From 80de75924a9efeec0d4cdcd54004bf8eaf43da2f Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Fri, 22 Nov 2024 00:05:04 +0100 Subject: [PATCH] Disable SSL in new libmariadb unless --mysql-ssl=on The new libmariadb defaults to enabling SSL, which introduces backward compatibility issues. Moreover, certificate verification may be enforced, together with SSL, potentially breaking connections with MySQL and older MariaDB versions. Thus, disable both certificate validation (apparently there is no option for it at the moment) and SSL. --- cmake/BuildLibmariadb.cmake | 2 +- src/drivers/mysql/drv_mysql.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cmake/BuildLibmariadb.cmake b/cmake/BuildLibmariadb.cmake index a1a1c2c6..33455a65 100644 --- a/cmake/BuildLibmariadb.cmake +++ b/cmake/BuildLibmariadb.cmake @@ -41,7 +41,7 @@ list(APPEND _EXTRA_CMAKE_ARGS ENDIF() set(LIBMARIADB_GIT_TAG - v3.3.11 + v3.4.2 CACHE STRING "Git tag of mariadb client library. Set to empty string to get most recent revision" diff --git a/src/drivers/mysql/drv_mysql.c b/src/drivers/mysql/drv_mysql.c index 15e53538..7443f836 100644 --- a/src/drivers/mysql/drv_mysql.c +++ b/src/drivers/mysql/drv_mysql.c @@ -403,6 +403,11 @@ static int mysql_drv_real_connect(db_mysql_conn_t *db_mysql_con) #ifdef HAVE_MYSQL_OPT_SSL_MODE DEBUG("mysql_options(%p,%s,%d)", con, "MYSQL_OPT_SSL_MODE", args.ssl_mode); mysql_options(con, MYSQL_OPT_SSL_MODE, &args.ssl_mode); +#else + char bool_opt = 0; + mysql_options(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &bool_opt); + bool_opt = args.use_ssl; + mysql_options(con, MYSQL_OPT_SSL_ENFORCE, &bool_opt); #endif if (args.use_ssl)