Skip to content

Commit 3bd5589

Browse files
committed
WL#6791 : Redefine client --ssl option to imply enforced encryption
# Changed the meaning of the --ssl=1 option of all client binaries to mean force ssl, not try ssl and fail over to eunecrypted # Added a new MYSQL_OPT_SSL_ENFORCE mysql_options() option to specify that an ssl connection is required. # Added a new macro SSL_SET_OPTIONS() to the client SSL handling headers that sets all the relevant SSL options at once. # Revamped all of the current native clients to use the new macro # Removed some Windows line endings. # Added proper handling of the new option into the ssl helper headers. # If SSL is mandatory assume that the media is secure enough for the sha256 plugin to do unencrypted password exchange even before establishing a connection. # Set the default ssl cipher to DHE-RSA-AES256-SHA if none is specified. # updated test cases that require a non-default cipher to spawn a mysql command line tool binary since mysqltest has no support for specifying ciphers. # updated the replication slave connection code to always enforce SSL if any of the SSL config options is present. # test cases added and updated. # added a mysql_get_option() API to return mysql_options() values. Used the new API inside the sha256 plugin. # Fixed compilation warnings because of unused variables. # Fixed test failures (mysql_ssl and bug13115401) # Fixed whitespace issues. # Fully implemented the mysql_get_option() function. # Added a test case for mysql_get_option() # fixed some trailing whitespace issues # fixed some uint/int warnings in mysql_client_test.c # removed shared memory option from non-windows get_options tests # moved MYSQL_OPT_LOCAL_INFILE to the uint options
1 parent 6958f5f commit 3bd5589

29 files changed

+514
-167
lines changed

Diff for: client/mysql.cc

+1-11
Original file line numberDiff line numberDiff line change
@@ -4953,17 +4953,7 @@ init_connection_options(MYSQL *mysql)
49534953
if (using_opt_local_infile)
49544954
mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, (char*) &opt_local_infile);
49554955

4956-
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
4957-
if (opt_use_ssl)
4958-
{
4959-
mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
4960-
opt_ssl_capath, opt_ssl_cipher);
4961-
mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
4962-
mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
4963-
}
4964-
mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
4965-
(char*) &opt_ssl_verify_server_cert);
4966-
#endif
4956+
SSL_SET_OPTIONS(mysql);
49674957

49684958
if (opt_protocol)
49694959
mysql_options(mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol);

Diff for: client/mysql_secure_installation.cc

+1-11
Original file line numberDiff line numberDiff line change
@@ -158,17 +158,7 @@ my_arguments_get_one_option(int optid,
158158
static void
159159
init_connection_options(MYSQL *mysql)
160160
{
161-
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
162-
if (opt_use_ssl)
163-
{
164-
mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
165-
opt_ssl_capath, opt_ssl_cipher);
166-
mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
167-
mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
168-
}
169-
mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
170-
(char*) &opt_ssl_verify_server_cert);
171-
#endif
161+
SSL_SET_OPTIONS(mysql);
172162

173163
if (opt_protocol)
174164
mysql_options(mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol);

Diff for: client/mysql_upgrade.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,7 @@ get_one_option(int optid, const struct my_option *opt,
288288
case OPT_WRITE_BINLOG: /* --write-binlog */
289289
add_option= FALSE;
290290
break;
291-
291+
#include <sslopt-case.h>
292292
case 'h': /* --host */
293293
case 'W': /* --pipe */
294294
case 'P': /* --port */

Diff for: client/mysqladmin.cc

+1-11
Original file line numberDiff line numberDiff line change
@@ -361,17 +361,7 @@ int main(int argc,char *argv[])
361361
uint tmp=opt_connect_timeout;
362362
mysql_options(&mysql,MYSQL_OPT_CONNECT_TIMEOUT, (char*) &tmp);
363363
}
364-
#ifdef HAVE_OPENSSL
365-
if (opt_use_ssl)
366-
{
367-
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
368-
opt_ssl_capath, opt_ssl_cipher);
369-
mysql_options(&mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
370-
mysql_options(&mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
371-
}
372-
mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
373-
(char*)&opt_ssl_verify_server_cert);
374-
#endif
364+
SSL_SET_OPTIONS(&mysql);
375365
if (opt_protocol)
376366
mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
377367
#if defined (_WIN32) && !defined (EMBEDDED_LIBRARY)

Diff for: client/mysqlbinlog.cc

+1-11
Original file line numberDiff line numberDiff line change
@@ -1885,17 +1885,7 @@ static Exit_status safe_connect()
18851885
return ERROR_STOP;
18861886
}
18871887

1888-
#ifdef HAVE_OPENSSL
1889-
if (opt_use_ssl)
1890-
{
1891-
mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
1892-
opt_ssl_capath, opt_ssl_cipher);
1893-
mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
1894-
mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
1895-
}
1896-
mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
1897-
(char*) &opt_ssl_verify_server_cert);
1898-
#endif
1888+
SSL_SET_OPTIONS(mysql);
18991889

19001890
if (opt_plugin_dir && *opt_plugin_dir)
19011891
mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir);

Diff for: client/mysqlcheck.c

+1-9
Original file line numberDiff line numberDiff line change
@@ -881,15 +881,7 @@ static int dbConnect(char *host, char *user, char *passwd)
881881
mysql_init(&mysql_connection);
882882
if (opt_compress)
883883
mysql_options(&mysql_connection, MYSQL_OPT_COMPRESS, NullS);
884-
#ifdef HAVE_OPENSSL
885-
if (opt_use_ssl)
886-
{
887-
mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
888-
opt_ssl_capath, opt_ssl_cipher);
889-
mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
890-
mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
891-
}
892-
#endif
884+
SSL_SET_OPTIONS(&mysql_connection);
893885
if (opt_protocol)
894886
mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
895887
if (opt_bind_addr)

Diff for: client/mysqldump.c

+1-11
Original file line numberDiff line numberDiff line change
@@ -1595,17 +1595,7 @@ static int connect_to_db(char *host, char *user,char *passwd)
15951595
mysql_init(&mysql_connection);
15961596
if (opt_compress)
15971597
mysql_options(&mysql_connection,MYSQL_OPT_COMPRESS,NullS);
1598-
#ifdef HAVE_OPENSSL
1599-
if (opt_use_ssl)
1600-
{
1601-
mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
1602-
opt_ssl_capath, opt_ssl_cipher);
1603-
mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
1604-
mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
1605-
}
1606-
mysql_options(&mysql_connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
1607-
(char*)&opt_ssl_verify_server_cert);
1608-
#endif
1598+
SSL_SET_OPTIONS(&mysql_connection);
16091599
if (opt_protocol)
16101600
mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
16111601
if (opt_bind_addr)

Diff for: client/mysqlimport.c

+1-11
Original file line numberDiff line numberDiff line change
@@ -420,17 +420,7 @@ static MYSQL *db_connect(char *host, char *database,
420420
if (opt_local_file)
421421
mysql_options(mysql,MYSQL_OPT_LOCAL_INFILE,
422422
(char*) &opt_local_file);
423-
#ifdef HAVE_OPENSSL
424-
if (opt_use_ssl)
425-
{
426-
mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
427-
opt_ssl_capath, opt_ssl_cipher);
428-
mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
429-
mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
430-
}
431-
mysql_options(mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
432-
(char*)&opt_ssl_verify_server_cert);
433-
#endif
423+
SSL_SET_OPTIONS(mysql);
434424
if (opt_protocol)
435425
mysql_options(mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
436426
if (opt_bind_addr)

Diff for: client/mysqlshow.c

+1-11
Original file line numberDiff line numberDiff line change
@@ -117,17 +117,7 @@ int main(int argc, char **argv)
117117
mysql_init(&mysql);
118118
if (opt_compress)
119119
mysql_options(&mysql,MYSQL_OPT_COMPRESS,NullS);
120-
#ifdef HAVE_OPENSSL
121-
if (opt_use_ssl)
122-
{
123-
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
124-
opt_ssl_capath, opt_ssl_cipher);
125-
mysql_options(&mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
126-
mysql_options(&mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
127-
}
128-
mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
129-
(char*)&opt_ssl_verify_server_cert);
130-
#endif
120+
SSL_SET_OPTIONS(&mysql);
131121
if (opt_protocol)
132122
mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
133123
if (opt_bind_addr)

Diff for: client/mysqlslap.c

+3-11
Original file line numberDiff line numberDiff line change
@@ -144,8 +144,8 @@ static my_bool opt_compress= FALSE, tty_password= FALSE,
144144
const char *auto_generate_sql_type= "mixed";
145145

146146
static unsigned long connect_flags= CLIENT_MULTI_RESULTS |
147-
CLIENT_MULTI_STATEMENTS |
148-
CLIENT_REMEMBER_OPTIONS;
147+
CLIENT_MULTI_STATEMENTS |
148+
CLIENT_REMEMBER_OPTIONS;
149149

150150

151151
static int verbose, delimiter_length;
@@ -335,15 +335,7 @@ int main(int argc, char **argv)
335335
mysql_init(&mysql);
336336
if (opt_compress)
337337
mysql_options(&mysql,MYSQL_OPT_COMPRESS,NullS);
338-
#ifdef HAVE_OPENSSL
339-
if (opt_use_ssl)
340-
{
341-
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
342-
opt_ssl_capath, opt_ssl_cipher);
343-
mysql_options(&mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
344-
mysql_options(&mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
345-
}
346-
#endif
338+
SSL_SET_OPTIONS(&mysql);
347339
if (opt_protocol)
348340
mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
349341
#if defined (_WIN32) && !defined (EMBEDDED_LIBRARY)

Diff for: client/mysqltest.cc

+16-20
Original file line numberDiff line numberDiff line change
@@ -5507,6 +5507,9 @@ void do_connect(struct st_command *command)
55075507
my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0;
55085508
my_bool con_secure_auth= 1;
55095509
struct st_connection* con_slot;
5510+
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
5511+
my_bool save_opt_use_ssl= opt_use_ssl;
5512+
#endif
55105513

55115514
static DYNAMIC_STRING ds_connection_name;
55125515
static DYNAMIC_STRING ds_host;
@@ -5641,23 +5644,22 @@ void do_connect(struct st_command *command)
56415644
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
56425645
if (opt_use_ssl)
56435646
con_ssl= 1;
5644-
#endif
56455647

5646-
if (con_ssl)
5648+
opt_use_ssl= con_ssl;
5649+
5650+
if (opt_use_ssl)
56475651
{
5648-
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
5649-
mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
5650-
opt_ssl_capath, opt_ssl_cipher);
5651-
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
5652-
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
5653-
#if MYSQL_VERSION_ID >= 50000
56545652
/* Turn on ssl_verify_server_cert only if host is "localhost" */
56555653
opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");
5656-
mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
5657-
&opt_ssl_verify_server_cert);
5654+
}
5655+
#else
5656+
/* keep the compiler happy about con_ssl */
5657+
con_ssl = con_ssl ? TRUE : FALSE;
56585658
#endif
5659+
SSL_SET_OPTIONS(&con_slot->mysql);
5660+
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
5661+
opt_use_ssl= save_opt_use_ssl;
56595662
#endif
5660-
}
56615663

56625664
if (con_pipe)
56635665
{
@@ -8764,22 +8766,16 @@ int main(int argc, char **argv)
87648766
mysql_options(&con->mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);
87658767
#endif
87668768

8767-
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
87688769

8770+
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
87698771
if (opt_use_ssl)
87708772
{
8771-
mysql_ssl_set(&con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
8772-
opt_ssl_capath, opt_ssl_cipher);
8773-
mysql_options(&con->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
8774-
mysql_options(&con->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
8775-
#if MYSQL_VERSION_ID >= 50000
87768773
/* Turn on ssl_verify_server_cert only if host is "localhost" */
87778774
opt_ssl_verify_server_cert= opt_host && !strcmp(opt_host, "localhost");
8778-
mysql_options(&con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
8779-
&opt_ssl_verify_server_cert);
8780-
#endif
87818775
}
87828776
#endif
8777+
SSL_SET_OPTIONS(&con->mysql);
8778+
87838779

87848780
#if defined (_WIN32) && !defined (EMBEDDED_LIBRARY)
87858781
if (shared_memory_base_name)

Diff for: cmake/mysql_version.cmake

+1-1
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
#
1919

2020
SET(SHARED_LIB_MAJOR_VERSION "18")
21-
SET(SHARED_LIB_MINOR_VERSION "1")
21+
SET(SHARED_LIB_MINOR_VERSION "2")
2222
SET(PROTOCOL_VERSION "10")
2323
SET(DOT_FRM_VERSION "6")
2424

Diff for: include/mysql.h

+4-1
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,8 @@ enum mysql_option
159159
MYSQL_OPT_CONNECT_ATTR_DELETE,
160160
MYSQL_SERVER_PUBLIC_KEY,
161161
MYSQL_ENABLE_CLEARTEXT_PLUGIN,
162-
MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS
162+
MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS,
163+
MYSQL_OPT_SSL_ENFORCE
163164
};
164165

165166
/**
@@ -451,6 +452,8 @@ int STDCALL mysql_options(MYSQL *mysql,enum mysql_option option,
451452
const void *arg);
452453
int STDCALL mysql_options4(MYSQL *mysql,enum mysql_option option,
453454
const void *arg1, const void *arg2);
455+
int STDCALL mysql_get_option(MYSQL *mysql, enum mysql_option option,
456+
const void *arg);
454457
void STDCALL mysql_free_result(MYSQL_RES *result);
455458
void STDCALL mysql_data_seek(MYSQL_RES *result,
456459
my_ulonglong offset);

Diff for: include/mysql.h.pp

+4-1
Original file line numberDiff line numberDiff line change
@@ -316,7 +316,8 @@
316316
MYSQL_OPT_CONNECT_ATTR_DELETE,
317317
MYSQL_SERVER_PUBLIC_KEY,
318318
MYSQL_ENABLE_CLEARTEXT_PLUGIN,
319-
MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS
319+
MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS,
320+
MYSQL_OPT_SSL_ENFORCE
320321
};
321322
struct st_mysql_options_extention;
322323
struct st_mysql_options {
@@ -518,6 +519,8 @@
518519
const void *arg);
519520
int mysql_options4(MYSQL *mysql,enum mysql_option option,
520521
const void *arg1, const void *arg2);
522+
int mysql_get_option(MYSQL *mysql, enum mysql_option option,
523+
const void *arg);
521524
void mysql_free_result(MYSQL_RES *result);
522525
void mysql_data_seek(MYSQL_RES *result,
523526
my_ulonglong offset);

Diff for: include/sql_common.h

+2
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,8 @@ struct st_mysql_options_extention {
6767
char *server_public_key_path;
6868
size_t connection_attributes_length;
6969
my_bool enable_cleartext_plugin;
70+
/** false if it is possible to fall back on unencrypted connections */
71+
my_bool ssl_enforce;
7072
};
7173

7274
typedef struct st_mysql_methods

Diff for: include/sslopt-case.h

+12-1
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,17 @@
1717
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
1818

1919
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
20+
#ifdef MYSQL_CLIENT
21+
case OPT_SSL_SSL:
22+
/*
23+
A client side --ssl option handling.
24+
--ssl=1 means enforce (use=1, enforce=1)
25+
--ssl=0 means can't enforce (use=0, enforce=0)
26+
no --ssl means default : no enforce (use=1), just try (enforce=1)
27+
*/
28+
opt_ssl_enforce= opt_use_ssl;
29+
break;
30+
#endif
2031
case OPT_SSL_KEY:
2132
case OPT_SSL_CERT:
2233
case OPT_SSL_CA:
@@ -28,7 +39,7 @@
2839
Enable use of SSL if we are using any ssl option
2940
One can disable SSL later by using --skip-ssl or --ssl=0
3041
*/
31-
opt_use_ssl= 1;
42+
opt_use_ssl= TRUE;
3243
/* crl has no effect in yaSSL */
3344
#ifdef HAVE_YASSL
3445
opt_ssl_crl= NULL;

Diff for: include/sslopt-longopts.h

+10-8
Original file line numberDiff line numberDiff line change
@@ -19,30 +19,32 @@
1919
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
2020

2121
{"ssl", OPT_SSL_SSL,
22-
"Enable SSL for connection (automatically enabled with other flags).",
22+
"If set to ON, this option enforces that SSL is established before client "
23+
"attempts to authenticate to the server. To disable client SSL capabilities "
24+
"use --ssl=OFF.",
2325
&opt_use_ssl, &opt_use_ssl, 0, GET_BOOL, OPT_ARG, 0, 0, 0, 0, 0, 0},
2426
{"ssl-ca", OPT_SSL_CA,
25-
"CA file in PEM format (check OpenSSL docs, implies --ssl).",
27+
"CA file in PEM format.",
2628
&opt_ssl_ca, &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,
2729
0, 0, 0, 0, 0, 0},
2830
{"ssl-capath", OPT_SSL_CAPATH,
29-
"CA directory (check OpenSSL docs, implies --ssl).",
31+
"CA directory.",
3032
&opt_ssl_capath, &opt_ssl_capath, 0, GET_STR, REQUIRED_ARG,
3133
0, 0, 0, 0, 0, 0},
32-
{"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl).",
34+
{"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format.",
3335
&opt_ssl_cert, &opt_ssl_cert, 0, GET_STR, REQUIRED_ARG,
3436
0, 0, 0, 0, 0, 0},
35-
{"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",
37+
{"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use.",
3638
&opt_ssl_cipher, &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,
3739
0, 0, 0, 0, 0, 0},
38-
{"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl).",
40+
{"ssl-key", OPT_SSL_KEY, "X509 key in PEM format.",
3941
&opt_ssl_key, &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,
4042
0, 0, 0, 0, 0, 0},
41-
{"ssl-crl", OPT_SSL_CRL, "Certificate revocation list (implies --ssl).",
43+
{"ssl-crl", OPT_SSL_CRL, "Certificate revocation list.",
4244
&opt_ssl_crl, &opt_ssl_crl, 0, GET_STR, REQUIRED_ARG,
4345
0, 0, 0, 0, 0, 0},
4446
{"ssl-crlpath", OPT_SSL_CRLPATH,
45-
"Certificate revocation list path (implies --ssl).",
47+
"Certificate revocation list path.",
4648
&opt_ssl_crlpath, &opt_ssl_crlpath, 0, GET_STR, REQUIRED_ARG,
4749
0, 0, 0, 0, 0, 0},
4850
#ifdef MYSQL_CLIENT

0 commit comments

Comments
 (0)