mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/include/sslopt-longopts.h
unknown c1d64ccc1b Bug#17208 SSL: client does not verify server certificate 
- Add new function 'ssl_verify_server_cert' which is used if we are 
   connecting to the server with SSL. It will compare the hostname in 
   the server's cert against the hostname that we used when connecting 
   to the server. Will reject the connection if hostname does not match.
 - Add new option "OPT_SSL_VERIFY_SERVER_CERT" to be passed to mysql_options
   which will turn on checking of servers cert.
 - Add new argument "ssl-verify-server-cert" to all mysql* clients which 
   will activate the above option.
 - Generate a new server cert with 1024 bits that has "localhost" as the server name.


SSL/server-cert.pem:
  Generate a new server cert that has "localhost" as CN, so that we can test to verify the hostname we connected against with the hostname in the cert
client/client_priv.h:
  Add OPT_SSL_VERIFY_CERT
client/mysql.cc:
  Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
client/mysqladmin.cc:
  Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
client/mysqldump.c:
  Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
client/mysqlimport.c:
  Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
client/mysqlshow.c:
  Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
client/mysqltest.c:
  Always set opt_ssl_verify_server_cert on in mysqltest if we are using SSL
include/mysql.h:
  Add variable ssl_verify_cerver_cert
include/sslopt-longopts.h:
  Add ssl-verify-server-cert options to all clients.
include/sslopt-vars.h:
  Add opt_ssl_varify_server_cert to all clients.
sql-common/client.c:
  Add ssl_vertify_server_cert function which is executed if user has set the option ssl_verify_cerver_cert
vio/viosslfactories.c:
  Ask the SSL library to verify servers cert by setting the SSL_VERIFY_PEER flag
2006-04-18 17:58:27 +02:00

46 lines
2.2 KiB
C
Raw Blame History

/* Copyright (C) 2000 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#ifdef HAVE_OPENSSL
{"ssl", OPT_SSL_SSL,
"Enable SSL for connection (automatically enabled with other flags). Disable with --skip-ssl.",
(gptr*) &opt_use_ssl, (gptr*) &opt_use_ssl, 0, GET_BOOL, NO_ARG, 0, 0, 0,
0, 0, 0},
{"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl).",
(gptr*) &opt_ssl_key, (gptr*) &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl).",
(gptr*) &opt_ssl_cert, (gptr*) &opt_ssl_cert, 0, GET_STR, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"ssl-ca", OPT_SSL_CA,
"CA file in PEM format (check OpenSSL docs, implies --ssl).",
(gptr*) &opt_ssl_ca, (gptr*) &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"ssl-capath", OPT_SSL_CAPATH,
"CA directory (check OpenSSL docs, implies --ssl).",
(gptr*) &opt_ssl_capath, (gptr*) &opt_ssl_capath, 0, GET_STR, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",
(gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
#ifdef MYSQL_CLIENT
{"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT,
"Verify servers \"Common Name\" in it's cert against hostname used when connecting. This option is disabled by default.",
(gptr*) &opt_ssl_verify_server_cert, (gptr*) &opt_ssl_verify_server_cert,
0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
#endif
#endif /* HAVE_OPENSSL */
Reference in a new issue View git blame Copy permalink