ODBC-283 Support of private key passphrase

Name of the option is TLSKEYPWD. Also added field in the setup dialog for SSLCRL option. Moved RSA server key field to other tab, as it's not really related to TLS. Updated C/C submodule to 3.1.8 version.
mariadb-corporation · May 18, 2020 · b791dd9 · b791dd9
1 parent 2b420d7
commit b791dd9
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 22 deletions.
diff --git a/dsn/odbc_dsn.c b/dsn/odbc_dsn.c
@@ -16,7 +16,6 @@
    or write to the Free Software Foundation, Inc., 
    51 Franklin St., Fifth Floor, Boston, MA 02110, USA
 *************************************************************************************/
-#define WIN32_LEAN_AND_MEAN
 
 #include <Windows.h>
 #include <stdlib.h>
@@ -83,6 +82,7 @@ MADB_DsnMap DsnMap[] = {
   {&DsnKeys[14], 2, ckReconnect,          0, 0},
   {&DsnKeys[15], 2, ckConnectPrompt,      0, 0},
   {&DsnKeys[16], 2, cbCharset,            0, 0},
+  {&DsnKeys[34], 2, txtServerKey,       260, 0},
   {&DsnKeys[18], 3, txtPluginDir,       260, 0},
   {&DsnKeys[19], 4, txtSslKey,          260, 0},
   {&DsnKeys[20], 4, txtSslCert,         260, 0},
@@ -94,7 +94,7 @@ MADB_DsnMap DsnMap[] = {
   {&DsnKeys[32], 4, cbTls12,              2, 0},
   {&DsnKeys[32], 4, cbTls13,              4, 0},
   {&DsnKeys[33], 4, cbForceTls,           0, 0},
-  {&DsnKeys[34], 4, txtServerKey,       260, 0},
+  {&DsnKeys[27], 4, txtCrl,               0, 0},
   {&DsnKeys[25], 4, txtTlsPeerFp,       41, 0},
   {&DsnKeys[26], 4, txtTlsPeerFpList,   260, 0 },
   {NULL, 0, 0, 0, 0}
@@ -729,6 +729,10 @@ INT_PTR CALLBACK DialogDSNProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lPara
       res=   SelectPath(hDlg, txtTlsPeerFpList, L"Select File with SHA1 fingerprints of server certificates", FALSE, OpenCurSelection);
       OpenCurSelection= OpenCurSelection && !res;
       return res;
+    case pbCrlBrowse:
+      res = SelectPath(hDlg, txtCrl, L"Select PEM File Certificate Revocation List(CRL)", FALSE, OpenCurSelection);
+      OpenCurSelection = OpenCurSelection && !res;
+      return res;
     case rbTCP:
 	  case rbPipe:
 		  if (HIWORD(wParam) == BN_CLICKED)

diff --git a/dsn/odbc_dsn.rc b/dsn/odbc_dsn.rc
@@ -129,21 +129,27 @@ Page_2 DIALOGEX 0, 0, 299, 182
 STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
-    LTEXT           "Do you want tio send initial statement(s) after establishing connection to MariaDB?",IDC_STATIC,7,7,264,8,0,WS_EX_TRANSPARENT
-    EDITTEXT        txtInitCmd,74,30,197,39,ES_MULTILINE | ES_AUTOHSCROLL | WS_VSCROLL
-    LTEXT           "Statement(s):",IDC_STATIC,20,32,46,8,0,WS_EX_TRANSPARENT
-    RTEXT           "Connection timeout in sec:",IDC_STATIC,17,77,86,8,0,WS_EX_TRANSPARENT
-    EDITTEXT        txtConnectionTimeOut,111,75,40,14,ES_AUTOHSCROLL
-    CONTROL         "Enable automatic &reconnect",ckReconnect,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,94,107,10,WS_EX_TRANSPARENT
-    CONTROL         "Don't prompt when connecting",ckConnectPrompt,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,110,113,10,WS_EX_TRANSPARENT
-    CONTROL         "Use compression",ckCompressed,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,94,107,10,WS_EX_TRANSPARENT
-    CONTROL         "Read odbc section from my.cnf",ckUseMycnf,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,110,198,10,WS_EX_TRANSPARENT
+    LTEXT           "Do you want to send initial statement(s) after establishing connection to MariaDB?",IDC_STATIC,7,0,264,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtInitCmd,74,15,197,39,ES_MULTILINE | ES_AUTOHSCROLL | WS_VSCROLL
+    LTEXT           "Statement(s):",IDC_STATIC,20,17,46,8,0,WS_EX_TRANSPARENT
+    RTEXT           "Connection timeout in sec:",IDC_STATIC,17,62,86,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtConnectionTimeOut,111,60,40,14,ES_AUTOHSCROLL
+    CONTROL         "Enable automatic &reconnect",ckReconnect,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,79,107,10,WS_EX_TRANSPARENT
+    CONTROL         "Don't prompt when connecting",ckConnectPrompt,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,95,113,10,WS_EX_TRANSPARENT
+    CONTROL         "Use compression",ckCompressed,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,79,107,10,WS_EX_TRANSPARENT
+    CONTROL         "Read odbc section from my.cnf",ckUseMycnf,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,95,198,10,WS_EX_TRANSPARENT
+
+    COMBOBOX        cbCharset,113,110,160,80,CBS_DROPDOWN | CBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
+    RTEXT           "Connection Character Set:",IDC_STATIC,7,113,96,8,0,WS_EX_TRANSPARENT
+
+    RTEXT           "Server RSA public key:",IDC_STATIC,15,128,88,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtServerKey,113,127,110,12,ES_AUTOHSCROLL
+    PUSHBUTTON      "Browse",pbServerKeyBrowse,224,126,30,14
+
     PUSHBUTTON      "Cancel",IDCANCEL,178,149,50,14
     PUSHBUTTON      "Next >",PB_NEXT,104,149,50,14
     PUSHBUTTON      "< Previous",PB_PREV,50,149,50,14,WS_DISABLED
     PUSHBUTTON      "Help",IDCANCEL4,236,149,50,14
-    COMBOBOX        cbCharset,113,127,160,80,CBS_DROPDOWN | CBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
-    RTEXT           "Connection Character Set:",IDC_STATIC,7,130,96,8,0,WS_EX_TRANSPARENT
 END
 
 Page_3 DIALOGEX 0, 0, 299, 182
@@ -165,11 +171,11 @@ BEGIN
     PUSHBUTTON      "Help",IDCANCEL4,236,149,50,14
 END
 
-Page_4 DIALOGEX 0, 0, 299, 182
+Page_4 DIALOGEX -10, -9, 320, 188
 STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
-    GROUPBOX        "SSL Settings",IDC_STATIC,7,-2,278,148,0,WS_EX_TRANSPARENT
+    GROUPBOX        "TLS Settings",IDC_STATIC,1,-2,303,151,0,WS_EX_TRANSPARENT
 
     LTEXT           "Key",IDC_STATIC,15,10,56,8,0,WS_EX_TRANSPARENT
     EDITTEXT        txtSslKey,84,10,110,10,ES_AUTOHSCROLL
@@ -199,11 +205,11 @@ BEGIN
     CONTROL         "v.1.2",cbTls12,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,155,91,30,10,WS_EX_TRANSPARENT
     CONTROL         "v.1.3",cbTls13,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,185,91,30,10,WS_EX_TRANSPARENT
 
-    LTEXT           "Server public key",IDC_STATIC,15,104,68,8,0,WS_EX_TRANSPARENT
-    EDITTEXT        txtServerKey,84,104,110,10,ES_AUTOHSCROLL
-    PUSHBUTTON      "Browse",pbServerKeyBrowse,195,102,30,14
+    LTEXT           "CRL File",IDC_STATIC,15,104,68,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtCrl,84,104,110,10,ES_AUTOHSCROLL
+    PUSHBUTTON      "Browse",pbCrlBrowse,195,102,30,14
 
-    LTEXT           "Tls Peer Fingerprint", IDC_STATIC, 15, 118, 68, 8, 0, WS_EX_TRANSPARENT
+    LTEXT           "TLS Peer Fingerprint", IDC_STATIC, 15, 118, 68, 8, 0, WS_EX_TRANSPARENT
     EDITTEXT        txtTlsPeerFp, 84, 118, 110, 10, ES_AUTOHSCROLL
 
     LTEXT           "Fingerprints List File", IDC_STATIC, 15, 132, 68, 8, 0, WS_EX_TRANSPARENT

diff --git a/dsn/resource.h b/dsn/resource.h
diff --git a/libmariadb b/libmariadb
diff --git a/ma_connection.c b/ma_connection.c
@@ -777,6 +777,10 @@ SQLRETURN MADB_DbcConnectDB(MADB_Dbc *Connection,
     mysql_optionsv(Connection->mariadb, MYSQL_OPT_SSL_ENFORCE, (const char*)&ForceTls);
   }
 
+  if (!MADB_IS_EMPTY(Dsn->SslCrl))
+  {
+    mysql_optionsv(Connection->mariadb, MYSQL_OPT_SSL_CRL, Dsn->SslCrl);
+  }
   if (!MADB_IS_EMPTY(Dsn->SslCrlPath))
   {
     mysql_optionsv(Connection->mariadb, MYSQL_OPT_SSL_CRLPATH, Dsn->SslCrlPath);
@@ -796,6 +800,11 @@ SQLRETURN MADB_DbcConnectDB(MADB_Dbc *Connection,
     mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PEER_FP_LIST, (void*)Dsn->TlsPeerFpList);
   }
 
+  if (!MADB_IS_EMPTY(Dsn->TlsKeyPwd))
+  {
+    mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PASSPHRASE, (void*)Dsn->TlsKeyPwd);
+  }
+
   if (!mysql_real_connect(Connection->mariadb,
       Dsn->Socket ? "localhost" : Dsn->ServerName, Dsn->UserName, Dsn->Password,
         Dsn->Catalog && Dsn->Catalog[0] ? Dsn->Catalog : NULL, Dsn->Port, Dsn->Socket, client_flags))

diff --git a/ma_dsn.c b/ma_dsn.c
@@ -72,7 +72,8 @@ MADB_DsnKey DsnKeys[]=
   {"USE_MYCNF",      offsetof(MADB_Dsn, ReadMycnf),         DSN_TYPE_OPTION, MADB_OPT_FLAG_USE_CNF, 0},
   {"TLSVERSION",     offsetof(MADB_Dsn, TlsVersion),        DSN_TYPE_CBOXGROUP, 0, 0},
   {"FORCETLS",       offsetof(MADB_Dsn, ForceTls),          DSN_TYPE_BOOL,   0, 0},
-  {"SERVERKEY",      offsetof(MADB_Dsn, ServerKey),         DSN_TYPE_STRING,   0, 0},
+  {"SERVERKEY",      offsetof(MADB_Dsn, ServerKey),         DSN_TYPE_STRING, 0, 0},
+  {"TLSKEYPWD",      offsetof(MADB_Dsn, TlsKeyPwd),         DSN_TYPE_STRING, 0, 0},
   /* Aliases. Here offset is index of aliased key */
   {"SERVERNAME",     DSNKEY_SERVER_INDEX,                   DSN_TYPE_STRING, 0, 1},
   {"USER",           DSNKEY_UID_INDEX,                      DSN_TYPE_STRING, 0, 1},
@@ -156,7 +157,7 @@ void MADB_DSN_Free(MADB_Dsn *Dsn)
   MADB_FREE(Dsn->TlsPeerFpList);
   MADB_FREE(Dsn->SaveFile);
   MADB_FREE(Dsn->ServerKey);
-
+  MADB_FREE(Dsn->TlsKeyPwd);
   if (Dsn->FreeMe)
     MADB_FREE(Dsn); 
 }

diff --git a/ma_dsn.h b/ma_dsn.h
@@ -129,6 +129,7 @@ typedef struct st_madb_dsn
   char *SslCrlPath;
   char *TlsPeerFp;
   char *TlsPeerFpList;
+  char *TlsKeyPwd;
   my_bool SslVerify;
   char TlsVersion;
   my_bool ForceTls;