Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Cannot Reproduce
-
11.4
-
None
Description
In 585c096aa53c ("cleanup: unify client's setting of ssl options"), serg introduced a bug that causes the USE_SSL_FORBIDDEN case to be treated identically to the USE_SSL_REQUIRED case.
These means that any and all tests which use connect(..., NOSSL) to try to establish a non-SSL connection are actually establish an SSL-required connection.
Completely breaks and/or inverts the logic of all these tests.
See https://github.com/mariadb/server/commit/585c096aa53c#r140576270 for the details.
The short summary is that there's a critical missing case in the SET_SSL_OPTS macro:
#define SET_SSL_OPTS(M) \
|
do { \ |
if (opt_use_ssl) \ |
/* if (opt_use_ssl == -1) {} else */ /* SSL forbidden THIS IS THE MISSING CASE */ \ |
if (opt_use_ssl) /* SSL required */ \ |
{ \
|
mysql_ssl_set((M), opt_ssl_key, opt_ssl_cert, opt_ssl_ca, \
|
opt_ssl_capath, opt_ssl_cipher); \
|
mysql_options((M), MYSQL_OPT_SSL_CRL, opt_ssl_crl); \
|
mysql_options((M), MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); \
|
mysql_options((M), MARIADB_OPT_TLS_VERSION, opt_tls_version); \
|
mysql_options((M), MARIADB_OPT_TLS_PEER_FP, opt_ssl_fp); \
|
mysql_options((M), MARIADB_OPT_TLS_PEER_FP_LIST, opt_ssl_fplist); \
|
} \
|
else /* SSL if available */ \ |
opt_ssl_verify_server_cert= 0; \
|
mysql_options((M),MYSQL_OPT_SSL_VERIFY_SERVER_CERT, \
|
&opt_ssl_verify_server_cert); \
|
} while(0) |