Skip Menu |
 

This queue is for tickets about the DBD-mysql CPAN distribution.

Report information
The Basics
Id: 21780
Status: resolved
Priority: 0/
Queue: DBD-mysql

People
Owner: Nobody in particular
Requestors: emchen [...] isc.upenn.edu
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: patch to add support for ssl_verify_cert
Download (untitled) / with headers
text/plain 292b
Since MySQL 5.0.24 a new option has been added for SSL connections to verify that when a client connects to a server the server's hostname must match the subject of the certificate. The attached patch adds a new parameter "ssl_verify_cert" to enable/disable this check (disabled by default).
Subject: dbdimp.c.patch
Download dbdimp.c.patch
text/x-diff 1.4k
*** /tmp/T07UaiZJ Fri Sep 29 11:25:20 2006 --- dbdimp.c Fri Sep 29 11:21:33 2006 *************** *** 1615,1626 **** { char* client_key = NULL; char* client_cert = NULL; char* ca_file = NULL; char* ca_path = NULL; ! char* cipher = NULL; STRLEN lna; if ((svp = hv_fetch(hv, "mysql_ssl_client_key", 20, FALSE)) && *svp) client_key = SvPV(*svp, lna); if ((svp = hv_fetch(hv, "mysql_ssl_client_cert", 21, FALSE)) && *svp) --- 1615,1632 ---- { char* client_key = NULL; char* client_cert = NULL; char* ca_file = NULL; char* ca_path = NULL; ! char* cipher = NULL; STRLEN lna; + #if MYSQL_VERSION_ID >=50023 + my_bool my_true = 0; + if ((svp = hv_fetch(hv, "mysql_ssl_verify_server_cert", 28, FALSE)) && *svp) { + my_true = SvTRUE(*svp); + } + #endif if ((svp = hv_fetch(hv, "mysql_ssl_client_key", 20, FALSE)) && *svp) client_key = SvPV(*svp, lna); if ((svp = hv_fetch(hv, "mysql_ssl_client_cert", 21, FALSE)) && *svp) *************** *** 1638,1647 **** --- 1644,1656 ---- *svp) cipher = SvPV(*svp, lna); mysql_ssl_set(sock, client_key, client_cert, ca_file, ca_path, cipher); + #if MYSQL_VERSION_ID >=50023 + mysql_options(sock, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &my_true); + #endif client_flag |= CLIENT_SSL; } } #endif #if (MYSQL_VERSION_ID >= 32349)
Download (untitled) / with headers
text/plain 487b
Thank you very much! I'll look this over and hope to add it to 3.0008, which I hope to release later this week. Kind regards, Patrick On Fri Sep 29 13:41:14 2006, chen23 wrote: Show quoted text
> Since MySQL 5.0.24 a new option has been added for SSL connections to > verify that when a client connects to a server the server's hostname > must match the subject of the certificate. > > The attached patch adds a new parameter "ssl_verify_cert" to > enable/disable this check (disabled by default).
Added to 3.0008_1, scheduled for release week of 09.10.06
Download (untitled) / with headers
text/plain 418b
On Fri Sep 29 13:41:14 2006, chen23 wrote: Show quoted text
> Since MySQL 5.0.24 a new option has been added for SSL connections to > verify that when a client connects to a server the server's hostname > must match the subject of the certificate. > > The attached patch adds a new parameter "ssl_verify_cert" to > enable/disable this check (disabled by default).
What is your name so I can give you credit for this in the Changelog?
Subject: Re: [rt.cpan.org #21780] patch to add support for ssl_verify_cert
Date: Tue, 10 Oct 2006 08:53:47 -0400
To: bug-DBD-mysql [...] rt.cpan.org
From: Eric Chen <emchen [...] isc.upenn.edu>
Download (untitled) / with headers
text/plain 866b
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Patrick Galbraith via RT wrote: Show quoted text
> <URL: http://rt.cpan.org/Ticket/Display.html?id=21780 > > > On Fri Sep 29 13:41:14 2006, chen23 wrote:
>> Since MySQL 5.0.24 a new option has been added for SSL connections to >> verify that when a client connects to a server the server's hostname >> must match the subject of the certificate. >> >> The attached patch adds a new parameter "ssl_verify_cert" to >> enable/disable this check (disabled by default).
> > What is your name so I can give you credit for this in the Changelog? >
"Eric Chen" is my name. Thanks. -eric -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFK5fbWYrbozPM3DARAr26AJ97rD3+SBcDhKtAQCkRAzn3D1Uu/gCg96oS hOF7f7aJgdhVOcxiUCWfYkc= =4y6z -----END PGP SIGNATURE-----
Subject: Re: [rt.cpan.org #21780] patch to add support for ssl_verify_cert
Date: Tue, 10 Oct 2006 09:27:28 -0400
To: bug-DBD-mysql [...] rt.cpan.org
From: Patrick Galbraith <patg [...] mysql.com>
Download (untitled) / with headers
text/plain 1.1k
Eric, Thanks! Your fix is in the dev release, but in a week or so, I'm going to make the dev release the main release. Kind regards, Patrick Eric Chen via RT wrote: Show quoted text
> Queue: DBD-mysql > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=21780 > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Patrick Galbraith via RT wrote: > >
>><URL: http://rt.cpan.org/Ticket/Display.html?id=21780 > >> >>On Fri Sep 29 13:41:14 2006, chen23 wrote: >> >>
>>>Since MySQL 5.0.24 a new option has been added for SSL connections to >>>verify that when a client connects to a server the server's hostname >>>must match the subject of the certificate. >>> >>>The attached patch adds a new parameter "ssl_verify_cert" to >>>enable/disable this check (disabled by default). >>> >>>
>>What is your name so I can give you credit for this in the Changelog? >> >> >>
>"Eric Chen" is my name. Thanks. > > -eric >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.2.1 (Darwin) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQFFK5fbWYrbozPM3DARAr26AJ97rD3+SBcDhKtAQCkRAzn3D1Uu/gCg96oS >hOF7f7aJgdhVOcxiUCWfYkc= >=4y6z >-----END PGP SIGNATURE----- > > > >
This was included in 3.0008_1 (and now in 4.00).


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.