diff options
author | Christian Ehrlicher <ch.ehrlicher@gmx.de> | 2023-02-27 20:28:33 +0100 |
---|---|---|
committer | Volker Hilsheimer <volker.hilsheimer@qt.io> | 2023-04-06 04:41:15 +0000 |
commit | 39fab09aade3bc64cd2241764e59f9248b9588ac (patch) | |
tree | a1767c6cfef5aa0e34bab05a5dc5607353610a30 | |
parent | 27867de8ca257eb8aa1e02e04b35c0efd3929584 (diff) |
SQL/MySQL: add option MYSQL_OPT_TLS_VERSION & MYSQL_OPT_SSL_MODE
Add the two options MYSQL_OPT_TLS_VERSION and MYSQL_OPT_SSL_MODE to
properly support encrypted connections to MySQL 8.0 servers.
MYSQL_OPT_SSL_MODE will not work when compiled against the MariaDB
C-Connector since it's not supported by the MariaDB client.
[ChangeLog][QtSql][MySQL] Added the two new connect options
MYSQL_OPT_TLS_VERSION and MYSQL_OPT_SSL_MODE.
Fixes: QTBUG-84797
Change-Id: Iec7d682fc00072ce5b2a824c4ea00fca4575a93e
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
-rw-r--r-- | src/plugins/sqldrivers/mysql/qsql_mysql.cpp | 27 | ||||
-rw-r--r-- | src/sql/doc/src/sql-driver.qdoc | 10 |
2 files changed, 37 insertions, 0 deletions
diff --git a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp index 1cf6798cd9..b8dc0bfef1 100644 --- a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp +++ b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp @@ -1204,6 +1204,27 @@ static bool setOptionBool(MYSQL *mysql, mysql_option option, QStringView v) return mysql_options(mysql, option, &val) == 0; } +// MYSQL_OPT_SSL_MODE was introduced with MySQL 5.7.11 +#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID) +static bool setOptionSslMode(MYSQL *mysql, mysql_option option, QStringView v) +{ + mysql_ssl_mode sslMode = SSL_MODE_DISABLED; + if (v == "DISABLED"_L1 || v == "SSL_MODE_DISABLED"_L1) + sslMode = SSL_MODE_DISABLED; + else if (v == "PREFERRED"_L1 || v == "SSL_MODE_PREFERRED"_L1) + sslMode = SSL_MODE_PREFERRED; + else if (v == "REQUIRED"_L1 || v == "SSL_MODE_REQUIRED"_L1) + sslMode = SSL_MODE_REQUIRED; + else if (v == "VERIFY_CA"_L1 || v == "SSL_MODE_VERIFY_CA"_L1) + sslMode = SSL_MODE_VERIFY_CA; + else if (v == "VERIFY_IDENTITY"_L1 || v == "SSL_MODE_VERIFY_IDENTITY"_L1) + sslMode = SSL_MODE_VERIFY_IDENTITY; + else + qWarning() << "Unknown ssl mode '" << v << "' - using SSL_MODE_DISABLED"; + return mysql_options(mysql, option, &sslMode) == 0; +} +#endif + static bool setOptionProtocol(MYSQL *mysql, mysql_option option, QStringView v) { mysql_protocol_type proto = MYSQL_PROTOCOL_DEFAULT; @@ -1259,6 +1280,12 @@ bool QMYSQLDriver::open(const QString &db, {"MYSQL_OPT_SSL_CIPHER"_L1, MYSQL_OPT_SSL_CIPHER, setOptionString}, {"MYSQL_OPT_SSL_CRL"_L1, MYSQL_OPT_SSL_CRL, setOptionString}, {"MYSQL_OPT_SSL_CRLPATH"_L1, MYSQL_OPT_SSL_CRLPATH, setOptionString}, +#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50710 + {"MYSQL_OPT_TLS_VERSION"_L1, MYSQL_OPT_TLS_VERSION, setOptionString}, +#endif +#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID) + {"MYSQL_OPT_SSL_MODE"_L1, MYSQL_OPT_SSL_MODE, setOptionSslMode}, +#endif {"MYSQL_OPT_CONNECT_TIMEOUT"_L1, MYSQL_OPT_CONNECT_TIMEOUT, setOptionInt}, {"MYSQL_OPT_READ_TIMEOUT"_L1, MYSQL_OPT_READ_TIMEOUT, setOptionInt}, {"MYSQL_OPT_WRITE_TIMEOUT"_L1, MYSQL_OPT_WRITE_TIMEOUT, setOptionInt}, diff --git a/src/sql/doc/src/sql-driver.qdoc b/src/sql/doc/src/sql-driver.qdoc index 47880fa2ec..97af8c620d 100644 --- a/src/sql/doc/src/sql-driver.qdoc +++ b/src/sql/doc/src/sql-driver.qdoc @@ -210,6 +210,16 @@ \l {https://dev.mysql.com/doc/refman/8.0/en/load-data.html} {LOAD_DATA}, disabled if not set or 0 \row + \li MYSQL_OPT_SSL_MODE + \li The security state to use for the connection to the server: SSL_MODE_DISABLED, + SSL_MODE_PREFERRED, SSL_MODE_REQUIRED, SSL_MODE_VERIFY_CA, SSL_MODE_VERIFY_IDENTITY. + \row + \li MYSQL_OPT_TLS_VERSION + \li A list of protocols the client permits for encrypted connections. The value can be + a combination of 'TLSv1' ,' TLSv1.1', 'TLSv1.2' or 'TLSv1.3' depending on the used \l + {https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration} + {MySQL server} version. + \row \li MYSQL_OPT_SSL_KEY / SSL_KEY (deprecated) \li The path name of the client private key file \row |