opensource/HeidiSQL
1
0
Fork 0
mirror of https://github.com/HeidiSQL/HeidiSQL.git synced 2025-08-06 18:24:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Set TLS options BEFORE calling mysql_ssl_set(). Probably helps fixing issue #1768

Browse Source
This commit is contained in:
Ansgar Becker
2024-05-18 17:40:34 +02:00
parent 6fac701ad6
commit a378e6ec94
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
out/locale/en/LC_MESSAGES/default.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: HeidiSQL\n" "Project-Id-Version: HeidiSQL\n"
"POT-Creation-Date: 2012-11-05 21:40\n" "POT-Creation-Date: 2012-11-05 21:40\n"
"PO-Revision-Date: 2024-04-29 07:40+0200\n" "PO-Revision-Date: 2024-05-18 17:39+0200\n"
"Last-Translator: Ansgar Becker <anse@heidisql.com>\n" "Last-Translator: Ansgar Becker <anse@heidisql.com>\n"
"Language-Team: English (http://www.transifex.com/projects/p/heidisql/language/en/)\n" "Language-Team: English (http://www.transifex.com/projects/p/heidisql/language/en/)\n"
"Language: en\n" "Language: en\n"
@ -15,7 +15,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: Poedit 3.4.2\n" "X-Generator: Poedit 3.4.4\n"
#. AboutBox..Caption #. AboutBox..Caption
#: about.dfm:5 #: about.dfm:5
@ -4001,6 +4001,9 @@ msgstr "Your %s is incompatible to %s, or your system is missing a dependent lib
msgid "SSL parameters successfully set." msgid "SSL parameters successfully set."
msgstr "SSL parameters successfully set." msgstr "SSL parameters successfully set."
msgid "SSL parameters not fully set. Result: %d"
msgstr "SSL parameters not fully set. Result: %d"
#: dbconnection.pas:1151 #: dbconnection.pas:1151
msgid "Attempt to create SSH process, waiting %ds for response ..." msgid "Attempt to create SSH process, waiting %ds for response ..."
msgstr "Attempt to create SSH process, waiting %ds for response ..." msgstr "Attempt to create SSH process, waiting %ds for response ..."

21
source/dbconnection.pas
View File

@ -2379,6 +2379,13 @@ begin
FinalPort := FParameters.Port; FinalPort := FParameters.Port;
if FParameters.WantSSL then begin if FParameters.WantSSL then begin
// Define which TLS protocol versions are allowed BEFORE calling mysql_ssl_set().
// See https://www.heidisql.com/forum.php?t=27158
// See https://mariadb.com/kb/en/library/mysql_optionsv/
// See issue #1768
// See https://mariadb.com/kb/en/mysql_ssl_set/
SetOptionResult := FLib.mysql_options(FHandle, Integer(MARIADB_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
SetOptionResult := SetOptionResult + FLib.mysql_options(FHandle, Integer(MYSQL_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
// mysql_ssl_set() wants nil, while PAnsiChar(AnsiString()) is never nil // mysql_ssl_set() wants nil, while PAnsiChar(AnsiString()) is never nil
sslkey := nil; sslkey := nil;
sslcert := nil; sslcert := nil;
@ -2393,13 +2400,17 @@ begin
if FParameters.SSLCipher <> '' then if FParameters.SSLCipher <> '' then
sslcipher := PAnsiChar(AnsiString(FParameters.SSLCipher)); sslcipher := PAnsiChar(AnsiString(FParameters.SSLCipher));
{ TODO : Use Cipher and CAPath parameters } { TODO : Use Cipher and CAPath parameters }
FLib.mysql_ssl_set(FHandle, SetOptionResult := SetOptionResult + FLib.mysql_ssl_set(FHandle,
sslkey, sslkey,
sslcert, sslcert,
sslca, sslca,
nil, nil,
sslcipher); sslcipher);
Log(lcInfo, _('SSL parameters successfully set.')); if SetOptionResult = 0 then
Log(lcInfo, _('SSL parameters successfully set.'))
else
Log(lcError, f_('SSL parameters not fully set. Result: %d', [SetOptionResult]));
SetOptionResult := 0;
end; end;
case FParameters.NetType of case FParameters.NetType of
@ -2451,12 +2462,6 @@ begin
raise EDbError.Create(f_('Plugin directory %s could not be set.', [PluginDir])); raise EDbError.Create(f_('Plugin directory %s could not be set.', [PluginDir]));
end; end;
// Define which TLS protocol versions are allowed.
// See https://www.heidisql.com/forum.php?t=27158
// See https://mariadb.com/kb/en/library/mysql_optionsv/
FLib.mysql_options(FHandle, Integer(MARIADB_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
FLib.mysql_options(FHandle, Integer(MYSQL_OPT_TLS_VERSION), PAnsiChar('TLSv1,TLSv1.1,TLSv1.2,TLSv1.3'));
// Enable cleartext plugin // Enable cleartext plugin
if Parameters.CleartextPluginEnabled then if Parameters.CleartextPluginEnabled then
FLib.mysql_options(FHandle, Integer(MYSQL_ENABLE_CLEARTEXT_PLUGIN), PAnsiChar('1')); FLib.mysql_options(FHandle, Integer(MYSQL_ENABLE_CLEARTEXT_PLUGIN), PAnsiChar('1'));

2
source/dbstructures.mysql.pas
View File

@ -358,7 +358,7 @@ type
mysql_ping: function(Handle: PMYSQL): Integer; stdcall; mysql_ping: function(Handle: PMYSQL): Integer; stdcall;
mysql_real_connect: function(Handle: PMYSQL; const Host, User, Passwd, Db: PAnsiChar; Port: Cardinal; const UnixSocket: PAnsiChar; ClientFlag: Cardinal): PMYSQL; stdcall; mysql_real_connect: function(Handle: PMYSQL; const Host, User, Passwd, Db: PAnsiChar; Port: Cardinal; const UnixSocket: PAnsiChar; ClientFlag: Cardinal): PMYSQL; stdcall;
mysql_real_query: function(Handle: PMYSQL; const Query: PAnsiChar; Length: Cardinal): Integer; stdcall; mysql_real_query: function(Handle: PMYSQL; const Query: PAnsiChar; Length: Cardinal): Integer; stdcall;
mysql_ssl_set: function(Handle: PMYSQL; const key, cert, CA, CApath, cipher: PAnsiChar): Byte; stdcall; mysql_ssl_set: function(Handle: PMYSQL; const key, cert, CA, CApath, cipher: PAnsiChar): Integer; stdcall;
mysql_stat: function(Handle: PMYSQL): PAnsiChar; stdcall; mysql_stat: function(Handle: PMYSQL): PAnsiChar; stdcall;
mysql_store_result: function(Handle: PMYSQL): PMYSQL_RES; stdcall; mysql_store_result: function(Handle: PMYSQL): PMYSQL_RES; stdcall;
mysql_thread_id: function(Handle: PMYSQL): Cardinal; stdcall; mysql_thread_id: function(Handle: PMYSQL): Cardinal; stdcall;