strength;
char *tls_version;
my_bool read_only;
char *connection_handler;
my_bool (*set_option)(MYSQL *mysql, const char *config_option, const char *config_value);
Expand Down
6 changes: 3 additions & 3 deletions include/ma_pvio.h
View file
Expand Up @@ -3,9 +3,9 @@
#define cio_defined

#ifdef HAVE_SSL
#include <ma_ssl.h>
#include <ma_tls.h>
#else
#define MARIADB_SSL void
#define MARIADB_TLS void
#endif

#define PVIO_SET_ERROR if (pvio->set_error) \
Expand Down Expand Up @@ -78,7 +78,7 @@ struct st_ma_pvio {
enum enum_pvio_type type;
int timeout[3];
int ssl_type; /* todo: change to enum (ssl plugins) */
MARIADB_SSL *cssl;
MARIADB_TLS *ctls;
MYSQL *mysql;
struct mysql_async_context *async_context; /* For non-blocking API */
PVIO_METHODS *methods;
Expand Down
98 changes: 49 additions & 49 deletions include/ma_ssl.h → include/ma_tls.h
View file
@@ -1,7 +1,7 @@
#ifndef _ma_ssl_h_
#define _ma_ssl_h_
#ifndef _ma_tls_h_
#define _ma_tls_h_

enum enum_pvio_ssl_type {
enum enum_pvio_tls_type {
SSL_TYPE_DEFAULT=0,
#ifdef _WIN32
SSL_TYPE_SCHANNEL,
Expand All @@ -10,11 +10,11 @@ enum enum_pvio_ssl_type {
SSL_TYPE_GNUTLS
};

typedef struct st_ma_pvio_ssl {
typedef struct st_ma_pvio_tls {
void *data;
MARIADB_PVIO *pvio;
void *ssl;
} MARIADB_SSL;
} MARIADB_TLS;

struct st_ssl_version {
unsigned int iversion;
Expand All @@ -23,7 +23,7 @@ struct st_ssl_version {

/* Function prototypes */

/* ma_ssl_start
/* ma_tls_start
initializes the ssl library
Parameter:
errmsg pointer to error message buffer
Expand All @@ -32,17 +32,17 @@ struct st_ssl_version {
0 success
1 if an error occured
Notes:
On success the global variable ma_ssl_initialized will be set to 1
On success the global variable ma_tls_initialized will be set to 1
*/
int ma_ssl_start(char *errmsg, size_t errmsg_len);
int ma_tls_start(char *errmsg, size_t errmsg_len);

/* ma_ssl_end
/* ma_tls_end
unloads/deinitializes ssl library and unsets global variable
ma_ssl_initialized
ma_tls_initialized
*/
void ma_ssl_end(void);
void ma_tls_end(void);

/* ma_ssl_init
/* ma_tls_init
creates a new SSL structure for a SSL connection and loads
client certificates
Expand All @@ -51,106 +51,106 @@ void ma_ssl_end(void);
Returns:
void * a pointer to internal SSL structure
*/
void * ma_ssl_init(MYSQL *mysql);
void * ma_tls_init(MYSQL *mysql);

/* ma_ssl_connect
/* ma_tls_connect
performs SSL handshake
Parameters:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
0 success
1 error
*/
my_bool ma_ssl_connect(MARIADB_SSL *cssl);
my_bool ma_tls_connect(MARIADB_TLS *ctls);

/* ma_ssl_read
/* ma_tls_read
reads up to length bytes from socket
Parameters:
cssl MariaDB SSL container
ctls MariaDB SSL container
buffer read buffer
length buffer length
Returns:
0-n bytes read
-1 if an error occured
*/
size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length);
size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);

/* ma_ssl_write
/* ma_tls_write
write buffer to socket
Parameters:
cssl MariaDB SSL container
ctls MariaDB SSL container
buffer write buffer
length buffer length
Returns:
0-n bytes written
-1 if an error occured
*/
size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length);
size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);

/* ma_ssl_close
/* ma_tls_close
closes SSL connection and frees SSL structure which was previously
created by ma_ssl_init call
created by ma_tls_init call
Parameters:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
0 success
1 error
*/
my_bool ma_ssl_close(MARIADB_SSL *cssl);
my_bool ma_tls_close(MARIADB_TLS *ctls);

/* ma_ssl_verify_server_cert
/* ma_tls_verify_server_cert
validation check of server certificate
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
ß success
1 error
*/
int ma_ssl_verify_server_cert(MARIADB_SSL *cssl);
int ma_tls_verify_server_cert(MARIADB_TLS *ctls);

/* ma_ssl_get_cipher
/* ma_tls_get_cipher
returns cipher for current ssl connection
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
cipher in use or
NULL on error
*/
const char *ma_ssl_get_cipher(MARIADB_SSL *ssl);
const char *ma_tls_get_cipher(MARIADB_TLS *ssl);

/* ma_ssl_get_finger_print
/* ma_tls_get_finger_print
returns SHA1 finger print of server certificate
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
fp buffer for fingerprint
fp_len buffer length
Returns:
actual size of finger print
*/
unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int fp_len);
unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int fp_len);

/* ma_ssl_get_protocol_version
/* ma_tls_get_protocol_version
returns protocol version in use
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
version pointer to ssl version info
Returns:
0 success
1 error
*/
my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version);

/* Function prototypes */
MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql);
my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl);
size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar *buffer, size_t length);
size_t ma_pvio_ssl_write(MARIADB_SSL *cssl, const uchar *buffer, size_t length);
my_bool ma_pvio_ssl_close(MARIADB_SSL *cssl);
int ma_pvio_ssl_verify_server_cert(MARIADB_SSL *cssl);
const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl);
my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list);
MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
size_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
size_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
void ma_pvio_ssl_end();
my_bool ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version);
void ma_pvio_tls_end();

#endif /* _ma_ssl_h_ */
#endif /* _ma_tls_h_ */
4 changes: 2 additions & 2 deletions include/mariadb_async.h
View file
Expand Up @@ -29,9 +29,9 @@ extern ssize_t my_send_async(MARIADB_PVIO *pvio,
extern my_bool my_io_wait_async(struct mysql_async_context *b,
enum enum_pvio_io_event event, int timeout);
#ifdef HAVE_SSL
extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_SSL *ssl,
extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_TLS *tls,
void *buf, int size);
extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_SSL *ssl,
extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_TLS *tls,
const void *buf, int size);
#endif

Expand Down
19 changes: 11 additions & 8 deletions include/mysql.h
View file
Expand Up @@ -214,13 +214,16 @@ extern unsigned int mariadb_deinitialize_ssl;
MYSQL_OPT_NONBLOCK,
/* MariaDB Connector/C specific */
MYSQL_DATABASE_DRIVER=7000,
MARIADB_OPT_SSL_FP, /* single finger print for server certificate verification */
MARIADB_OPT_SSL_FP_LIST, /* finger print white list for server certificate verification */
MARIADB_OPT_SSL_PASSPHRASE, /* passphrase for encrypted certificates */
MARIADB_OPT_SSL_FP, /* deprecated, use MARIADB_OPT_TLS_PEER_FP instead */
MARIADB_OPT_SSL_FP_LIST, /* deprecated, use MARIADB_OPT_TLS_PEER_FP_LIST instead */
MARIADB_OPT_TLS_PASSPHRASE, /* passphrase for encrypted certificates */
MARIADB_OPT_TLS_CIPHER_STRENGTH,
MARIADB_OPT_TLS_VERSION,
MARIADB_OPT_TLS_PEER_FP, /* single finger print for server certificate verification */
MARIADB_OPT_TLS_PEER_FP_LIST, /* finger print white list for server certificate verification */
MARIADB_OPT_CONNECTION_READ_ONLY,
MYSQL_OPT_CONNECT_ATTRS, /* for mysql_get_optionv */
MARIADB_OPT_USERDATA,
MARIADB_OPT_SSL_CIPHER_STRENGTH,
MARIADB_OPT_CONNECTION_HANDLER,
MARIADB_OPT_PORT,
MARIADB_OPT_UNIXSOCKET,
Expand Down Expand Up @@ -259,14 +262,14 @@ extern unsigned int mariadb_deinitialize_ssl;
MARIADB_CONNECTION_SOCKET,
MARIADB_CONNECTION_SQLSTATE,
MARIADB_CONNECTION_SSL_CIPHER,
MARIADB_SSL_LIBRARY,
MARIADB_CONNECTION_SSL_VERSION,
MARIADB_CONNECTION_SSL_VERSION_ID,
MARIADB_TLS_LIBRARY,
MARIADB_CONNECTION_TLS_VERSION,
MARIADB_CONNECTION_TLS_VERSION_ID,
MARIADB_CONNECTION_TYPE,
MARIADB_CONNECTION_UNIX_SOCKET,
MARIADB_CONNECTION_USER,
MARIADB_MAX_ALLOWED_PACKET,
MARIADB_NET_BUFFER_LENGTH
MARIADB_NET_BUFFER_LENGTH,
};

enum mysql_status { MYSQL_STATUS_READY,
Expand Down
2 changes: 1 addition & 1 deletion libmariadb/CMakeLists.txt
View file
Expand Up @@ -251,7 +251,7 @@ ma_errmsg.c
mariadb_lib.c
ma_list.c
ma_pvio.c
ma_ssl.c
ma_tls.c
ma_alloc.c
ma_compress.c
ma_init.c
Expand Down

0 comments on commit 4b1e94b

Please sign in to comment.