Added to pass ssl_mode in configuration. (#347)

2025-08-15 11:10:58 +08:00 · 2019-12-03 19:58:32 +09:00
parent 102fe7b990
commit 1a5ae1daf8
4 changed files with 65 additions and 4 deletions
--- a/MySQLdb/_mysql.c
+++ b/MySQLdb/_mysql.c
@ -34,6 +34,14 @@ PERFORMANCE OF THIS SOFTWARE.
 #define my_bool _Bool
 #endif

+#if ((MYSQL_VERSION_ID >= 50555 && MYSQL_VERSION_ID <= 50599) || \
+(MYSQL_VERSION_ID >= 50636 && MYSQL_VERSION_ID <= 50699) || \
+(MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \
+(MYSQL_VERSION_ID >= 80000)) && \
+!defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID)
+#define HAVE_ENUM_MYSQL_OPT_SSL_MODE
+#endif
+
 #define PY_SSIZE_T_CLEAN 1
 #include "Python.h"

@ -371,6 +379,23 @@ static int _mysql_ResultObject_clear(_mysql_ResultObject *self)
    return 0;
 }

+#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE
+static int
+_get_ssl_mode_num(char *ssl_mode)
+{
+    static char *ssl_mode_list[] = { "DISABLED", "PREFERRED",
+                  "REQUIRED", "VERIFY_CA", "VERIFY_IDENTITY" };
+    unsigned int i;
+    for (i=0; i < sizeof(ssl_mode_list)/sizeof(ssl_mode_list[0]); i++) {
+        if (strcmp(ssl_mode, ssl_mode_list[i]) == 0) {
+            // SSL_MODE one-based
+            return i + 1;
+        }
+    }
+    return -1;
+}
+#endif
+
 static int
 _mysql_ConnectionObject_Initialize(
    _mysql_ConnectionObject *self,
@ -380,6 +405,7 @@ _mysql_ConnectionObject_Initialize(
    MYSQL *conn = NULL;
    PyObject *conv = NULL;
    PyObject *ssl = NULL;
+    char *ssl_mode = NULL;
    const char *key = NULL, *cert = NULL, *ca = NULL,
         *capath = NULL, *cipher = NULL;
    PyObject *ssl_keepref[5] = {NULL};
@ -393,7 +419,7 @@ _mysql_ConnectionObject_Initialize(
                  "connect_timeout", "compress",
                  "named_pipe", "init_command",
                  "read_default_file", "read_default_group",
-                  "client_flag", "ssl",
+                  "client_flag", "ssl", "ssl_mode",
                  "local_infile",
                  "read_timeout", "write_timeout", "charset",
                  "auth_plugin",
@ -412,7 +438,7 @@ _mysql_ConnectionObject_Initialize(
    self->open = 0;

    if (!PyArg_ParseTupleAndKeywords(args, kwargs,
-                "|ssssisOiiisssiOiiiss:connect",
+                "|ssssisOiiisssiOsiiiss:connect",
                kwlist,
                &host, &user, &passwd, &db,
                &port, &unix_socket, &conv,
@ -420,7 +446,7 @@ _mysql_ConnectionObject_Initialize(
                &compress, &named_pipe,
                &init_command, &read_default_file,
                &read_default_group,
-                &client_flag, &ssl,
+                &client_flag, &ssl, &ssl_mode,
                &local_infile,
                &read_timeout,
                &write_timeout,
@ -441,6 +467,17 @@ _mysql_ConnectionObject_Initialize(
        _stringsuck(key, value, ssl);
        _stringsuck(cipher, value, ssl);
    }
+    if (ssl_mode) {
+#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE
+        if (_get_ssl_mode_num(ssl_mode) <= 0) {
+            PyErr_SetString(_mysql_NotSupportedError, "Unknown ssl_mode specification");
+            return -1;
+        }
+#else
+        PyErr_SetString(_mysql_NotSupportedError, "MySQL client library does not support ssl_mode specification");
+        return -1;
+#endif
+    }

    conn = mysql_init(&(self->connection));
    if (!conn) {
@ -483,6 +520,12 @@ _mysql_ConnectionObject_Initialize(
    if (ssl) {
        mysql_ssl_set(&(self->connection), key, cert, ca, capath, cipher);
    }
+#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE
+    if (ssl_mode) {
+        int ssl_mode_num = _get_ssl_mode_num(ssl_mode);
+        mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode_num);
+    }
+#endif
    if (charset) {
        mysql_options(&(self->connection), MYSQL_SET_CHARSET_NAME, charset);
    }