mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-15 19:42:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-32473 --disable-ssl doesn't disable it

Browse source
This commit is contained in:
Sergei Golubchik 2023-10-15 16:03:14 +02:00
parent 6b900330b9
commit 2e83ab4126
6 changed files with 32 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
extra/mariabackup/backup_mysql.cc
View file

@ -141,6 +141,8 @@ xb_mysql_connect()
mysql_options(connection, MYSQL_OPT_SSL_CRLPATH, mysql_options(connection, MYSQL_OPT_SSL_CRLPATH,
opt_ssl_crlpath); opt_ssl_crlpath);
} }
else
opt_ssl_verify_server_cert= 0;
mysql_options(connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, mysql_options(connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert); (char*)&opt_ssl_verify_server_cert);
#endif #endif

4
include/sslopt-vars.h
View file

@ -48,6 +48,8 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp); \ mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp); \
mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \ mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \
} \ } \
else \
opt_ssl_verify_server_cert= 0; \
mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT, \ mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT, \
&opt_ssl_verify_server_cert); \ &opt_ssl_verify_server_cert); \
} while(0) } while(0)
@ -58,7 +60,7 @@ SSL_STATIC my_bool opt_ssl_verify_server_cert= 2;
*/ */
#define SET_SSL_OPTS_WITH_CHECK(M) \ #define SET_SSL_OPTS_WITH_CHECK(M) \
do { \ do { \
if (opt_ssl_verify_server_cert==2 && \ if (opt_use_ssl && opt_ssl_verify_server_cert==2 && \
!(opt_ssl_ca && opt_ssl_ca[0]) && \ !(opt_ssl_ca && opt_ssl_ca[0]) && \
!(opt_ssl_capath && opt_ssl_capath[0]) && \ !(opt_ssl_capath && opt_ssl_capath[0]) && \
!(opt_ssl_fp && opt_ssl_fp[0]) && \ !(opt_ssl_fp && opt_ssl_fp[0]) && \

8
mysql-test/main/mysql.result
View file

@ -655,3 +655,11 @@ SSL: Cipher in use is XXX, cert is OK
drop user ser@localhost; drop user ser@localhost;
#
# MDEV-32473 --disable-ssl doesn't disable it
#
MYSQL --ssl-verify-server-cert --disable-ssl -e "\s"
SSL: Not in use

7
mysql-test/main/mysql.test
View file

@ -737,3 +737,10 @@ create user ser@localhost identified by "ass";
--replace_regex /^.[^S].*// /\b[-A-Z_0-9]+,/XXX,/ --replace_regex /^.[^S].*// /\b[-A-Z_0-9]+,/XXX,/
--exec $MYSQL -user -pass --ssl-verify-server-cert -e "\\s" --exec $MYSQL -user -pass --ssl-verify-server-cert -e "\\s"
drop user ser@localhost; drop user ser@localhost;
--echo #
--echo # MDEV-32473 --disable-ssl doesn't disable it
--echo #
--echo MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s"
--replace_regex /^.[^S].*//
--exec $MYSQL --ssl-verify-server-cert --disable-ssl -e "\\s"

4
mysql-test/suite/mariabackup/backup_ssl.result
View file

@ -11,3 +11,7 @@ DROP USER backup_user;
# MDEV-31855 validate ssl certificates using client password in the internal client # MDEV-31855 validate ssl certificates using client password in the internal client
# #
# tcp ssl ssl-verify-server-cert # tcp ssl ssl-verify-server-cert
#
# MDEV-32473 --disable-ssl doesn't disable it
#
# tcp skip-ssl

8
mysql-test/suite/mariabackup/backup_ssl.test
View file

@ -21,3 +21,11 @@ echo #;
echo # tcp ssl ssl-verify-server-cert; echo # tcp ssl ssl-verify-server-cert;
error 1; error 1;
exec $XTRABACKUP --protocol=tcp --user=root --port=$MASTER_MYPORT --backup --target-dir=$targetdir; exec $XTRABACKUP --protocol=tcp --user=root --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
--echo #
--echo # MDEV-32473 --disable-ssl doesn't disable it
--echo #
# connects fine
echo # tcp skip-ssl;
exec $XTRABACKUP --protocol=tcp --user=root --skip-ssl --port=$MASTER_MYPORT --backup --target-dir=$targetdir;
rmdir $targetdir;