SQL/MySQL: add option MYSQL_OPT_TLS_VERSION & MYSQL_OPT_SSL_MODE

Add the two options MYSQL_OPT_TLS_VERSION and MYSQL_OPT_SSL_MODE to
properly support encrypted connections to MySQL 8.0 servers.
MYSQL_OPT_SSL_MODE will not work when compiled against the MariaDB
C-Connector since it's not supported by the MariaDB client.

[ChangeLog][QtSql][MySQL] Added the two new connect options
MYSQL_OPT_TLS_VERSION and MYSQL_OPT_SSL_MODE.

Fixes: QTBUG-84797
Change-Id: Iec7d682fc00072ce5b2a824c4ea00fca4575a93e
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>

2 files changed, 37 insertions, 0 deletions

diff --git a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
index 1cf6798cd9..b8dc0bfef1 100644
--- a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
+++ b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
@@ -1204,6 +1204,27 @@ static bool setOptionBool(MYSQL *mysql, mysql_option option, QStringView v)
     return mysql_options(mysql, option, &val) == 0;
 }
 
+// MYSQL_OPT_SSL_MODE was introduced with MySQL 5.7.11
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID)
+static bool setOptionSslMode(MYSQL *mysql, mysql_option option, QStringView v)
+{
+    mysql_ssl_mode sslMode = SSL_MODE_DISABLED;
+    if (v == "DISABLED"_L1 || v == "SSL_MODE_DISABLED"_L1)
+        sslMode = SSL_MODE_DISABLED;
+    else if (v == "PREFERRED"_L1 || v == "SSL_MODE_PREFERRED"_L1)
+        sslMode = SSL_MODE_PREFERRED;
+    else if (v == "REQUIRED"_L1 || v == "SSL_MODE_REQUIRED"_L1)
+        sslMode = SSL_MODE_REQUIRED;
+    else if (v == "VERIFY_CA"_L1 || v == "SSL_MODE_VERIFY_CA"_L1)
+        sslMode = SSL_MODE_VERIFY_CA;
+    else if (v == "VERIFY_IDENTITY"_L1 || v == "SSL_MODE_VERIFY_IDENTITY"_L1)
+        sslMode = SSL_MODE_VERIFY_IDENTITY;
+    else
+        qWarning() << "Unknown ssl mode '" << v << "' - using SSL_MODE_DISABLED";
+    return mysql_options(mysql, option, &sslMode) == 0;
+}
+#endif
+
 static bool setOptionProtocol(MYSQL *mysql, mysql_option option, QStringView v)
 {
     mysql_protocol_type proto = MYSQL_PROTOCOL_DEFAULT;
@@ -1259,6 +1280,12 @@ bool QMYSQLDriver::open(const QString &db,
         {"MYSQL_OPT_SSL_CIPHER"_L1,      MYSQL_OPT_SSL_CIPHER,      setOptionString},
         {"MYSQL_OPT_SSL_CRL"_L1,         MYSQL_OPT_SSL_CRL,         setOptionString},
         {"MYSQL_OPT_SSL_CRLPATH"_L1,     MYSQL_OPT_SSL_CRLPATH,     setOptionString},
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50710
+        {"MYSQL_OPT_TLS_VERSION"_L1,     MYSQL_OPT_TLS_VERSION,     setOptionString},
+#endif
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID)
+        {"MYSQL_OPT_SSL_MODE"_L1,        MYSQL_OPT_SSL_MODE,        setOptionSslMode},
+#endif
         {"MYSQL_OPT_CONNECT_TIMEOUT"_L1, MYSQL_OPT_CONNECT_TIMEOUT, setOptionInt},
         {"MYSQL_OPT_READ_TIMEOUT"_L1,    MYSQL_OPT_READ_TIMEOUT,    setOptionInt},
         {"MYSQL_OPT_WRITE_TIMEOUT"_L1,   MYSQL_OPT_WRITE_TIMEOUT,   setOptionInt},
diff --git a/src/sql/doc/src/sql-driver.qdoc b/src/sql/doc/src/sql-driver.qdoc
index 47880fa2ec..97af8c620d 100644
--- a/src/sql/doc/src/sql-driver.qdoc
+++ b/src/sql/doc/src/sql-driver.qdoc
@@ -210,6 +210,16 @@
           \l {https://dev.mysql.com/doc/refman/8.0/en/load-data.html} {LOAD_DATA},
           disabled if not set or 0
     \row
+      \li MYSQL_OPT_SSL_MODE
+      \li The security state to use for the connection to the server: SSL_MODE_DISABLED,
+          SSL_MODE_PREFERRED, SSL_MODE_REQUIRED, SSL_MODE_VERIFY_CA, SSL_MODE_VERIFY_IDENTITY.
+    \row
+      \li MYSQL_OPT_TLS_VERSION
+      \li A list of protocols the client permits for encrypted connections. The value can be
+          a combination of 'TLSv1' ,' TLSv1.1', 'TLSv1.2' or 'TLSv1.3' depending on the used \l
+          {https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration}
+          {MySQL server} version.
+    \row
       \li MYSQL_OPT_SSL_KEY / SSL_KEY (deprecated)
       \li The path name of the client private key file
     \row