diff options
author | Olivier Delbeke <olivier.delbeke@gmail.com> | 2015-06-08 20:28:23 +0200 |
---|---|---|
committer | Mark Brand <mabrand@mabrand.nl> | 2015-06-14 15:49:24 +0000 |
commit | 28ceb2ea5e79d65904d2ad83b8259e75b60acff6 (patch) | |
tree | 612b35db824a971d714cf59bd7570763b92466d5 /src/sql/drivers | |
parent | bca41b1b85ed5b2074599a044cdebbba71d87794 (diff) |
Added SSL support for MySQL database connections
Addition of new options SSL_KEY, SSL_CERT, SSL_CA, SSL_CAPATH and SSL_CIPHER
to allow SSL-encrypted connections to MySQL databases.
When needed, these options must be specified in the function call
QSqlDatabase::setConnectOptions() before the call to QSqlDatabase::open().
SSL_KEY = the path name to the key file
SSL_CERT = the path name to the certificate file
SSL_CA = the path name to the certificate authority file
SSL_CAPATH = the path name to a directory that contains trusted SSL CA
certificates in PEM format.
SSL_CIPHER = a list of permissible ciphers to use for SSL encryption.
These options replace CLIENT_SSL (which should not be used any more).
Example:
db.setConnectOptions("SSL_KEY=client-key.pem;" \
"SSL_CERT=client-cert.pem;" \
"SSL_CA=server-ca.pem");
[ChangeLog][QtSql] SSL support for MySQL database connections has been added.
Option CLIENT_SSL replaced by SSL_KEY, SSL_CERT, SSL_CA, SSL_CAPATH and
SSL_CIPHER, so that the keys, certificates and cipher can be specified.
Task-number: QtBUG-3500
Change-Id: I8197234b169a818658678d6fcc953c90e83db23e
Reviewed-by: Mark Brand <mabrand@mabrand.nl>
Diffstat (limited to 'src/sql/drivers')
-rw-r--r-- | src/sql/drivers/mysql/qsql_mysql.cpp | 97 |
1 files changed, 67 insertions, 30 deletions
diff --git a/src/sql/drivers/mysql/qsql_mysql.cpp b/src/sql/drivers/mysql/qsql_mysql.cpp index d901008e00..086a232746 100644 --- a/src/sql/drivers/mysql/qsql_mysql.cpp +++ b/src/sql/drivers/mysql/qsql_mysql.cpp @@ -45,6 +45,7 @@ #include <qstringlist.h> #include <qtextcodec.h> #include <qvector.h> +#include <qfile.h> #include <qdebug.h> @@ -1211,7 +1212,7 @@ static void setOptionFlag(uint &optionFlags, const QString &opt) else if (opt == QLatin1String("CLIENT_ODBC")) optionFlags |= CLIENT_ODBC; else if (opt == QLatin1String("CLIENT_SSL")) - optionFlags |= CLIENT_SSL; + qWarning("QMYSQLDriver: SSL_KEY, SSL_CERT and SSL_CA should be used instead of CLIENT_SSL."); else qWarning("QMYSQLDriver::open: Unknown connect option '%s'", opt.toLocal8Bit().constData()); } @@ -1235,6 +1236,11 @@ bool QMYSQLDriver::open(const QString& db, unsigned int optionFlags = Q_CLIENT_MULTI_STATEMENTS; const QStringList opts(connOpts.split(QLatin1Char(';'), QString::SkipEmptyParts)); QString unixSocket; + QString sslCert; + QString sslCA; + QString sslKey; + QString sslCAPath; + QString sslCipher; #if MYSQL_VERSION_ID >= 50000 my_bool reconnect=false; uint connectTimeout = 0; @@ -1263,6 +1269,16 @@ bool QMYSQLDriver::open(const QString& db, writeTimeout = val.toInt(); } #endif + else if (opt == QLatin1String("SSL_KEY")) + sslKey = val; + else if (opt == QLatin1String("SSL_CERT")) + sslCert = val; + else if (opt == QLatin1String("SSL_CA")) + sslCA = val; + else if (opt == QLatin1String("SSL_CAPATH")) + sslCAPath = val; + else if (opt == QLatin1String("SSL_CIPHER")) + sslCipher = val; else if (val == QLatin1String("TRUE") || val == QLatin1String("1")) setOptionFlag(optionFlags, tmp.left(idx).simplified()); else @@ -1273,39 +1289,60 @@ bool QMYSQLDriver::open(const QString& db, } } - if ((d->mysql = mysql_init((MYSQL*) 0))) { + if (!(d->mysql = mysql_init((MYSQL*) 0))) { + setLastError(qMakeError(tr("Unable to allocate a MYSQL object"), + QSqlError::ConnectionError, d)); + setOpenError(true); + return false; + } + + if (!sslKey.isNull() || !sslCert.isNull() || !sslCA.isNull() || + !sslCAPath.isNull() || !sslCipher.isNull()) { + mysql_ssl_set(d->mysql, + sslKey.isNull() ? static_cast<const char *>(0) + : QFile::encodeName(sslKey).constData(), + sslCert.isNull() ? static_cast<const char *>(0) + : QFile::encodeName(sslCert).constData(), + sslCA.isNull() ? static_cast<const char *>(0) + : QFile::encodeName(sslCA).constData(), + sslCAPath.isNull() ? static_cast<const char *>(0) + : QFile::encodeName(sslCAPath).constData(), + sslCipher.isNull() ? static_cast<const char *>(0) + : sslCipher.toLocal8Bit().constData()); + } + #if MYSQL_VERSION_ID >= 50000 - if (connectTimeout != 0) - mysql_options(d->mysql, MYSQL_OPT_CONNECT_TIMEOUT, &connectTimeout); - if (readTimeout != 0) - mysql_options(d->mysql, MYSQL_OPT_READ_TIMEOUT, &readTimeout); - if (writeTimeout != 0) - mysql_options(d->mysql, MYSQL_OPT_WRITE_TIMEOUT, &writeTimeout); + if (connectTimeout != 0) + mysql_options(d->mysql, MYSQL_OPT_CONNECT_TIMEOUT, &connectTimeout); + if (readTimeout != 0) + mysql_options(d->mysql, MYSQL_OPT_READ_TIMEOUT, &readTimeout); + if (writeTimeout != 0) + mysql_options(d->mysql, MYSQL_OPT_WRITE_TIMEOUT, &writeTimeout); #endif - if (mysql_real_connect(d->mysql, - host.isNull() ? static_cast<const char *>(0) - : host.toLocal8Bit().constData(), - user.isNull() ? static_cast<const char *>(0) - : user.toLocal8Bit().constData(), - password.isNull() ? static_cast<const char *>(0) - : password.toLocal8Bit().constData(), - db.isNull() ? static_cast<const char *>(0) - : db.toLocal8Bit().constData(), - (port > -1) ? port : 0, - unixSocket.isNull() ? static_cast<const char *>(0) - : unixSocket.toLocal8Bit().constData(), - optionFlags)) { - if (!db.isEmpty() && mysql_select_db(d->mysql, db.toLocal8Bit().constData())) { - setLastError(qMakeError(tr("Unable to open database '%1'").arg(db), QSqlError::ConnectionError, d)); - mysql_close(d->mysql); - setOpenError(true); - return false; - } + if (mysql_real_connect(d->mysql, + host.isNull() ? static_cast<const char *>(0) + : host.toLocal8Bit().constData(), + user.isNull() ? static_cast<const char *>(0) + : user.toLocal8Bit().constData(), + password.isNull() ? static_cast<const char *>(0) + : password.toLocal8Bit().constData(), + db.isNull() ? static_cast<const char *>(0) + : db.toLocal8Bit().constData(), + (port > -1) ? port : 0, + unixSocket.isNull() ? static_cast<const char *>(0) + : unixSocket.toLocal8Bit().constData(), + optionFlags)) + { + if (!db.isEmpty() && mysql_select_db(d->mysql, db.toLocal8Bit().constData())) { + setLastError(qMakeError(tr("Unable to open database '%1'").arg(db), QSqlError::ConnectionError, d)); + mysql_close(d->mysql); + setOpenError(true); + return false; + } #if MYSQL_VERSION_ID >= 50000 - if (reconnect) - mysql_options(d->mysql, MYSQL_OPT_RECONNECT, &reconnect); + if (reconnect) + mysql_options(d->mysql, MYSQL_OPT_RECONNECT, &reconnect); #endif - } } else { setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d)); |