Skip to content

Commit

Permalink
Disable SSL in new libmariadb unless --mysql-ssl=on
Browse files Browse the repository at this point in the history
The new libmariadb defaults to enabling SSL, which introduces backward
compatibility issues. Moreover, certificate verification may be enforced,
together with SSL, potentially breaking connections with MySQL and older
MariaDB versions.

Thus, disable both certificate validation (apparently there is no option
for it at the moment) and SSL.
  • Loading branch information
vaintroub committed Nov 22, 2024
1 parent 71a02ba commit 80de759
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
2 changes: 1 addition & 1 deletion cmake/BuildLibmariadb.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ list(APPEND _EXTRA_CMAKE_ARGS
ENDIF()

set(LIBMARIADB_GIT_TAG
v3.3.11
v3.4.2
CACHE
STRING
"Git tag of mariadb client library. Set to empty string to get most recent revision"
Expand Down
5 changes: 5 additions & 0 deletions src/drivers/mysql/drv_mysql.c
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,11 @@ static int mysql_drv_real_connect(db_mysql_conn_t *db_mysql_con)
#ifdef HAVE_MYSQL_OPT_SSL_MODE
DEBUG("mysql_options(%p,%s,%d)", con, "MYSQL_OPT_SSL_MODE", args.ssl_mode);
mysql_options(con, MYSQL_OPT_SSL_MODE, &args.ssl_mode);
#else
char bool_opt = 0;
mysql_options(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &bool_opt);
bool_opt = args.use_ssl;
mysql_options(con, MYSQL_OPT_SSL_ENFORCE, &bool_opt);
#endif

if (args.use_ssl)
Expand Down

0 comments on commit 80de759

Please sign in to comment.