Improve SSL settings, reflect changes for BACKRONYM and Riddle vulnerabilities, enforce SSL encryption when mysql_ssl=1 is set #114
Commits on Apr 15, 2017
-
-
Enforce SSL encryption when mysql_ssl=1 is set
This reflect changes between different versions of libmysqlclient.so and finally fix library usage to handle BACKRONYM and Riddle vulnerabilities. Due to fixing vulnerabilities, it changes also behavior of mysql_ssl=1 attribute from opportunistic mode to enforced mode of SSL. Now DBD::mysql with mysql_ssl=1 fails to connect to non-SSL server.
-
Add new connection attribute mysql_ssl_optional
When set, SSL encryption is not enforced and allow DBD::mysql to fallback to plain text protocol if server does not support SSL. Older MySQL and MariaDB client versions does not support enforced SSL mode due to BACKRONYM and Riddle vulnerabilities.
-
Add new database handle attribute mysql_ssl_cipher
It returns SSL encryption cipher or undef if SSL is not used. It can be used by application to check if SSL was established or not.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.