1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQL/MySQL: add option MYSQL_OPT_SSL_VERIFY_SERVER_CERT

Browse Source 
Add option MYSQL_OPT_SSL_VERIFY_SERVER_CERT to disable ssl for MySQL
5.7.x and MariaDB. This is needed as MariaDB does not support the
SSL_MODE options but defaults to ssl nowadays.
Also enhance the documentation for MYSQL_OPT_TLS_VERSION and
MYSQL_OPT_SSL_MODE by providing the needed MySQL/MariaDB versions for
those options.

Pick-to: 6.10 6.9 6.8
Fixes: QTBUG-136550
Change-Id: If570cf8e92d0df7c9e2c4d0e009857eaf33f4f2d
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
This commit is contained in:
Christian Ehrlicher 2025-05-08 21:41:43 +02:00
parent cc6d78325b
commit a66dbb19e6
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/plugins/sqldrivers/mysql/qsql_mysql.cpp
View File

@ -1305,6 +1305,9 @@ bool QMYSQLDriver::open(const QString &db,
#endif #endif
#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID) #if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && !defined(MARIADB_VERSION_ID)
{"MYSQL_OPT_SSL_MODE"_L1, MYSQL_OPT_SSL_MODE, setOptionSslMode}, {"MYSQL_OPT_SSL_MODE"_L1, MYSQL_OPT_SSL_MODE, setOptionSslMode},
#endif
#if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID < 80000 || defined(MARIADB_VERSION_ID)
{"MYSQL_OPT_SSL_VERIFY_SERVER_CERT"_L1, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, setOptionBool},
#endif #endif
{"MYSQL_OPT_CONNECT_TIMEOUT"_L1, MYSQL_OPT_CONNECT_TIMEOUT, setOptionInt}, {"MYSQL_OPT_CONNECT_TIMEOUT"_L1, MYSQL_OPT_CONNECT_TIMEOUT, setOptionInt},
{"MYSQL_OPT_READ_TIMEOUT"_L1, MYSQL_OPT_READ_TIMEOUT, setOptionInt}, {"MYSQL_OPT_READ_TIMEOUT"_L1, MYSQL_OPT_READ_TIMEOUT, setOptionInt},

7
src/sql/doc/src/sql-driver.qdoc
View File

@ -220,12 +220,14 @@
\li MYSQL_OPT_SSL_MODE \li MYSQL_OPT_SSL_MODE
\li The security state to use for the connection to the server: SSL_MODE_DISABLED, \li The security state to use for the connection to the server: SSL_MODE_DISABLED,
SSL_MODE_PREFERRED, SSL_MODE_REQUIRED, SSL_MODE_VERIFY_CA, SSL_MODE_VERIFY_IDENTITY. SSL_MODE_PREFERRED, SSL_MODE_REQUIRED, SSL_MODE_VERIFY_CA, SSL_MODE_VERIFY_IDENTITY.
Only available when linked against MySQL 5.7.10 or higher.
\row \row
\li MYSQL_OPT_TLS_VERSION \li MYSQL_OPT_TLS_VERSION
\li A list of protocols the client permits for encrypted connections. The value can be \li A list of protocols the client permits for encrypted connections. The value can be
a combination of 'TLSv1' ,' TLSv1.1', 'TLSv1.2' or 'TLSv1.3' depending on the used \l a combination of 'TLSv1' ,' TLSv1.1', 'TLSv1.2' or 'TLSv1.3' depending on the used \l
{https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration} {https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-protocol-configuration}
{MySQL server} version. {MySQL server} version.
Only available when linked against MySQL 5.7.11 or higher. Not available for MariaDB.
\row \row
\li MYSQL_OPT_SSL_KEY / SSL_KEY (deprecated) \li MYSQL_OPT_SSL_KEY / SSL_KEY (deprecated)
\li The path name of the client private key file \li The path name of the client private key file
@ -247,6 +249,11 @@
\row \row
\li MYSQL_OPT_SSL_CRLPATH \li MYSQL_OPT_SSL_CRLPATH
\li The path name of the directory that contains files containing certificate revocation lists \li The path name of the directory that contains files containing certificate revocation lists
\row
\li MYSQL_OPT_SSL_VERIFY_SERVER_CERT
\li TRUE or 1: Enable verification of the server's Common Name identity (default)\br
FALSE or 0: Enable verification of the server's Common Name identity\br
Only available when linked against MySQL 5.7.11 or MariaDB, removed with MySQL 8.0.
\endtable \endtable
For more detailed information about the connect options please refer For more detailed information about the connect options please refer
to the \l {https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html} to the \l {https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html}