Module: kamailio Branch: master Commit: 260e25e15c4aa68533ee560bd8fcbdd5ee7b7d6f URL: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2020-06-14T11:18:15+02:00 db_mysql: new parameter opt_ssl_mode - allow controling ssl mode - can disable or enforce use of ssl - some combinations of libmysqlclient and libssl1.1 can result in crashing when ssl/tls is used, even on 127.0.0.1, this param can be used to disable it --- Modified: src/modules/db_mysql/db_mysql.c Modified: src/modules/db_mysql/km_my_con.c Modified: src/modules/db_mysql/my_con.c --- Diff: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd… Patch: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd… --- diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c index da130f1818..397372f5ac 100644 --- a/src/modules/db_mysql/db_mysql.c +++ b/src/modules/db_mysql/db_mysql.c @@ -45,6 +45,7 @@ unsigned int my_server_timezone = 0; /* Use FROM_UNIXTIME() for date conversion unsigned long my_client_ver = 0; int db_mysql_unsigned_type = 0; +int db_mysql_opt_ssl_mode = 0; struct mysql_counters_h mysql_cnts_h; counter_def_t mysql_cnt_defs[] = { @@ -100,6 +101,7 @@ static param_export_t params[] = { {"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed}, {"update_affected_found", INT_PARAM, &db_mysql_update_affected_found}, {"unsigned_type", PARAM_INT, &db_mysql_unsigned_type}, + {"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0} }; diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c index bed21f92a7..324e707e5b 100644 --- a/src/modules/db_mysql/km_my_con.c +++ b/src/modules/db_mysql/km_my_con.c @@ -40,6 +40,8 @@ #include "../../core/ut.h" #include "db_mysql.h" +extern int db_mysql_opt_ssl_mode; + /*! \brief * Create a new connection structure, * open the MySQL connection and set reference count to 1 @@ -49,6 +51,8 @@ struct my_con* db_mysql_new_connection(const struct db_id* id) struct my_con* ptr; char *host, *grp, *egrp; unsigned int connection_flag = 0; + unsigned int optuint = 0; + #if MYSQL_VERSION_ID > 50012 #if MYSQL_VERSION_ID > 80000 && ! defined MARIADB_BASE_VERSION bool rec; @@ -112,6 +116,20 @@ struct my_con* db_mysql_new_connection(const struct db_id* id) mysql_options(ptr->con, MYSQL_OPT_CONNECT_TIMEOUT, (const void*)&db_mysql_timeout_interval); mysql_options(ptr->con, MYSQL_OPT_READ_TIMEOUT, (const void*)&db_mysql_timeout_interval); mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, (const void*)&db_mysql_timeout_interval); +#if MYSQL_VERSION_ID > 50710 + if(db_mysql_opt_ssl_mode!=0) { + if(db_mysql_opt_ssl_mode==1) { + if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) { + LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n", + SSL_MODE_DISABLED); + } + optuint = SSL_MODE_DISABLED; + } else { + optuint = (unsigned int)db_mysql_opt_ssl_mode; + } + mysql_options(ptr->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint); + } +#endif #if MYSQL_VERSION_ID > 50012 /* set reconnect flag if enabled */ if (db_mysql_auto_reconnect) { diff --git a/src/modules/db_mysql/my_con.c b/src/modules/db_mysql/my_con.c index f64a90f0aa..349595ee8f 100644 --- a/src/modules/db_mysql/my_con.c +++ b/src/modules/db_mysql/my_con.c @@ -31,6 +31,7 @@ #include <string.h> #include <time.h> +extern int db_mysql_opt_ssl_mode; /* * Close the connection and release memory @@ -54,6 +55,7 @@ int my_con_connect(db_con_t* con) { struct my_con* mcon; struct my_uri* muri; + unsigned int optuint = 0; mcon = DB_GET_PAYLOAD(con); muri = DB_GET_PAYLOAD(con->uri); @@ -70,6 +72,20 @@ int my_con_connect(db_con_t* con) (const void*)&my_connect_to)) WARN("failed to set MYSQL_OPT_CONNECT_TIMEOUT\n"); } +#if MYSQL_VERSION_ID > 50710 + if(db_mysql_opt_ssl_mode!=0) { + if(db_mysql_opt_ssl_mode==1) { + if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) { + LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n", + SSL_MODE_DISABLED); + } + optuint = SSL_MODE_DISABLED; + } else { + optuint = (unsigned int)db_mysql_opt_ssl_mode; + } + mysql_options(mcon->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint); + } +#endif #if MYSQL_VERSION_ID >= 40101 if ((my_client_ver >= 50025) ||