Skip to content

Commit

Permalink
ODBC-240 Added use of Peer Fingerprint and FP list
Browse files Browse the repository at this point in the history 
Changed connection string option names to be TLSPEERFP and
TLSPEERFPLIST, respectively. While leaved old names(SSLFP and SSLFPLIST) as aliases.
Added input fields to the setup dialog on Windows.
Previous commit missed memory freeing for the new field - added here.
  • Loading branch information
@lawrinn
lawrinn committed Sep 12, 2019
1 parent f2129e5 commit df066bd
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 13 deletions.
6 changes: 6 additions & 0 deletions dsn/odbc_dsn.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,8 @@ MADB_DsnMap DsnMap[] = {
{&DsnKeys[32], 4, cbTls13, 4, 0},
{&DsnKeys[33], 4, cbForceTls, 0, 0},
{&DsnKeys[34], 4, txtServerKey, 260, 0},
{&DsnKeys[25], 4, txtTlsPeerFp, 41, 0},
{&DsnKeys[26], 4, txtTlsPeerFpList, 260, 0 },
{NULL, 0, 0, 0, 0}
};

Expand Down Expand Up @@ -656,6 +658,10 @@ INT_PTR CALLBACK DialogDSNProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lPara
res= SelectPath(hDlg, txtServerKey, L"Select Server Public Key File", FALSE, OpenCurSelection);
OpenCurSelection= OpenCurSelection && !res;
return res;
case pbFpListBrowse:
res= SelectPath(hDlg, txtTlsPeerFpList, L"Select File with SHA1 fingerprints of server certificates", FALSE, OpenCurSelection);
OpenCurSelection= OpenCurSelection && !res;
return res;
case rbTCP:
case rbPipe:
if (HIWORD(wParam) == BN_CLICKED)
Expand Down
20 changes: 13 additions & 7 deletions dsn/odbc_dsn.rc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,15 +194,21 @@ BEGIN

CONTROL "Force TLS Use",cbForceTls,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,84,80,97,10,WS_EX_TRANSPARENT

LTEXT "Allowed TLS versions(Not checking any means, that all are allowed)",IDC_STATIC,15,94,264,8,0,WS_EX_TRANSPARENT
CONTROL "v.1.1",cbTls11,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,15,105,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.2",cbTls12,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,45,105,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.3",cbTls13,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,105,30,10,WS_EX_TRANSPARENT
LTEXT "Permit only specific TLS versions",IDC_STATIC,15,91,110,8,0,WS_EX_TRANSPARENT
CONTROL "v.1.1",cbTls11,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,125,91,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.2",cbTls12,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,155,91,30,10,WS_EX_TRANSPARENT
CONTROL "v.1.3",cbTls13,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,185,91,30,10,WS_EX_TRANSPARENT

LTEXT "Server public key",IDC_STATIC,15,119,68,8,0,WS_EX_TRANSPARENT
EDITTEXT txtServerKey,84,119,110,10,ES_AUTOHSCROLL
PUSHBUTTON "Browse",pbServerKeyBrowse,195,117,30,14
LTEXT "Server public key",IDC_STATIC,15,104,68,8,0,WS_EX_TRANSPARENT
EDITTEXT txtServerKey,84,104,110,10,ES_AUTOHSCROLL
PUSHBUTTON "Browse",pbServerKeyBrowse,195,102,30,14

LTEXT "Tls Peer Fingerprint", IDC_STATIC, 15, 118, 68, 8, 0, WS_EX_TRANSPARENT
EDITTEXT txtTlsPeerFp, 84, 118, 110, 10, ES_AUTOHSCROLL

LTEXT "Fingerprints List File", IDC_STATIC, 15, 132, 68, 8, 0, WS_EX_TRANSPARENT
EDITTEXT txtTlsPeerFpList, 84, 132, 110, 10, ES_AUTOHSCROLL
PUSHBUTTON "Browse", pbFpListBrowse, 195, 130, 30, 14

PUSHBUTTON "Cancel",IDCANCEL,178,149,50,14
PUSHBUTTON "Next >",PB_NEXT,104,149,50,14
Expand Down
Binary file modified dsn/resource.h
View file
Binary file not shown.
9 changes: 9 additions & 0 deletions ma_connection.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,6 +786,15 @@ SQLRETURN MADB_DbcConnectDB(MADB_Dbc *Connection,
mysql_optionsv(Connection->mariadb, MYSQL_SERVER_PUBLIC_KEY, Dsn->ServerKey);
}

if (!MADB_IS_EMPTY(Dsn->TlsPeerFp))
{
mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PEER_FP, (void*)Dsn->TlsPeerFp);
}
if (!MADB_IS_EMPTY(Dsn->TlsPeerFpList))
{
mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PEER_FP_LIST, (void*)Dsn->TlsPeerFpList);
}

if (!mysql_real_connect(Connection->mariadb,
Dsn->Socket ? "localhost" : Dsn->ServerName, Dsn->UserName, Dsn->Password,
Dsn->Catalog && Dsn->Catalog[0] ? Dsn->Catalog : NULL, Dsn->Port, Dsn->Socket, client_flags))
Expand Down
14 changes: 10 additions & 4 deletions ma_dsn.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@
#define DSNKEY_UID_INDEX 8
#define DSNKEY_PWD_INDEX 9
#define DSNKEY_DATABASE_INDEX 10
#define DSNKEY_FP_INDEX 25
#define DSNKEY_FPLIST_INDEX 26


MADB_DsnKey DsnKeys[]=
{
Expand Down Expand Up @@ -60,8 +63,8 @@ MADB_DsnKey DsnKeys[]=
{"SSLCAPATH", offsetof(MADB_Dsn, SslCaPath), DSN_TYPE_STRING, 0, 0},
{"SSLCIPHER", offsetof(MADB_Dsn, SslCipher), DSN_TYPE_STRING, 0, 0},
{"SSLVERIFY", offsetof(MADB_Dsn, SslVerify), DSN_TYPE_BOOL, 0, 0},
{"SSLFP", offsetof(MADB_Dsn, SslFp), DSN_TYPE_STRING, 0, 0},
{"SSLFPLIST", offsetof(MADB_Dsn, SslFpList), DSN_TYPE_STRING, 0, 0},
{"TLSPEERFP", offsetof(MADB_Dsn, TlsPeerFp), DSN_TYPE_STRING, 0, 0},
{"TLSPEERFPLIST", offsetof(MADB_Dsn, TlsPeerFpList), DSN_TYPE_STRING, 0, 0},
{"SSLCRL", offsetof(MADB_Dsn, SslCrl), DSN_TYPE_STRING, 0, 0},
{"SSLCRLPATH", offsetof(MADB_Dsn, SslCrlPath), DSN_TYPE_STRING, 0, 0},
{"SOCKET", offsetof(MADB_Dsn, Socket), DSN_TYPE_STRING, 0, 0},
Expand All @@ -75,6 +78,8 @@ MADB_DsnKey DsnKeys[]=
{"USER", DSNKEY_UID_INDEX, DSN_TYPE_STRING, 0, 1},
{"PASSWORD", DSNKEY_PWD_INDEX, DSN_TYPE_STRING, 0, 1},
{"DB", DSNKEY_DATABASE_INDEX, DSN_TYPE_COMBO, 0, 1},
{"SSLFP", DSNKEY_FP_INDEX, DSN_TYPE_STRING, 0, 1},
{"SSLFPLIST", DSNKEY_FPLIST_INDEX, DSN_TYPE_STRING, 0, 1},

/* Terminating Null */
{NULL, 0, DSN_TYPE_BOOL,0,0}
Expand Down Expand Up @@ -147,9 +152,10 @@ void MADB_DSN_Free(MADB_Dsn *Dsn)
MADB_FREE(Dsn->SslCipher);
MADB_FREE(Dsn->SslCrl);
MADB_FREE(Dsn->SslCrlPath);
MADB_FREE(Dsn->SslFp);
MADB_FREE(Dsn->SslFpList);
MADB_FREE(Dsn->TlsPeerFp);
MADB_FREE(Dsn->TlsPeerFpList);
MADB_FREE(Dsn->SaveFile);
MADB_FREE(Dsn->ServerKey);

if (Dsn->FreeMe)
MADB_FREE(Dsn);
Expand Down
4 changes: 2 additions & 2 deletions ma_dsn.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,8 @@ typedef struct st_madb_dsn
char *SslCipher;
char *SslCrl;
char *SslCrlPath;
char *SslFp;
char *SslFpList;
char *TlsPeerFp;
char *TlsPeerFpList;
my_bool SslVerify;
char TlsVersion;
my_bool ForceTls;
Expand Down

0 comments on commit df066bd

Please sign in to comment.