[ODBC-240] SSLFP and SSLFPLIST parameters appear unused Created: 2019-04-04  Updated: 2019-09-12  Resolved: 2019-09-12

Status: Closed
Project: MariaDB Connector/ODBC
Component/s: General
Affects Version/s: 3.1.0, 3.0.8
Fix Version/s: 3.1.4

Type: Bug Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Lawrin Novitsky
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to ODBC-228 Add parameter that corresponds to MAR... Closed
relates to ODBC-238 Add parameter that corresponds to MYS... Closed
relates to ODBC-239 Switch from deprecated mysql_options ... Closed
relates to ODBC-241 Add parameter that corresponds to MYS... Closed
relates to ODBC-242 Add parameter that corresponds to MAR... Open

 Description   

MariaDB Connector/ODBC allows users to set SSLFP and SSLFPLIST, but as far as I can tell, it doesn't do anything with the values.

Shouldn't it call mysql_optionsv in the MADB_DbcConnectDB function and use the value(s) to set MARIADB_OPT_TLS_PEER_FP and/or MARIADB_OPT_TLS_PEER_FP_LIST? I don't see it doing that here:

https://github.com/MariaDB/mariadb-connector-odbc/blob/3.1.0/ma_connection.c#L579

It looks like MARIADB_OPT_TLS_PEER_FP and MARIADB_OPT_TLS_PEER_FP_LIST are preferred over MARIADB_OPT_SSL_FP and MARIADB_OPT_SSL_FP_LIST, because the latter are deprecated. See here:

https://github.com/MariaDB/mariadb-connector-c/blob/v3.0.9/include/mysql.h#L214

https://mariadb.com/kb/en/library/mysql_optionsv/

 Comments   
Comment by Lawrin Novitsky [ 2019-09-12 ]

Added use of Tls Peer Fingerprint and FP list file.

Changed connection string option names to be TLSPEERFP and TLSPEERFPLIST, respectively. While leaved old names(SSLFP and SSLFPLIST) as aliases.
Added input fields to the setup dialog on Windows.

Generated at Thu Feb 08 03:27:15 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.