SQL/MySQL: add option MYSQL_OPT_TLS_VERSION & MYSQL_OPT_SSL_MODE

Add the two options MYSQL_OPT_TLS_VERSION and MYSQL_OPT_SSL_MODE to properly support encrypted connections to MySQL 8.0 servers. MYSQL_OPT_SSL_MODE will not work when compiled against the MariaDB C-Connector since it's not supported by the MariaDB client. [ChangeLog][QtSql][MySQL] Added the two new connect options MYSQL_OPT_TLS_VERSION and MYSQL_OPT_SSL_MODE. Fixes: QTBUG-84797 Change-Id: Iec7d682fc00072ce5b2a824c4ea00fca4575a93e Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
2023-02-27 20:28:33 +01:00 · 2023-02-27 20:28:33 +01:00 · 39fab09aad
commit 39fab09aad
parent 27867de8ca
2 changed files with 37 additions and 0 deletions
--- a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
+++ b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
@ -1204,6 +1204,27 @@ static bool setOptionBool(MYSQL *mysql, mysql_option option, QStringView v)
    return mysql_options(mysql, option, &val) == 0;
 }

+// MYSQL_OPT_SSL_MODE was introduced with MySQL 5.7.11
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID)
+static bool setOptionSslMode(MYSQL *mysql, mysql_option option, QStringView v)
+{
+    mysql_ssl_mode sslMode = SSL_MODE_DISABLED;
+    if (v == "DISABLED"_L1 || v == "SSL_MODE_DISABLED"_L1)
+        sslMode = SSL_MODE_DISABLED;
+    else if (v == "PREFERRED"_L1 || v == "SSL_MODE_PREFERRED"_L1)
+        sslMode = SSL_MODE_PREFERRED;
+    else if (v == "REQUIRED"_L1 || v == "SSL_MODE_REQUIRED"_L1)
+        sslMode = SSL_MODE_REQUIRED;
+    else if (v == "VERIFY_CA"_L1 || v == "SSL_MODE_VERIFY_CA"_L1)
+        sslMode = SSL_MODE_VERIFY_CA;
+    else if (v == "VERIFY_IDENTITY"_L1 || v == "SSL_MODE_VERIFY_IDENTITY"_L1)
+        sslMode = SSL_MODE_VERIFY_IDENTITY;
+    else
+        qWarning() << "Unknown ssl mode '" << v << "' - using SSL_MODE_DISABLED";
+    return mysql_options(mysql, option, &sslMode) == 0;
+}
+#endif
+
 static bool setOptionProtocol(MYSQL *mysql, mysql_option option, QStringView v)
 {
    mysql_protocol_type proto = MYSQL_PROTOCOL_DEFAULT;
@ -1259,6 +1280,12 @@ bool QMYSQLDriver::open(const QString &db,
        {"MYSQL_OPT_SSL_CIPHER"_L1,      MYSQL_OPT_SSL_CIPHER,      setOptionString},
        {"MYSQL_OPT_SSL_CRL"_L1,         MYSQL_OPT_SSL_CRL,         setOptionString},
        {"MYSQL_OPT_SSL_CRLPATH"_L1,     MYSQL_OPT_SSL_CRLPATH,     setOptionString},
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50710
+        {"MYSQL_OPT_TLS_VERSION"_L1,     MYSQL_OPT_TLS_VERSION,     setOptionString},
+#endif
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID)
+        {"MYSQL_OPT_SSL_MODE"_L1,        MYSQL_OPT_SSL_MODE,        setOptionSslMode},
+#endif
        {"MYSQL_OPT_CONNECT_TIMEOUT"_L1, MYSQL_OPT_CONNECT_TIMEOUT, setOptionInt},
        {"MYSQL_OPT_READ_TIMEOUT"_L1,    MYSQL_OPT_READ_TIMEOUT,    setOptionInt},
        {"MYSQL_OPT_WRITE_TIMEOUT"_L1,   MYSQL_OPT_WRITE_TIMEOUT,   setOptionInt},
--- a/src/sql/doc/src/sql-driver.qdoc
+++ b/src/sql/doc/src/sql-driver.qdoc
@ -209,6 +209,16 @@
      \li Set to 1 to enable the support for local
          \l {https://dev.mysql.com/doc/refman/8.0/en/load-data.html} {LOAD_DATA},
          disabled if not set or 0
+    \row
+      \li MYSQL_OPT_SSL_MODE
+      \li The security state to use for the connection to the server: SSL_MODE_DISABLED,
+          SSL_MODE_PREFERRED, SSL_MODE_REQUIRED, SSL_MODE_VERIFY_CA, SSL_MODE_VERIFY_IDENTITY.
+    \row
+      \li MYSQL_OPT_TLS_VERSION
+      \li A list of protocols the client permits for encrypted connections. The value can be
+          a combination of 'TLSv1' ,' TLSv1.1', 'TLSv1.2' or 'TLSv1.3' depending on the used \l
+          {https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration}
+          {MySQL server} version.
    \row
      \li MYSQL_OPT_SSL_KEY / SSL_KEY (deprecated)
      \li The path name of the client private key file