python/mysqlclient
1
0
Fork 0
mirror of https://github.com/PyMySQL/mysqlclient.git synced 2025-08-14 18:12:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

windows: use DEFAULT_SSL_VERIFY_SERVER_CERT=0 option (#731)

Browse Source
This commit is contained in:
Inada Naoki
2024-11-12 19:06:52 +09:00
committed by GitHub
parent 6eb6c2f879
commit 89511eef44
2 changed files with 45 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/windows.yaml vendored
View File

@ -17,7 +17,7 @@ jobs:
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: c:/mariadb-connector path: c:/mariadb-connector
key: mariadb-connector-c-${{ env.CONNECTOR_VERSION }}-win key: mariadb-connector-c-${{ env.CONNECTOR_VERSION }}-win-2
- name: Download and Unzip Connector - name: Download and Unzip Connector
if: steps.cache-connector.outputs.cache-hit != 'true' if: steps.cache-connector.outputs.cache-hit != 'true'
@ -27,15 +27,32 @@ jobs:
unzip "mariadb-connector-c-${CONNECTOR_VERSION}-src.zip" -d c:/ unzip "mariadb-connector-c-${CONNECTOR_VERSION}-src.zip" -d c:/
mv "c:/mariadb-connector-c-${CONNECTOR_VERSION}-src" c:/mariadb-connector-src mv "c:/mariadb-connector-c-${CONNECTOR_VERSION}-src" c:/mariadb-connector-src
- name: Build Connector - name: make build directory
if: steps.cache-connector.outputs.cache-hit != 'true' if: steps.cache-connector.outputs.cache-hit != 'true'
shell: cmd shell: cmd
working-directory: c:/mariadb-connector-src working-directory: c:/mariadb-connector-src
run: | run: |
mkdir build mkdir build
cd build
cmake -A x64 .. -DCMAKE_BUILD_TYPE=Release -DCLIENT_PLUGIN_DIALOG=static -DCLIENT_PLUGIN_SHA256_PASSWORD=static -DCLIENT_PLUGIN_CACHING_SHA2_PASSWORD=static - name: cmake
if: steps.cache-connector.outputs.cache-hit != 'true'
shell: cmd
working-directory: c:/mariadb-connector-src/build
run: |
cmake -A x64 .. -DCMAKE_BUILD_TYPE=Release -DCLIENT_PLUGIN_DIALOG=static -DCLIENT_PLUGIN_SHA256_PASSWORD=static -DCLIENT_PLUGIN_CACHING_SHA2_PASSWORD=static -DDEFAULT_SSL_VERIFY_SERVER_CERT=0
- name: cmake build
if: steps.cache-connector.outputs.cache-hit != 'true'
shell: cmd
working-directory: c:/mariadb-connector-src/build
run: |
cmake --build . -j 8 --config Release cmake --build . -j 8 --config Release
- name: cmake install
if: steps.cache-connector.outputs.cache-hit != 'true'
shell: cmd
working-directory: c:/mariadb-connector-src/build
run: |
cmake -DCMAKE_INSTALL_PREFIX=c:/mariadb-connector -DCMAKE_INSTALL_COMPONENT=Development -DCMAKE_BUILD_TYPE=Release -P cmake_install.cmake cmake -DCMAKE_INSTALL_PREFIX=c:/mariadb-connector -DCMAKE_INSTALL_COMPONENT=Development -DCMAKE_BUILD_TYPE=Release -P cmake_install.cmake
- name: Checkout mysqlclient - name: Checkout mysqlclient

26
src/MySQLdb/_mysql.c
View File

@ -543,23 +543,30 @@ _mysql_ConnectionObject_Initialize(
mysql_options(&(self->connection), MYSQL_OPT_SSL_CIPHER, cipher); mysql_options(&(self->connection), MYSQL_OPT_SSL_CIPHER, cipher);
} }
if (ssl_mode_set) {
#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE #ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE
if (ssl_mode_set) {
mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode_num); mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode_num);
}
#else #else
// MariaDB doesn't support MYSQL_OPT_SSL_MODE. // MariaDB doesn't support MYSQL_OPT_SSL_MODE.
// See https://github.com/PyMySQL/mysqlclient/issues/474 // See https://github.com/PyMySQL/mysqlclient/issues/474
// TODO: Does MariaDB supports PREFERRED and VERIFY_CA? // And MariDB 11.4 changed the default value of MYSQL_OPT_SSL_ENFORCE and
// We support only two levels for now. // MYSQL_OPT_SSL_VERIFY_SERVER_CERT to 1.
my_bool enforce_tls = 1; // https://github.com/mariadb-corporation/mariadb-connector-c/commit/8dffd56936df3d03eeccf47904773860a0cdeb57
// We emulate the ssl_mode and old behavior.
my_bool my_true = 1;
my_bool my_false = 0;
if (ssl_mode_num >= SSLMODE_REQUIRED) { if (ssl_mode_num >= SSLMODE_REQUIRED) {
mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_ENFORCE, (void *)&enforce_tls); mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_ENFORCE, (void *)&my_true);
} else {
mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_ENFORCE, (void *)&my_false);
} }
if (ssl_mode_num >= SSLMODE_VERIFY_CA) { if (ssl_mode_num >= SSLMODE_VERIFY_CA) {
mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (void *)&enforce_tls); mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (void *)&my_true);
} else {
mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (void *)&my_false);
} }
#endif #endif
}
if (charset) { if (charset) {
mysql_options(&(self->connection), MYSQL_SET_CHARSET_NAME, charset); mysql_options(&(self->connection), MYSQL_SET_CHARSET_NAME, charset);
@ -573,13 +580,10 @@ _mysql_ConnectionObject_Initialize(
port, unix_socket, client_flag); port, unix_socket, client_flag);
Py_END_ALLOW_THREADS Py_END_ALLOW_THREADS
if (ssl) { for (int i=0; i<n_ssl_keepref; i++) {
int i;
for (i=0; i<n_ssl_keepref; i++) {
Py_DECREF(ssl_keepref[i]); Py_DECREF(ssl_keepref[i]);
ssl_keepref[i] = NULL; ssl_keepref[i] = NULL;
} }
}
if (!conn) { if (!conn) {
_mysql_Exception(self); _mysql_Exception(self);