CONC-394: Some TLS related options are not settable in configuration …

…file The following options are now supported in configuration files: * ssl_enforce (bool) * ssl_crl (string) * ssl_crlpath (string)
mariadb-corporation · Apr 6, 2019 · ad385b9 · ad385b9
1 parent a8bec1c
commit ad385b9
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
@@ -621,6 +621,8 @@ struct st_default_options mariadb_defaults[] =
   {MYSQL_OPT_SSL_CERT, MARIADB_OPTION_STR,"ssl-cert"},
   {MYSQL_OPT_SSL_CA, MARIADB_OPTION_STR,"ssl-ca"},
   {MYSQL_OPT_SSL_CAPATH, MARIADB_OPTION_STR,"ssl-capath"},
+  {MYSQL_OPT_SSL_CRL, MARIADB_OPTION_STR,"ssl-crl"},
+  {MYSQL_OPT_SSL_CRLPATH, MARIADB_OPTION_STR,"ssl-crlpath"},
   {MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MARIADB_OPTION_BOOL,"ssl-verify-server-cert"},
   {MYSQL_SET_CHARSET_DIR, MARIADB_OPTION_STR, "character-sets-dir"},
   {MYSQL_SET_CHARSET_NAME, MARIADB_OPTION_STR, "default-character-set"},
@@ -648,6 +650,7 @@ struct st_default_options mariadb_defaults[] =
   {MARIADB_OPT_TLS_VERSION, MARIADB_OPTION_STR, "tls_version"},
   {MYSQL_SERVER_PUBLIC_KEY, MARIADB_OPTION_STR, "server_public_key"},
   {MYSQL_OPT_BIND, MARIADB_OPTION_STR, "bind-address"},
+  {MYSQL_OPT_SSL_ENFORCE, MARIADB_OPTION_BOOL, "ssl-enforce"},
   {0, 0, NULL}
 };
 

diff --git a/unittest/libmariadb/misc.c b/unittest/libmariadb/misc.c
@@ -1385,7 +1385,50 @@ static int test_conc395(MYSQL *unused __attribute__((unused)))
 }
 #endif
 
+static int test_sslenforce(MYSQL *unused __attribute__((unused)))
+{
+  MYSQL *mysql;
+  FILE *fp= NULL;
+  const char *env= getenv("MYSQL_TMP_DIR");
+  char cnf_file1[FN_REFLEN + 1];
+
+  if (travis_test)
+    return SKIP;
+
+  if (!env)
+    env= "/tmp";
+  setenv("HOME", env, 1);
+
+  snprintf(cnf_file1, FN_REFLEN, "%s%c.my.cnf", env, FN_LIBCHAR);
+
+  if (travis_test)
+    return SKIP;
+
+
+  FAIL_IF(!access(cnf_file1, R_OK), "access");
+
+  mysql= mysql_init(NULL);
+  fp= fopen(cnf_file1, "w");
+  FAIL_IF(!fp, "fopen");
+
+  /* Mix dash and underscore */
+  fprintf(fp, "[client]\nssl_enforce=1\n");
+  fclose(fp);
+
+  mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "");
+  my_test_connect(mysql, hostname, username, password,
+                  schema, 0, socketname, 0);
+
+  remove(cnf_file1);
+
+  FAIL_IF(!mysql_get_ssl_cipher(mysql), "no secure connection");
+  mysql_close(mysql);
+  return OK;
+}
+
+
 struct my_tests_st my_tests[] = {
+  {"test_sslenforce", test_sslenforce, TEST_CONNECTION_NONE, 0, NULL, NULL},
   {"test_conc384", test_conc384, TEST_CONNECTION_NONE, 0, NULL, NULL},
 #ifndef _WIN32
   {"test_mdev12965", test_mdev12965, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},