php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #72235
Patch add_PDO_SPECIFY_CN revision 2016-05-18 01:43 UTC by ghfjdksl at gmail dot com

Patch add_PDO_SPECIFY_CN for PDO MySQL Bug #72235

Patch version 2016-05-18 01:43 UTC

Return to Bug #72235 | Download this patch
Patch Revisions:

Developer: ghfjdksl@gmail.com

diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 4f66069..f2155eb 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -2311,7 +2311,7 @@ PHP_FUNCTION(mysqli_ssl_set)
 		}
 	}
 
-	mysql_ssl_set(mysql->mysql, ssl_parm[0], ssl_parm[1], ssl_parm[2], ssl_parm[3], ssl_parm[4]);
+	mysql_ssl_set(mysql->mysql, ssl_parm[0], ssl_parm[1], ssl_parm[2], ssl_parm[3], ssl_parm[4], NULL);
 
 	RETURN_TRUE;
 }
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 4c8f27f..a5d328d 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -1616,7 +1616,7 @@ mysqlnd_old_escape_string(char * newstr, const char * escapestr, size_t escapest
 /* {{{ mysqlnd_conn_data::ssl_set */
 static enum_func_status
 MYSQLND_METHOD(mysqlnd_conn_data, ssl_set)(MYSQLND_CONN_DATA * const conn, const char * key, const char * const cert,
-									  const char * const ca, const char * const capath, const char * const cipher TSRMLS_DC)
+									  const char * const ca, const char * const capath, const char * const cn, const char * const cipher TSRMLS_DC)
 {
 	size_t this_func = STRUCT_OFFSET(struct st_mysqlnd_conn_data_methods, ssl_set);
 	enum_func_status ret = FAIL;
@@ -1628,6 +1628,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, ssl_set)(MYSQLND_CONN_DATA * const conn, const
 			PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CERT, cert TSRMLS_CC) &&
 			PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CA, ca TSRMLS_CC) &&
 			PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CAPATH, capath TSRMLS_CC) &&
+                        PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CN, cn TSRMLS_CC) &&
 			PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CIPHER, cipher TSRMLS_CC)) ? PASS : FAIL;
 
 		conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);
diff --git a/ext/mysqlnd/mysqlnd.h b/ext/mysqlnd/mysqlnd.h
index 76b08b2..bcb6e5e 100644
--- a/ext/mysqlnd/mysqlnd.h
+++ b/ext/mysqlnd/mysqlnd.h
@@ -164,7 +164,7 @@ PHPAPI enum_func_status _mysqlnd_poll(MYSQLND **r_array, MYSQLND **e_array, MYSQ
 PHPAPI const char *	mysqlnd_get_client_info();
 PHPAPI unsigned int	mysqlnd_get_client_version();
 
-#define mysqlnd_ssl_set(conn, key, cert, ca, capath, cipher) ((conn)->data)->m->ssl_set((conn)->data, (key), (cert), (ca), (capath), (cipher) TSRMLS_CC)
+#define mysqlnd_ssl_set(conn, key, cert, ca, capath, cipher, cn) ((conn)->data)->m->ssl_set((conn)->data, (key), (cert), (ca), (capath), (cn), (cipher) TSRMLS_CC)
 
 /* PS */
 #define mysqlnd_stmt_insert_id(stmt)		(stmt)->m->get_last_insert_id((stmt) TSRMLS_CC)
diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h
index 44d609b..bdbef4d 100644
--- a/ext/mysqlnd/mysqlnd_enum_n_def.h
+++ b/ext/mysqlnd/mysqlnd_enum_n_def.h
@@ -205,7 +205,8 @@ typedef enum mysqlnd_option
 	MYSQLND_OPT_SSL_CIPHER = 208,
 	MYSQLND_OPT_SSL_PASSPHRASE = 209,
 	MYSQLND_OPT_MAX_ALLOWED_PACKET = 210,
-	MYSQLND_OPT_AUTH_PROTOCOL = 211
+	MYSQLND_OPT_AUTH_PROTOCOL = 211,
+        MYSQLND_OPT_SSL_CN = 212
 } enum_mysqlnd_option;
 
 typedef enum mysqlnd_protocol_type
diff --git a/ext/mysqlnd/mysqlnd_libmysql_compat.h b/ext/mysqlnd/mysqlnd_libmysql_compat.h
index 5836fe6..3e0eec0 100644
--- a/ext/mysqlnd/mysqlnd_libmysql_compat.h
+++ b/ext/mysqlnd/mysqlnd_libmysql_compat.h
@@ -79,7 +79,7 @@
 #define mysql_set_server_option(r,o)	mysqlnd_set_server_option((r), (o))
 #define mysql_set_character_set(r,a)	mysqlnd_set_character_set((r), (a))
 #define mysql_sqlstate(r)				mysqlnd_sqlstate((r))
-#define mysql_ssl_set(c,key,cert,ca,capath,cipher)	mysqlnd_ssl_set((c), (key), (cert), (ca), (capath), (cipher))
+#define mysql_ssl_set(c,key,cert,ca,capath,cipher,cn)   mysqlnd_ssl_set((c), (key), (cert), (ca), (capath), (cipher), (cn))
 #define mysql_stmt_affected_rows(s)		mysqlnd_stmt_affected_rows((s))
 #define mysql_stmt_field_count(s)		mysqlnd_stmt_field_count((s))
 #define mysql_stmt_param_count(s)		mysqlnd_stmt_param_count((s))
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 0fa6710..21ef682 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -779,6 +779,15 @@ MYSQLND_METHOD(mysqlnd_net, set_client_option)(MYSQLND_NET * const net, enum mys
 				net->data->options.ssl_capath = value? mnd_pestrdup(value, pers) : NULL;
 				break;
 			}
+                case MYSQLND_OPT_SSL_CN:
+                        {
+                                zend_bool pers = net->persistent;
+                                if (net->data->options.ssl_cn) {
+                                        mnd_pefree(net->data->options.ssl_cn, pers);
+                                }
+                                net->data->options.ssl_cn = value? mnd_pestrdup(value, pers) : NULL;
+                                break;
+                        }
 		case MYSQLND_OPT_SSL_CIPHER:
 			{
 				zend_bool pers = net->persistent;
@@ -939,6 +948,12 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
 		php_stream_context_set_option(context, "ssl", "capath", &capath_zval);
 		any_flag = TRUE;
 	}
+        if (net->data->options.ssl_cn) {
+                zval cn_zval;
+                ZVAL_STRING(& cn_zval, net->data->options.ssl_cn, 0);
+                php_stream_context_set_option(context, "ssl", "peer_name", &cn_zval);
+                any_flag = TRUE;
+        }
 	if (net->data->options.ssl_passphrase) {
 		zval passphrase_zval;
 		ZVAL_STRING(&passphrase_zval, net->data->options.ssl_passphrase, 0);
@@ -1045,6 +1060,10 @@ MYSQLND_METHOD(mysqlnd_net, free_contents)(MYSQLND_NET * net TSRMLS_DC)
 		mnd_pefree(net->data->options.ssl_capath, pers);
 		net->data->options.ssl_capath = NULL;
 	}
+        if (net->data->options.ssl_cn) {
+                mnd_pefree(net->data->options.ssl_cn, pers);
+                net->data->options.ssl_cn = NULL;
+        }
 	if (net->data->options.ssl_cipher) {
 		mnd_pefree(net->data->options.ssl_cipher, pers);
 		net->data->options.ssl_cipher = NULL;
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 0274d84..edae169 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -204,6 +204,7 @@ typedef struct st_mysqlnd_net_options
 	char		*ssl_key;
 	char		*ssl_cert;
 	char		*ssl_ca;
+        char            *ssl_cn;
 	char		*ssl_capath;
 	char		*ssl_cipher;
 	char		*ssl_passphrase;
@@ -486,7 +487,7 @@ typedef enum_func_status	(*func_mysqlnd_conn_data__restart_psession)(MYSQLND_CON
 typedef enum_func_status	(*func_mysqlnd_conn_data__end_psession)(MYSQLND_CONN_DATA * conn TSRMLS_DC);
 typedef enum_func_status	(*func_mysqlnd_conn_data__send_close)(MYSQLND_CONN_DATA * conn TSRMLS_DC);
 
-typedef enum_func_status    (*func_mysqlnd_conn_data__ssl_set)(MYSQLND_CONN_DATA * const conn, const char * key, const char * const cert, const char * const ca, const char * const capath, const char * const cipher TSRMLS_DC);
+typedef enum_func_status    (*func_mysqlnd_conn_data__ssl_set)(MYSQLND_CONN_DATA * const conn, const char * key, const char * const cert, const char * const ca, const char * const capath, const char * const cn, const char * const cipher TSRMLS_DC);
 
 typedef MYSQLND_RES * 		(*func_mysqlnd_conn_data__result_init)(unsigned int field_count, zend_bool persistent TSRMLS_DC);
 
diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
index e82fdf4..92214fe 100644
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@@ -604,7 +604,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 		char *default_file = NULL, *default_group = NULL;
 #endif
 		long compress = 0;
-		char *ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL, *ssl_cipher = NULL;
+                char *ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL, *ssl_cipher = NULL, *ssl_server_cn = NULL;
 		H->buffered = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_USE_BUFFERED_QUERY, 1 TSRMLS_CC);
 
 		H->emulate_prepare = pdo_attr_lval(driver_options,
@@ -698,9 +698,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 		ssl_ca = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CA, NULL TSRMLS_CC);
 		ssl_capath = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CAPATH, NULL TSRMLS_CC);
 		ssl_cipher = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CIPHER, NULL TSRMLS_CC);
+                ssl_server_cn = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_SERVER_CN, NULL TSRMLS_CC);
 		
-		if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher) {
-			mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
+                if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher || ssl_server_cn) {
+                        mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher, ssl_server_cn);
 			if (ssl_key) {
 				str_efree(ssl_key);
 			}
@@ -716,6 +717,9 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 			if (ssl_cipher) {
 				str_efree(ssl_cipher);
 			}
+                        if (ssl_server_cn) {
+                                str_efree(ssl_server_cn);
+                        }
 		}
 
 #if MYSQL_VERSION_ID > 50605 || defined(PDO_USE_MYSQLND)
diff --git a/ext/pdo_mysql/pdo_mysql.c b/ext/pdo_mysql/pdo_mysql.c
index 6433218..574f10a 100644
--- a/ext/pdo_mysql/pdo_mysql.c
+++ b/ext/pdo_mysql/pdo_mysql.c
@@ -127,6 +127,7 @@ static PHP_MINIT_FUNCTION(pdo_mysql)
 	REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_SERVER_PUBLIC_KEY", (long)PDO_MYSQL_ATTR_SERVER_PUBLIC_KEY);
 #endif
 	REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_MULTI_STATEMENTS", (long)PDO_MYSQL_ATTR_MULTI_STATEMENTS);
+        REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_SSL_SERVER_CN", (long)PDO_MYSQL_ATTR_SSL_SERVER_CN);
 
 #ifdef PDO_USE_MYSQLND
 	mysqlnd_reverse_api_register_api(&pdo_mysql_reverse_api TSRMLS_CC);
diff --git a/ext/pdo_mysql/php_pdo_mysql_int.h b/ext/pdo_mysql/php_pdo_mysql_int.h
index 8427f43..99646a9 100644
--- a/ext/pdo_mysql/php_pdo_mysql_int.h
+++ b/ext/pdo_mysql/php_pdo_mysql_int.h
@@ -175,6 +175,7 @@ enum {
 	PDO_MYSQL_ATTR_SERVER_PUBLIC_KEY,
 #endif
 	PDO_MYSQL_ATTR_MULTI_STATEMENTS,
+        PDO_MYSQL_ATTR_SSL_SERVER_CN,
 };
 
 #endif
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu May 06 17:01:26 2021 UTC