[sr-dev] git:master:260e25e1: db_mysql: new parameter opt_ssl_mode - allow controling ssl mode

Daniel-Constantin Mierla miconda at gmail.com
Sun Jun 14 11:32:49 CEST 2020 

Module: kamailio
Branch: master
Commit: 260e25e15c4aa68533ee560bd8fcbdd5ee7b7d6f
URL: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd5ee7b7d6f

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2020-06-14T11:18:15+02:00

db_mysql: new parameter opt_ssl_mode - allow controling ssl mode

- can disable or enforce use of ssl
- some combinations of libmysqlclient and libssl1.1 can result in
crashing when ssl/tls is used, even on 127.0.0.1, this param can be used
to disable it

---

Modified: src/modules/db_mysql/db_mysql.c
Modified: src/modules/db_mysql/km_my_con.c
Modified: src/modules/db_mysql/my_con.c

---

Diff:  https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd5ee7b7d6f.diff
Patch: https://github.com/kamailio/kamailio/commit/260e25e15c4aa68533ee560bd8fcbdd5ee7b7d6f.patch

---

diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
index da130f1818..397372f5ac 100644
--- a/src/modules/db_mysql/db_mysql.c
+++ b/src/modules/db_mysql/db_mysql.c
@@ -45,6 +45,7 @@ unsigned int my_server_timezone = 0; /* Use FROM_UNIXTIME() for date conversion
 
 unsigned long my_client_ver = 0;
 int db_mysql_unsigned_type = 0;
+int db_mysql_opt_ssl_mode = 0;
 
 struct mysql_counters_h mysql_cnts_h;
 counter_def_t mysql_cnt_defs[] =  {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
 	{"insert_delayed",   INT_PARAM, &db_mysql_insert_all_delayed},
 	{"update_affected_found", INT_PARAM, &db_mysql_update_affected_found},
 	{"unsigned_type",    PARAM_INT, &db_mysql_unsigned_type},
+	{"opt_ssl_mode",     PARAM_INT, &db_mysql_opt_ssl_mode},
 	{0, 0, 0}
 };
 
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index bed21f92a7..324e707e5b 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -40,6 +40,8 @@
 #include "../../core/ut.h"
 #include "db_mysql.h"
 
+extern int db_mysql_opt_ssl_mode;
+
 /*! \brief
  * Create a new connection structure,
  * open the MySQL connection and set reference count to 1
@@ -49,6 +51,8 @@ struct my_con* db_mysql_new_connection(const struct db_id* id)
 	struct my_con* ptr;
 	char *host, *grp, *egrp;
 	unsigned int connection_flag = 0;
+	unsigned int optuint = 0;
+
 #if MYSQL_VERSION_ID > 50012
 #if MYSQL_VERSION_ID > 80000 && ! defined MARIADB_BASE_VERSION
 	bool rec;
@@ -112,6 +116,20 @@ struct my_con* db_mysql_new_connection(const struct db_id* id)
 	mysql_options(ptr->con, MYSQL_OPT_CONNECT_TIMEOUT, (const void*)&db_mysql_timeout_interval);
 	mysql_options(ptr->con, MYSQL_OPT_READ_TIMEOUT, (const void*)&db_mysql_timeout_interval);
 	mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, (const void*)&db_mysql_timeout_interval);
+#if MYSQL_VERSION_ID > 50710
+	if(db_mysql_opt_ssl_mode!=0) {
+		if(db_mysql_opt_ssl_mode==1) {
+			if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) {
+				LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n",
+						SSL_MODE_DISABLED);
+			}
+			optuint = SSL_MODE_DISABLED;
+		} else {
+			optuint = (unsigned int)db_mysql_opt_ssl_mode;
+		}
+		mysql_options(ptr->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint);
+	}
+#endif
 #if MYSQL_VERSION_ID > 50012
 	/* set reconnect flag if enabled */
 	if (db_mysql_auto_reconnect) {
diff --git a/src/modules/db_mysql/my_con.c b/src/modules/db_mysql/my_con.c
index f64a90f0aa..349595ee8f 100644
--- a/src/modules/db_mysql/my_con.c
+++ b/src/modules/db_mysql/my_con.c
@@ -31,6 +31,7 @@
 #include <string.h>
 #include <time.h>
 
+extern int db_mysql_opt_ssl_mode;
 
 /*
  * Close the connection and release memory
@@ -54,6 +55,7 @@ int my_con_connect(db_con_t* con)
 {
 	struct my_con* mcon;
 	struct my_uri* muri;
+	unsigned int optuint = 0;
 
 	mcon = DB_GET_PAYLOAD(con);
 	muri = DB_GET_PAYLOAD(con->uri);
@@ -70,6 +72,20 @@ int my_con_connect(db_con_t* con)
 					(const void*)&my_connect_to))
 			WARN("failed to set MYSQL_OPT_CONNECT_TIMEOUT\n");
 	}
+#if MYSQL_VERSION_ID > 50710
+	if(db_mysql_opt_ssl_mode!=0) {
+		if(db_mysql_opt_ssl_mode==1) {
+			if(db_mysql_opt_ssl_mode!=SSL_MODE_DISABLED) {
+				LM_WARN("ssl mode disabled is not 1 (value %u) - enforcing\n",
+						SSL_MODE_DISABLED);
+			}
+			optuint = SSL_MODE_DISABLED;
+		} else {
+			optuint = (unsigned int)db_mysql_opt_ssl_mode;
+		}
+		mysql_options(mcon->con, MYSQL_OPT_SSL_MODE, (const void*)&optuint);
+	}
+#endif
 
 #if MYSQL_VERSION_ID >= 40101
 	if ((my_client_ver >= 50025) ||

More information about the sr-dev mailing list