Commit 889812fd authored by unknown's avatar unknown

Bug#21543: 5.0.24 breaks ABI compatibility for python bindings: \

	InterfaceError on connect

Removed the bool flag from the st_mysql_options struct, since it adds 
another word in size to the memory size and shifts member memory locations
down, both of which break binary-interface compatibility.

Instead, use a flag, 2**30, in the client_options bit-field to represent
that the client should check the SSL certificate of the server.


include/mysql.h:
  Do not change the struct size.
include/mysql_com.h:
  Add a new bit-flag for client verifying server SSL certificate.
  
  Emphasize that we're not stepping on anyone else's bit/toes.
sql-common/client.c:
  Set and read the bit-field for client-side SSL-cert checking of the server.
parent 23f3dd1d
......@@ -165,7 +165,6 @@ struct st_mysql_options {
char *ssl_ca; /* PEM CA file */
char *ssl_capath; /* PEM directory of CA-s? */
char *ssl_cipher; /* cipher to use */
my_bool ssl_verify_server_cert; /* if to verify server cert */
char *shared_memory_base_name;
unsigned long max_allowed_packet;
my_bool use_ssl; /* if to use SSL or not */
......
......@@ -134,8 +134,10 @@ enum enum_server_command
#define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */
#define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */
#define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */
#define CLIENT_MULTI_STATEMENTS 65536 /* Enable/disable multi-stmt support */
#define CLIENT_MULTI_RESULTS 131072 /* Enable/disable multi-results */
#define CLIENT_MULTI_STATEMENTS (((ulong) 1) << 16) /* Enable/disable multi-stmt support */
#define CLIENT_MULTI_RESULTS (((ulong) 1) << 17) /* Enable/disable multi-results */
#define CLIENT_SSL_VERIFY_SERVER_CERT (((ulong) 1) << 30)
#define CLIENT_REMEMBER_OPTIONS (((ulong) 1) << 31)
#define SERVER_STATUS_IN_TRANS 1 /* Transaction has started */
......
......@@ -1502,7 +1502,6 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
mysql->options.ssl_ca= strdup_if_not_null(ca);
mysql->options.ssl_capath= strdup_if_not_null(capath);
mysql->options.ssl_cipher= strdup_if_not_null(cipher);
mysql->options.ssl_verify_server_cert= FALSE; /* Off by default */
#endif /* HAVE_OPENSSL */
DBUG_RETURN(0);
}
......@@ -2162,7 +2161,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
DBUG_PRINT("info", ("IO layer change done!"));
/* Verify server cert */
if (mysql->options.ssl_verify_server_cert &&
if ((client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
ssl_verify_server_cert(mysql->net.vio, mysql->host))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
......@@ -2909,7 +2908,10 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg)
mysql->reconnect= *(my_bool *) arg;
break;
case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
mysql->options.ssl_verify_server_cert= *(my_bool *) arg;
if (!arg || test(*(uint*) arg))
mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
else
mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
break;
default:
DBUG_RETURN(1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment