From a66dbb19e6915d8bb560ac2bbfe64eb6850f7bbb Mon Sep 17 00:00:00 2001
From: Christian Ehrlicher <ch.ehrlicher@gmx.de>
Date: Thu, 8 May 2025 21:41:43 +0200
Subject: [PATCH] SQL/MySQL: add option MYSQL_OPT_SSL_VERIFY_SERVER_CERT

Add option MYSQL_OPT_SSL_VERIFY_SERVER_CERT to disable ssl for MySQL
5.7.x and MariaDB. This is needed as MariaDB does not support the
SSL_MODE options but defaults to ssl nowadays.
Also enhance the documentation for MYSQL_OPT_TLS_VERSION and
MYSQL_OPT_SSL_MODE by providing the needed MySQL/MariaDB versions for
those options.

Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136550
Change-Id: If570cf8e92d0df7c9e2c4d0e009857eaf33f4f2d
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
---
 src/plugins/sqldrivers/mysql/qsql_mysql.cpp | 3 +++
 src/sql/doc/src/sql-driver.qdoc             | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
index 42c2c6a49f7..e93f42d4ea2 100644
--- a/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
+++ b/src/plugins/sqldrivers/mysql/qsql_mysql.cpp
@@ -1305,6 +1305,9 @@ bool QMYSQLDriver::open(const QString &db,
 #endif
 #if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID)
         {"MYSQL_OPT_SSL_MODE"_L1,        MYSQL_OPT_SSL_MODE,        setOptionSslMode},
+#endif
+#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID < 80000 || defined(MARIADB_VERSION_ID)
+        {"MYSQL_OPT_SSL_VERIFY_SERVER_CERT"_L1, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, setOptionBool},
 #endif
         {"MYSQL_OPT_CONNECT_TIMEOUT"_L1, MYSQL_OPT_CONNECT_TIMEOUT, setOptionInt},
         {"MYSQL_OPT_READ_TIMEOUT"_L1,    MYSQL_OPT_READ_TIMEOUT,    setOptionInt},
diff --git a/src/sql/doc/src/sql-driver.qdoc b/src/sql/doc/src/sql-driver.qdoc
index adc105c73c2..e5258f6899e 100644
--- a/src/sql/doc/src/sql-driver.qdoc
+++ b/src/sql/doc/src/sql-driver.qdoc
@@ -220,12 +220,14 @@
       \li MYSQL_OPT_SSL_MODE
       \li The security state to use for the connection to the server: SSL_MODE_DISABLED,
           SSL_MODE_PREFERRED, SSL_MODE_REQUIRED, SSL_MODE_VERIFY_CA, SSL_MODE_VERIFY_IDENTITY.
+          Only available when linked against MySQL 5.7.10 or higher.
     \row
       \li MYSQL_OPT_TLS_VERSION
       \li A list of protocols the client permits for encrypted connections. The value can be
           a combination of 'TLSv1' ,' TLSv1.1', 'TLSv1.2' or 'TLSv1.3' depending on the used \l
           {https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration}
           {MySQL server} version.
+          Only available when linked against MySQL 5.7.11 or higher. Not available for MariaDB.
     \row
       \li MYSQL_OPT_SSL_KEY / SSL_KEY (deprecated)
       \li The path name of the client private key file
@@ -247,6 +249,11 @@
     \row
       \li MYSQL_OPT_SSL_CRLPATH
       \li The path name of the directory that contains files containing certificate revocation lists
+    \row
+      \li MYSQL_OPT_SSL_VERIFY_SERVER_CERT
+      \li TRUE or 1: Enable verification of the server's Common Name identity (default)\br
+          FALSE or 0: Enable verification of the server's Common Name identity\br
+          Only available when linked against MySQL 5.7.11 or MariaDB, removed with MySQL 8.0.
     \endtable
     For more detailed information about the connect options please refer
     to the \l {https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html}