Patch add_PDO_SPECIFY_CN for PDO MySQL Bug #72235
Patch version 2016-05-18 01:43 UTC
Return to Bug #72235 |
Download this patch
Patch Revisions:
Developer: ghfjdksl@gmail.com
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 4f66069..f2155eb 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -2311,7 +2311,7 @@ PHP_FUNCTION(mysqli_ssl_set)
}
}
- mysql_ssl_set(mysql->mysql, ssl_parm[0], ssl_parm[1], ssl_parm[2], ssl_parm[3], ssl_parm[4]);
+ mysql_ssl_set(mysql->mysql, ssl_parm[0], ssl_parm[1], ssl_parm[2], ssl_parm[3], ssl_parm[4], NULL);
RETURN_TRUE;
}
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 4c8f27f..a5d328d 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -1616,7 +1616,7 @@ mysqlnd_old_escape_string(char * newstr, const char * escapestr, size_t escapest
/* {{{ mysqlnd_conn_data::ssl_set */
static enum_func_status
MYSQLND_METHOD(mysqlnd_conn_data, ssl_set)(MYSQLND_CONN_DATA * const conn, const char * key, const char * const cert,
- const char * const ca, const char * const capath, const char * const cipher TSRMLS_DC)
+ const char * const ca, const char * const capath, const char * const cn, const char * const cipher TSRMLS_DC)
{
size_t this_func = STRUCT_OFFSET(struct st_mysqlnd_conn_data_methods, ssl_set);
enum_func_status ret = FAIL;
@@ -1628,6 +1628,7 @@ MYSQLND_METHOD(mysqlnd_conn_data, ssl_set)(MYSQLND_CONN_DATA * const conn, const
PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CERT, cert TSRMLS_CC) &&
PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CA, ca TSRMLS_CC) &&
PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CAPATH, capath TSRMLS_CC) &&
+ PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CN, cn TSRMLS_CC) &&
PASS == net->data->m.set_client_option(net, MYSQLND_OPT_SSL_CIPHER, cipher TSRMLS_CC)) ? PASS : FAIL;
conn->m->local_tx_end(conn, this_func, ret TSRMLS_CC);
diff --git a/ext/mysqlnd/mysqlnd.h b/ext/mysqlnd/mysqlnd.h
index 76b08b2..bcb6e5e 100644
--- a/ext/mysqlnd/mysqlnd.h
+++ b/ext/mysqlnd/mysqlnd.h
@@ -164,7 +164,7 @@ PHPAPI enum_func_status _mysqlnd_poll(MYSQLND **r_array, MYSQLND **e_array, MYSQ
PHPAPI const char * mysqlnd_get_client_info();
PHPAPI unsigned int mysqlnd_get_client_version();
-#define mysqlnd_ssl_set(conn, key, cert, ca, capath, cipher) ((conn)->data)->m->ssl_set((conn)->data, (key), (cert), (ca), (capath), (cipher) TSRMLS_CC)
+#define mysqlnd_ssl_set(conn, key, cert, ca, capath, cipher, cn) ((conn)->data)->m->ssl_set((conn)->data, (key), (cert), (ca), (capath), (cn), (cipher) TSRMLS_CC)
/* PS */
#define mysqlnd_stmt_insert_id(stmt) (stmt)->m->get_last_insert_id((stmt) TSRMLS_CC)
diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h
index 44d609b..bdbef4d 100644
--- a/ext/mysqlnd/mysqlnd_enum_n_def.h
+++ b/ext/mysqlnd/mysqlnd_enum_n_def.h
@@ -205,7 +205,8 @@ typedef enum mysqlnd_option
MYSQLND_OPT_SSL_CIPHER = 208,
MYSQLND_OPT_SSL_PASSPHRASE = 209,
MYSQLND_OPT_MAX_ALLOWED_PACKET = 210,
- MYSQLND_OPT_AUTH_PROTOCOL = 211
+ MYSQLND_OPT_AUTH_PROTOCOL = 211,
+ MYSQLND_OPT_SSL_CN = 212
} enum_mysqlnd_option;
typedef enum mysqlnd_protocol_type
diff --git a/ext/mysqlnd/mysqlnd_libmysql_compat.h b/ext/mysqlnd/mysqlnd_libmysql_compat.h
index 5836fe6..3e0eec0 100644
--- a/ext/mysqlnd/mysqlnd_libmysql_compat.h
+++ b/ext/mysqlnd/mysqlnd_libmysql_compat.h
@@ -79,7 +79,7 @@
#define mysql_set_server_option(r,o) mysqlnd_set_server_option((r), (o))
#define mysql_set_character_set(r,a) mysqlnd_set_character_set((r), (a))
#define mysql_sqlstate(r) mysqlnd_sqlstate((r))
-#define mysql_ssl_set(c,key,cert,ca,capath,cipher) mysqlnd_ssl_set((c), (key), (cert), (ca), (capath), (cipher))
+#define mysql_ssl_set(c,key,cert,ca,capath,cipher,cn) mysqlnd_ssl_set((c), (key), (cert), (ca), (capath), (cipher), (cn))
#define mysql_stmt_affected_rows(s) mysqlnd_stmt_affected_rows((s))
#define mysql_stmt_field_count(s) mysqlnd_stmt_field_count((s))
#define mysql_stmt_param_count(s) mysqlnd_stmt_param_count((s))
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 0fa6710..21ef682 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -779,6 +779,15 @@ MYSQLND_METHOD(mysqlnd_net, set_client_option)(MYSQLND_NET * const net, enum mys
net->data->options.ssl_capath = value? mnd_pestrdup(value, pers) : NULL;
break;
}
+ case MYSQLND_OPT_SSL_CN:
+ {
+ zend_bool pers = net->persistent;
+ if (net->data->options.ssl_cn) {
+ mnd_pefree(net->data->options.ssl_cn, pers);
+ }
+ net->data->options.ssl_cn = value? mnd_pestrdup(value, pers) : NULL;
+ break;
+ }
case MYSQLND_OPT_SSL_CIPHER:
{
zend_bool pers = net->persistent;
@@ -939,6 +948,12 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
php_stream_context_set_option(context, "ssl", "capath", &capath_zval);
any_flag = TRUE;
}
+ if (net->data->options.ssl_cn) {
+ zval cn_zval;
+ ZVAL_STRING(& cn_zval, net->data->options.ssl_cn, 0);
+ php_stream_context_set_option(context, "ssl", "peer_name", &cn_zval);
+ any_flag = TRUE;
+ }
if (net->data->options.ssl_passphrase) {
zval passphrase_zval;
ZVAL_STRING(&passphrase_zval, net->data->options.ssl_passphrase, 0);
@@ -1045,6 +1060,10 @@ MYSQLND_METHOD(mysqlnd_net, free_contents)(MYSQLND_NET * net TSRMLS_DC)
mnd_pefree(net->data->options.ssl_capath, pers);
net->data->options.ssl_capath = NULL;
}
+ if (net->data->options.ssl_cn) {
+ mnd_pefree(net->data->options.ssl_cn, pers);
+ net->data->options.ssl_cn = NULL;
+ }
if (net->data->options.ssl_cipher) {
mnd_pefree(net->data->options.ssl_cipher, pers);
net->data->options.ssl_cipher = NULL;
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 0274d84..edae169 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -204,6 +204,7 @@ typedef struct st_mysqlnd_net_options
char *ssl_key;
char *ssl_cert;
char *ssl_ca;
+ char *ssl_cn;
char *ssl_capath;
char *ssl_cipher;
char *ssl_passphrase;
@@ -486,7 +487,7 @@ typedef enum_func_status (*func_mysqlnd_conn_data__restart_psession)(MYSQLND_CON
typedef enum_func_status (*func_mysqlnd_conn_data__end_psession)(MYSQLND_CONN_DATA * conn TSRMLS_DC);
typedef enum_func_status (*func_mysqlnd_conn_data__send_close)(MYSQLND_CONN_DATA * conn TSRMLS_DC);
-typedef enum_func_status (*func_mysqlnd_conn_data__ssl_set)(MYSQLND_CONN_DATA * const conn, const char * key, const char * const cert, const char * const ca, const char * const capath, const char * const cipher TSRMLS_DC);
+typedef enum_func_status (*func_mysqlnd_conn_data__ssl_set)(MYSQLND_CONN_DATA * const conn, const char * key, const char * const cert, const char * const ca, const char * const capath, const char * const cn, const char * const cipher TSRMLS_DC);
typedef MYSQLND_RES * (*func_mysqlnd_conn_data__result_init)(unsigned int field_count, zend_bool persistent TSRMLS_DC);
diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
index e82fdf4..92214fe 100644
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@@ -604,7 +604,7 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
char *default_file = NULL, *default_group = NULL;
#endif
long compress = 0;
- char *ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL, *ssl_cipher = NULL;
+ char *ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL, *ssl_cipher = NULL, *ssl_server_cn = NULL;
H->buffered = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_USE_BUFFERED_QUERY, 1 TSRMLS_CC);
H->emulate_prepare = pdo_attr_lval(driver_options,
@@ -698,9 +698,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
ssl_ca = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CA, NULL TSRMLS_CC);
ssl_capath = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CAPATH, NULL TSRMLS_CC);
ssl_cipher = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CIPHER, NULL TSRMLS_CC);
+ ssl_server_cn = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_SERVER_CN, NULL TSRMLS_CC);
- if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher) {
- mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
+ if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher || ssl_server_cn) {
+ mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher, ssl_server_cn);
if (ssl_key) {
str_efree(ssl_key);
}
@@ -716,6 +717,9 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
if (ssl_cipher) {
str_efree(ssl_cipher);
}
+ if (ssl_server_cn) {
+ str_efree(ssl_server_cn);
+ }
}
#if MYSQL_VERSION_ID > 50605 || defined(PDO_USE_MYSQLND)
diff --git a/ext/pdo_mysql/pdo_mysql.c b/ext/pdo_mysql/pdo_mysql.c
index 6433218..574f10a 100644
--- a/ext/pdo_mysql/pdo_mysql.c
+++ b/ext/pdo_mysql/pdo_mysql.c
@@ -127,6 +127,7 @@ static PHP_MINIT_FUNCTION(pdo_mysql)
REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_SERVER_PUBLIC_KEY", (long)PDO_MYSQL_ATTR_SERVER_PUBLIC_KEY);
#endif
REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_MULTI_STATEMENTS", (long)PDO_MYSQL_ATTR_MULTI_STATEMENTS);
+ REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_SSL_SERVER_CN", (long)PDO_MYSQL_ATTR_SSL_SERVER_CN);
#ifdef PDO_USE_MYSQLND
mysqlnd_reverse_api_register_api(&pdo_mysql_reverse_api TSRMLS_CC);
diff --git a/ext/pdo_mysql/php_pdo_mysql_int.h b/ext/pdo_mysql/php_pdo_mysql_int.h
index 8427f43..99646a9 100644
--- a/ext/pdo_mysql/php_pdo_mysql_int.h
+++ b/ext/pdo_mysql/php_pdo_mysql_int.h
@@ -175,6 +175,7 @@ enum {
PDO_MYSQL_ATTR_SERVER_PUBLIC_KEY,
#endif
PDO_MYSQL_ATTR_MULTI_STATEMENTS,
+ PDO_MYSQL_ATTR_SSL_SERVER_CN,
};
#endif
|
Copyright © 2001-2024 The PHP Group