Since we use TLS and not SSL functions and structures were renamed

from SSL to TLS

Author: 9EOR9

include/ma_common.h

@@ -49,13 +49,14 @@ struct st_mysql_options_extension {
                           const char *proc_info,
                           unsigned int proc_info_length);
   MARIADB_DB_DRIVER *db_driver;
-  char *ssl_fp; /* finger print of server certificate */
-  char *ssl_fp_list; /* white list of finger prints */
-  char *ssl_pw; /* password for encrypted certificates */
+  char *tls_fp; /* finger print of server certificate */
+  char *tls_fp_list; /* white list of finger prints */
+  char *tls_pw; /* password for encrypted certificates */
   my_bool multi_command; /* indicates if client wants to send multiple
                             commands in one packet */
   char *url; /* for connection handler we need to save URL for reconnect */
-  unsigned int ssl_cipher_strength;
+  unsigned int tls_cipher_strength;
+  char *tls_version;
   my_bool read_only;
   char *connection_handler;
   my_bool (*set_option)(MYSQL *mysql, const char *config_option, const char *config_value);

include/ma_pvio.h

@@ -3,9 +3,9 @@
 #define cio_defined
 
 #ifdef HAVE_SSL
-#include <ma_ssl.h>
+#include <ma_tls.h>
 #else
-#define MARIADB_SSL void
+#define MARIADB_TLS void
 #endif
 
 #define PVIO_SET_ERROR if (pvio->set_error) \
@@ -78,7 +78,7 @@ struct st_ma_pvio {
   enum enum_pvio_type type;
   int timeout[3];
   int ssl_type;  /* todo: change to enum (ssl plugins) */
-  MARIADB_SSL *cssl;
+  MARIADB_TLS *ctls;
   MYSQL *mysql;
   struct mysql_async_context *async_context; /* For non-blocking API */
   PVIO_METHODS *methods;

include/ma_ssl.h include/ma_tls.h

@@ -1,7 +1,7 @@
-#ifndef _ma_ssl_h_
-#define _ma_ssl_h_
+#ifndef _ma_tls_h_
+#define _ma_tls_h_
 
-enum enum_pvio_ssl_type {
+enum enum_pvio_tls_type {
   SSL_TYPE_DEFAULT=0,
 #ifdef _WIN32
   SSL_TYPE_SCHANNEL,
@@ -10,11 +10,11 @@ enum enum_pvio_ssl_type {
   SSL_TYPE_GNUTLS
 };
 
-typedef struct st_ma_pvio_ssl {
+typedef struct st_ma_pvio_tls {
   void *data;
   MARIADB_PVIO *pvio;
   void *ssl;
-} MARIADB_SSL;
+} MARIADB_TLS;
 
 struct st_ssl_version {
   unsigned int iversion;
@@ -23,7 +23,7 @@ struct st_ssl_version {
 
 /* Function prototypes */
 
-/* ma_ssl_start
+/* ma_tls_start
    initializes the ssl library
    Parameter:
      errmsg      pointer to error message buffer
@@ -32,17 +32,17 @@ struct st_ssl_version {
      0           success
      1           if an error occured
    Notes:
-     On success the global variable ma_ssl_initialized will be set to 1
+     On success the global variable ma_tls_initialized will be set to 1
 */
-int ma_ssl_start(char *errmsg, size_t errmsg_len);
+int ma_tls_start(char *errmsg, size_t errmsg_len);
 
-/* ma_ssl_end
+/* ma_tls_end
    unloads/deinitializes ssl library and unsets global variable
-   ma_ssl_initialized
+   ma_tls_initialized
 */
-void ma_ssl_end(void);
+void ma_tls_end(void);
 
-/* ma_ssl_init
+/* ma_tls_init
    creates a new SSL structure for a SSL connection and loads
    client certificates
 
@@ -51,106 +51,106 @@ void ma_ssl_end(void);
    Returns:
      void *       a pointer to internal SSL structure
 */
-void * ma_ssl_init(MYSQL *mysql);
+void * ma_tls_init(MYSQL *mysql);
 
-/* ma_ssl_connect
+/* ma_tls_connect
    performs SSL handshake
    Parameters:
-     MARIADB_SSL   MariaDB SSL container
+     MARIADB_TLS   MariaDB SSL container
    Returns:
      0             success
      1             error
 */
-my_bool ma_ssl_connect(MARIADB_SSL *cssl);
+my_bool ma_tls_connect(MARIADB_TLS *ctls);
 
-/* ma_ssl_read
+/* ma_tls_read
    reads up to length bytes from socket
    Parameters:
-     cssl         MariaDB SSL container
+     ctls         MariaDB SSL container
      buffer       read buffer
      length       buffer length
    Returns:
      0-n          bytes read
      -1           if an error occured
 */
-size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length);
+size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
 
-/* ma_ssl_write
+/* ma_tls_write
    write buffer to socket
    Parameters:
-     cssl         MariaDB SSL container
+     ctls         MariaDB SSL container
      buffer       write buffer
      length       buffer length
    Returns:
      0-n          bytes written
      -1           if an error occured
 */
-size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length);
+size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
 
-/* ma_ssl_close
+/* ma_tls_close
    closes SSL connection and frees SSL structure which was previously
-   created by ma_ssl_init call
+   created by ma_tls_init call
    Parameters:
-     MARIADB_SSL  MariaDB SSL container
+     MARIADB_TLS  MariaDB SSL container
    Returns:
      0            success
      1            error
 */
-my_bool ma_ssl_close(MARIADB_SSL *cssl);
+my_bool ma_tls_close(MARIADB_TLS *ctls);
 
-/* ma_ssl_verify_server_cert
+/* ma_tls_verify_server_cert
    validation check of server certificate
    Parameter:
-     MARIADB_SSL  MariaDB SSL container
+     MARIADB_TLS  MariaDB SSL container
    Returns:
      ß            success
      1            error
 */
-int ma_ssl_verify_server_cert(MARIADB_SSL *cssl);
+int ma_tls_verify_server_cert(MARIADB_TLS *ctls);
 
-/* ma_ssl_get_cipher
+/* ma_tls_get_cipher
    returns cipher for current ssl connection
    Parameter:
-     MARIADB_SSL  MariaDB SSL container
+     MARIADB_TLS  MariaDB SSL container
    Returns: 
      cipher in use or
      NULL on error
 */
-const char *ma_ssl_get_cipher(MARIADB_SSL *ssl);
+const char *ma_tls_get_cipher(MARIADB_TLS *ssl);
 
-/* ma_ssl_get_finger_print
+/* ma_tls_get_finger_print
    returns SHA1 finger print of server certificate
    Parameter:
-     MARIADB_SSL  MariaDB SSL container
+     MARIADB_TLS  MariaDB SSL container
      fp           buffer for fingerprint
      fp_len       buffer length
    Returns:
      actual size of finger print
 */
-unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int fp_len);
+unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int fp_len);
 
-/* ma_ssl_get_protocol_version 
+/* ma_tls_get_protocol_version 
    returns protocol version in use
    Parameter:
-     MARIADB_SSL    MariaDB SSL container
+     MARIADB_TLS    MariaDB SSL container
      version        pointer to ssl version info
    Returns:
      0              success
      1              error
 */
-my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
+my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version);
 
 /* Function prototypes */
-MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql);
-my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl);
-size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar *buffer, size_t length);
-size_t ma_pvio_ssl_write(MARIADB_SSL *cssl, const uchar *buffer, size_t length);
-my_bool ma_pvio_ssl_close(MARIADB_SSL *cssl);
-int ma_pvio_ssl_verify_server_cert(MARIADB_SSL *cssl);
-const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl);
-my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list);
+MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
+my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
+size_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
+size_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
+my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
+int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
+const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
+my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
 my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
-my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
-void ma_pvio_ssl_end();
+my_bool ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version);
+void ma_pvio_tls_end();
 
-#endif /* _ma_ssl_h_ */
+#endif /* _ma_tls_h_ */

include/mariadb_async.h

@@ -29,9 +29,9 @@ extern ssize_t my_send_async(MARIADB_PVIO *pvio,
 extern my_bool my_io_wait_async(struct mysql_async_context *b,
                                 enum enum_pvio_io_event event, int timeout);
 #ifdef HAVE_SSL
-extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_SSL *ssl,
+extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_TLS *tls,
                              void *buf, int size);
-extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_SSL *ssl,
+extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_TLS *tls,
                               const void *buf, int size);
 #endif
 

include/mysql.h

@@ -214,13 +214,16 @@ extern unsigned int mariadb_deinitialize_ssl;
     MYSQL_OPT_NONBLOCK,
     /* MariaDB Connector/C specific */
     MYSQL_DATABASE_DRIVER=7000,
-    MARIADB_OPT_SSL_FP,             /* single finger print for server certificate verification */
-    MARIADB_OPT_SSL_FP_LIST,        /* finger print white list for server certificate verification */
-    MARIADB_OPT_SSL_PASSPHRASE,     /* passphrase for encrypted certificates */
+    MARIADB_OPT_SSL_FP,             /* deprecated, use MARIADB_OPT_TLS_PEER_FP instead */
+    MARIADB_OPT_SSL_FP_LIST,        /* deprecated, use MARIADB_OPT_TLS_PEER_FP_LIST instead */
+    MARIADB_OPT_TLS_PASSPHRASE,     /* passphrase for encrypted certificates */
+    MARIADB_OPT_TLS_CIPHER_STRENGTH,
+    MARIADB_OPT_TLS_VERSION,
+    MARIADB_OPT_TLS_PEER_FP,            /* single finger print for server certificate verification */
+    MARIADB_OPT_TLS_PEER_FP_LIST,       /* finger print white list for server certificate verification */
     MARIADB_OPT_CONNECTION_READ_ONLY,
     MYSQL_OPT_CONNECT_ATTRS,        /* for mysql_get_optionv */
     MARIADB_OPT_USERDATA,
-    MARIADB_OPT_SSL_CIPHER_STRENGTH,
     MARIADB_OPT_CONNECTION_HANDLER,
     MARIADB_OPT_PORT,
     MARIADB_OPT_UNIXSOCKET,
@@ -259,14 +262,14 @@ extern unsigned int mariadb_deinitialize_ssl;
     MARIADB_CONNECTION_SOCKET,
     MARIADB_CONNECTION_SQLSTATE,
     MARIADB_CONNECTION_SSL_CIPHER,
-    MARIADB_SSL_LIBRARY,
-    MARIADB_CONNECTION_SSL_VERSION,
-    MARIADB_CONNECTION_SSL_VERSION_ID,
+    MARIADB_TLS_LIBRARY,
+    MARIADB_CONNECTION_TLS_VERSION,
+    MARIADB_CONNECTION_TLS_VERSION_ID,
     MARIADB_CONNECTION_TYPE,
     MARIADB_CONNECTION_UNIX_SOCKET,
     MARIADB_CONNECTION_USER,
     MARIADB_MAX_ALLOWED_PACKET,
-    MARIADB_NET_BUFFER_LENGTH
+    MARIADB_NET_BUFFER_LENGTH,
   };
 
   enum mysql_status { MYSQL_STATUS_READY,

libmariadb/CMakeLists.txt

@@ -251,7 +251,7 @@ ma_errmsg.c
 mariadb_lib.c
 ma_list.c
 ma_pvio.c
-ma_ssl.c
+ma_tls.c
 ma_alloc.c
 ma_compress.c
 ma_init.c