MDEV-29817: Issues with handling options for SSL CRLs (and some others)

This patch adds the correct setting of the "--ssl-verify-server-cert" option in the client-side utilities such as mysqlcheck and mysqlslap, as well as the correct setting of the "--ssl-crl" option when executing queries on the slave side, and also add the correct option codes in the "sslopts-logopts.h" file (in the latter case, incorrect values are not a problem right now, but may cause subtle test failures in the future, if the option handling code changes).

MDEV-29817: Issues with handling options for SSL CRLs (and some others)
This patch adds the correct setting of the "--ssl-verify-server-cert" option in the client-side utilities such as mysqlcheck and mysqlslap, as well as the correct setting of the "--ssl-crl" option when executing queries on the slave side, and also add the correct option codes in the "sslopts-logopts.h" file (in the latter case, incorrect values are not a problem right now, but may cause subtle test failures in the future, if the option handling code changes).
f0820400 · Julius Goryavsky · 71c93fb8 · f0820400 · f0820400 · f0820400
Commit f0820400 authored Oct 19, 2022 by Julius Goryavsky
Showing with 9 additions and 5 deletions

client/mysqlcheck.c client/mysqlcheck.c +2 -0

client/mysqlslap.c client/mysqlslap.c +2 -0

include/sslopt-longopts.h include/sslopt-longopts.h +2 -2

sql/slave.cc sql/slave.cc +3 -3

No files found.
--- a/client/mysqlcheck.c
+++ b/client/mysqlcheck.c
@@ -1111,6 +1111,8 @@ static int dbConnect(char *host, char *user, char *passwd)
    mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
    mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
  }
+  mysql_options(&mysql_connection, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
  if (opt_protocol)
    mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

--- a/client/mysqlslap.c
+++ b/client/mysqlslap.c
@@ -306,6 +306,8 @@ void set_mysql_connect_options(MYSQL *mysql)
    mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl);
    mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath);
  }
+  mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
  if (opt_protocol)
    mysql_options(mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

--- a/include/sslopt-longopts.h
+++ b/include/sslopt-longopts.h
@@ -39,10 +39,10 @@
  {"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl).",
   &opt_ssl_key, &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
-  {"ssl-crl", OPT_SSL_KEY, "Certificate revocation list (implies --ssl).",
+  {"ssl-crl", OPT_SSL_CRL, "Certificate revocation list (implies --ssl).",
   &opt_ssl_crl, &opt_ssl_crl, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
-  {"ssl-crlpath", OPT_SSL_KEY, 
+  {"ssl-crlpath", OPT_SSL_CRLPATH,
    "Certificate revocation list path (implies --ssl).",
   &opt_ssl_crlpath, &opt_ssl_crlpath, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},

--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -7210,9 +7210,9 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi,
                  mi->ssl_ca[0]?mi->ssl_ca:0,
                  mi->ssl_capath[0]?mi->ssl_capath:0,
                  mi->ssl_cipher[0]?mi->ssl_cipher:0);
-    mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
-                  &mi->ssl_verify_server_cert);
-    mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, 
+    mysql_options(mysql, MYSQL_OPT_SSL_CRL,
+                  mi->ssl_crl[0] ? mi->ssl_crl : 0);
+    mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH,
                  mi->ssl_crlpath[0] ? mi->ssl_crlpath : 0);
    mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
                  &mi->ssl_verify_server_cert);