From b28e7235b4586226cb735b87501fd76da6e0b805 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 19 Mar 2019 16:44:07 +0900 Subject: [PATCH 01/10] Add ssl_mode can be passed. --- MySQLdb/_mysql.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/MySQLdb/_mysql.c b/MySQLdb/_mysql.c index 380e2ef6..6d5b406e 100644 --- a/MySQLdb/_mysql.c +++ b/MySQLdb/_mysql.c @@ -385,6 +385,7 @@ _mysql_ConnectionObject_Initialize( *capath = NULL, *cipher = NULL; PyObject *ssl_keepref[5] = {NULL}; int n_ssl_keepref = 0; + int ssl_mode = 0; char *host = NULL, *user = NULL, *passwd = NULL, *db = NULL, *unix_socket = NULL; unsigned int port = 0; @@ -394,7 +395,7 @@ _mysql_ConnectionObject_Initialize( "connect_timeout", "compress", "named_pipe", "init_command", "read_default_file", "read_default_group", - "client_flag", "ssl", + "client_flag", "ssl", "ssl_mode", "local_infile", "read_timeout", "write_timeout", NULL } ; @@ -410,7 +411,7 @@ _mysql_ConnectionObject_Initialize( self->open = 0; if (!PyArg_ParseTupleAndKeywords(args, kwargs, - "|ssssisOiiisssiOiii:connect", + "|ssssisOiiisssiOiiii:connect", kwlist, &host, &user, &passwd, &db, &port, &unix_socket, &conv, @@ -418,7 +419,7 @@ _mysql_ConnectionObject_Initialize( &compress, &named_pipe, &init_command, &read_default_file, &read_default_group, - &client_flag, &ssl, + &client_flag, &ssl, &ssl_mode, &local_infile, &read_timeout, &write_timeout @@ -478,6 +479,9 @@ _mysql_ConnectionObject_Initialize( if (local_infile != -1) mysql_options(&(self->connection), MYSQL_OPT_LOCAL_INFILE, (char *) &local_infile); + if (ssl_mode) { + mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode); + } if (ssl) { mysql_ssl_set(&(self->connection), key, cert, ca, capath, cipher); } From fd02b7da9c5baceeebdf8d73ee9fa9fae9243246 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 19 Mar 2019 17:58:45 +0900 Subject: [PATCH 02/10] Add a constant to specify SSL_MODE. --- MySQLdb/__init__.py | 2 +- MySQLdb/constants/SSL_MODE.py | 11 +++++++++++ MySQLdb/constants/__init__.py | 2 +- doc/MySQLdb.constants.rst | 7 +++++++ doc/user_guide.rst | 11 +++++++++++ metadata.cfg | 1 + 6 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 MySQLdb/constants/SSL_MODE.py diff --git a/MySQLdb/__init__.py b/MySQLdb/__init__.py index 92b5d264..ae71815f 100644 --- a/MySQLdb/__init__.py +++ b/MySQLdb/__init__.py @@ -27,7 +27,7 @@ from ._mysql import * from MySQLdb.compat import PY2 -from MySQLdb.constants import FIELD_TYPE +from MySQLdb.constants import FIELD_TYPE, SSL_MODE from MySQLdb.times import Date, Time, Timestamp, \ DateFromTicks, TimeFromTicks, TimestampFromTicks diff --git a/MySQLdb/constants/SSL_MODE.py b/MySQLdb/constants/SSL_MODE.py new file mode 100644 index 00000000..4b935655 --- /dev/null +++ b/MySQLdb/constants/SSL_MODE.py @@ -0,0 +1,11 @@ +"""MySQL SSL_MODE Constants + +These constants are used to specify SSL_MODE. + +""" + +DISABLED = 1 +PREFERRED = 2 +REQUIRED = 3 +VERIFY_CA = 4 +VERIFY_IDENTITY = 5 diff --git a/MySQLdb/constants/__init__.py b/MySQLdb/constants/__init__.py index 3e774cd9..8c2c1725 100644 --- a/MySQLdb/constants/__init__.py +++ b/MySQLdb/constants/__init__.py @@ -1 +1 @@ -__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG'] +__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG','SSL_MODE'] diff --git a/doc/MySQLdb.constants.rst b/doc/MySQLdb.constants.rst index 5c9a5389..2ff7fee1 100644 --- a/doc/MySQLdb.constants.rst +++ b/doc/MySQLdb.constants.rst @@ -49,3 +49,10 @@ constants Package :undoc-members: :show-inheritance: +:mod:`SSL_MODE` Module +------------------ + +.. automodule:: MySQLdb.constants.SSL_MODE + :members: + :undoc-members: + :show-inheritance: diff --git a/doc/user_guide.rst b/doc/user_guide.rst index 405b444e..1939d6ba 100644 --- a/doc/user_guide.rst +++ b/doc/user_guide.rst @@ -357,6 +357,17 @@ connect(parameters...) *This must be a keyword parameter.* + ssl_mode + If present, specify the security settings for the + connection to the server. For more information on ssl_mode, + see the MySQL documentation. The constants can be referenced + as follows: ``MySQLdb.constants.PREFERRED`` + + If not present, the session ssl_mode will be unchanged, + but it becomes PREFERRED in Version 5.7 or later. + + *This must be a keyword parameter.* + ssl This parameter takes a dictionary or mapping, where the keys are parameter names used by the mysql_ssl_set_ MySQL diff --git a/metadata.cfg b/metadata.cfg index c8112de2..1fd6c017 100644 --- a/metadata.cfg +++ b/metadata.cfg @@ -40,3 +40,4 @@ py_modules: MySQLdb.constants.ER MySQLdb.constants.FIELD_TYPE MySQLdb.constants.FLAG + MySQLdb.constants.SSL_MODE From 35b74cecf8527ec07bd3b5e56e75067de1fb9875 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 19 Mar 2019 20:24:24 +0900 Subject: [PATCH 03/10] fix typo --- doc/user_guide.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user_guide.rst b/doc/user_guide.rst index 1939d6ba..93376af5 100644 --- a/doc/user_guide.rst +++ b/doc/user_guide.rst @@ -361,7 +361,7 @@ connect(parameters...) If present, specify the security settings for the connection to the server. For more information on ssl_mode, see the MySQL documentation. The constants can be referenced - as follows: ``MySQLdb.constants.PREFERRED`` + as follows: ``MySQLdb.constants.SSL_MODE.PREFERRED`` If not present, the session ssl_mode will be unchanged, but it becomes PREFERRED in Version 5.7 or later. From 53e19a7a4e20b6e88de8bb4678d114272c483a5b Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Fri, 29 Nov 2019 18:42:25 +0900 Subject: [PATCH 04/10] Fix to enable the ssl_mode setting only for MySQL versions where enum MYSQL_OPT_SSL_MODE is defined --- MySQLdb/_mysql.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/MySQLdb/_mysql.c b/MySQLdb/_mysql.c index 6d5b406e..c3d1482b 100644 --- a/MySQLdb/_mysql.c +++ b/MySQLdb/_mysql.c @@ -479,9 +479,15 @@ _mysql_ConnectionObject_Initialize( if (local_infile != -1) mysql_options(&(self->connection), MYSQL_OPT_LOCAL_INFILE, (char *) &local_infile); +#if ((MYSQL_VERSION_ID >= 50555 && MYSQL_VERSION_ID <= 50599) || \ +(MYSQL_VERSION_ID >= 50636 && MYSQL_VERSION_ID <= 50699) || \ +(MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \ +(MYSQL_VERSION_ID >= 80000)) && \ +!defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) if (ssl_mode) { mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode); } +#endif if (ssl) { mysql_ssl_set(&(self->connection), key, cert, ca, capath, cipher); } From 08680b1f55a16cfc3af52767310b4102927e3ec2 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Mon, 2 Dec 2019 14:09:23 +0900 Subject: [PATCH 05/10] Modify ssl_mode setting from constant to string --- MySQLdb/__init__.py | 2 +- MySQLdb/connections.py | 15 ++++++++++++++- doc/user_guide.rst | 7 ++++--- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/MySQLdb/__init__.py b/MySQLdb/__init__.py index 8345c041..fbb5e41a 100644 --- a/MySQLdb/__init__.py +++ b/MySQLdb/__init__.py @@ -26,7 +26,7 @@ paramstyle = "format" from ._mysql import * -from MySQLdb.constants import FIELD_TYPE, SSL_MODE +from MySQLdb.constants import FIELD_TYPE from MySQLdb.times import Date, Time, Timestamp, \ DateFromTicks, TimeFromTicks, TimestampFromTicks diff --git a/MySQLdb/connections.py b/MySQLdb/connections.py index 27a04770..716adf45 100644 --- a/MySQLdb/connections.py +++ b/MySQLdb/connections.py @@ -102,6 +102,13 @@ class object, used to create cursors (keyword only) :param int client_flag: flags to use or 0 (see MySQL docs or constants/CLIENTS.py) + :param str ssl_mode + specify the security settings for connection to the server; + see the MySQL documentation for more details + (mysql_option(), MYSQL_OPT_SSL_MODE). + Only one of 'DISABLED', 'PREFERRED', 'REQUIRED', + 'VERIFY_CA', 'VERIFY_IDENTITY' can be specified. + :param dict ssl: dictionary or mapping contains SSL connection parameters; see the MySQL documentation for more details @@ -123,7 +130,7 @@ class object, used to create cursors (keyword only) There are a number of undocumented, non-standard methods. See the documentation for the MySQL C API for some hints on what they do. """ - from MySQLdb.constants import CLIENT, FIELD_TYPE + from MySQLdb.constants import CLIENT, FIELD_TYPE, SSL_MODE from MySQLdb.converters import conversions, _bytes_or_str from weakref import proxy @@ -162,6 +169,12 @@ class object, used to create cursors (keyword only) kwargs2['client_flag'] = client_flag + if 'ssl_mode' in kwargs: + if hasattr(SSL_MODE, kwargs['ssl_mode']): + kwargs2['ssl_mode'] = getattr(SSL_MODE, kwargs['ssl_mode']) + else: + raise NotSupportedError('Unknown MySQL ssl_mode specification: %s' % kwargs['ssl_mode']) + # PEP-249 requires autocommit to be initially off autocommit = kwargs2.pop('autocommit', False) diff --git a/doc/user_guide.rst b/doc/user_guide.rst index f6e181cf..e52d0f79 100644 --- a/doc/user_guide.rst +++ b/doc/user_guide.rst @@ -360,11 +360,12 @@ connect(parameters...) ssl_mode If present, specify the security settings for the connection to the server. For more information on ssl_mode, - see the MySQL documentation. The constants can be referenced - as follows: ``MySQLdb.constants.SSL_MODE.PREFERRED`` + see the MySQL documentation. Only one of 'DISABLED', + 'PREFERRED', 'REQUIRED', 'VERIFY_CA', 'VERIFY_IDENTITY' + can be specified. If not present, the session ssl_mode will be unchanged, - but it becomes PREFERRED in Version 5.7 or later. + but in version 5.7 and later, the default is PREFERRED. *This must be a keyword parameter.* From e57c474733def69bd676851e6315a4724eceff07 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Mon, 2 Dec 2019 19:46:08 +0900 Subject: [PATCH 06/10] Raises an error if the ssl_mode setting is not supported --- MySQLdb/_mysql.c | 21 +++++++++++++++++++++ MySQLdb/connections.py | 2 ++ 2 files changed, 23 insertions(+) diff --git a/MySQLdb/_mysql.c b/MySQLdb/_mysql.c index 9c6843d5..497bfeb9 100644 --- a/MySQLdb/_mysql.c +++ b/MySQLdb/_mysql.c @@ -486,6 +486,7 @@ _mysql_ConnectionObject_Initialize( (MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \ (MYSQL_VERSION_ID >= 80000)) && \ !defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) + #define HAVE_ENUM_MYSQL_OPT_SSL_MODE if (ssl_mode) { mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode); } @@ -1526,6 +1527,20 @@ _mysql_get_client_info( return PyUnicode_FromString(mysql_get_client_info()); } +static char _mysql_get_have_enum_mysql_opt_ssl_mode__doc__[] = +"Returns whether enum MYSQL_OPT_SSL_MODE is defined."; +static PyObject * +_mysql_get_have_enum_mysql_opt_ssl_mode( + PyObject *self, + PyObject *noargs) +{ +#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE + Py_RETURN_TRUE; +#else + Py_RETURN_FALSE; +#endif +} + static char _mysql_ConnectionObject_get_host_info__doc__[] = "Returns a string that represents the MySQL client library\n\ version. Non-standard.\n\ @@ -2577,6 +2592,12 @@ _mysql_methods[] = { METH_NOARGS, _mysql_get_client_info__doc__ }, + { + "get_have_enum_mysql_opt_ssl_mode", + (PyCFunction)_mysql_get_have_enum_mysql_opt_ssl_mode, + METH_NOARGS, + _mysql_get_have_enum_mysql_opt_ssl_mode__doc__ + }, {NULL, NULL} /* sentinel */ }; diff --git a/MySQLdb/connections.py b/MySQLdb/connections.py index 716adf45..75a047ff 100644 --- a/MySQLdb/connections.py +++ b/MySQLdb/connections.py @@ -170,6 +170,8 @@ class object, used to create cursors (keyword only) kwargs2['client_flag'] = client_flag if 'ssl_mode' in kwargs: + if not _mysql.get_have_enum_mysql_opt_ssl_mode(): + raise NotSupportedError('Does not support ssl_mode specification: %s' % _mysql.get_client_info()) if hasattr(SSL_MODE, kwargs['ssl_mode']): kwargs2['ssl_mode'] = getattr(SSL_MODE, kwargs['ssl_mode']) else: From 8335d7081bb7943a824bddcefc4084ad272dac82 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 3 Dec 2019 12:25:51 +0900 Subject: [PATCH 07/10] Revert "Raises an error if the ssl_mode setting is not supported" This reverts commit e57c474733def69bd676851e6315a4724eceff07. --- MySQLdb/_mysql.c | 21 --------------------- MySQLdb/connections.py | 2 -- 2 files changed, 23 deletions(-) diff --git a/MySQLdb/_mysql.c b/MySQLdb/_mysql.c index 497bfeb9..9c6843d5 100644 --- a/MySQLdb/_mysql.c +++ b/MySQLdb/_mysql.c @@ -486,7 +486,6 @@ _mysql_ConnectionObject_Initialize( (MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \ (MYSQL_VERSION_ID >= 80000)) && \ !defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) - #define HAVE_ENUM_MYSQL_OPT_SSL_MODE if (ssl_mode) { mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode); } @@ -1527,20 +1526,6 @@ _mysql_get_client_info( return PyUnicode_FromString(mysql_get_client_info()); } -static char _mysql_get_have_enum_mysql_opt_ssl_mode__doc__[] = -"Returns whether enum MYSQL_OPT_SSL_MODE is defined."; -static PyObject * -_mysql_get_have_enum_mysql_opt_ssl_mode( - PyObject *self, - PyObject *noargs) -{ -#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE - Py_RETURN_TRUE; -#else - Py_RETURN_FALSE; -#endif -} - static char _mysql_ConnectionObject_get_host_info__doc__[] = "Returns a string that represents the MySQL client library\n\ version. Non-standard.\n\ @@ -2592,12 +2577,6 @@ _mysql_methods[] = { METH_NOARGS, _mysql_get_client_info__doc__ }, - { - "get_have_enum_mysql_opt_ssl_mode", - (PyCFunction)_mysql_get_have_enum_mysql_opt_ssl_mode, - METH_NOARGS, - _mysql_get_have_enum_mysql_opt_ssl_mode__doc__ - }, {NULL, NULL} /* sentinel */ }; diff --git a/MySQLdb/connections.py b/MySQLdb/connections.py index 75a047ff..716adf45 100644 --- a/MySQLdb/connections.py +++ b/MySQLdb/connections.py @@ -170,8 +170,6 @@ class object, used to create cursors (keyword only) kwargs2['client_flag'] = client_flag if 'ssl_mode' in kwargs: - if not _mysql.get_have_enum_mysql_opt_ssl_mode(): - raise NotSupportedError('Does not support ssl_mode specification: %s' % _mysql.get_client_info()) if hasattr(SSL_MODE, kwargs['ssl_mode']): kwargs2['ssl_mode'] = getattr(SSL_MODE, kwargs['ssl_mode']) else: From 09dc7e9262cc2850cae2a93cc66c3de05ca51ef7 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 3 Dec 2019 12:29:18 +0900 Subject: [PATCH 08/10] fix typo --- MySQLdb/connections.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MySQLdb/connections.py b/MySQLdb/connections.py index 716adf45..e0519ae0 100644 --- a/MySQLdb/connections.py +++ b/MySQLdb/connections.py @@ -102,7 +102,7 @@ class object, used to create cursors (keyword only) :param int client_flag: flags to use or 0 (see MySQL docs or constants/CLIENTS.py) - :param str ssl_mode + :param str ssl_mode: specify the security settings for connection to the server; see the MySQL documentation for more details (mysql_option(), MYSQL_OPT_SSL_MODE). From 67deee28095a2483457b9e3b52a2ec4697ac5873 Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 3 Dec 2019 15:00:40 +0900 Subject: [PATCH 09/10] Remove MySQLdb.constants.SSL_MODE --- MySQLdb/connections.py | 8 +------- MySQLdb/constants/SSL_MODE.py | 11 ----------- MySQLdb/constants/__init__.py | 2 +- doc/MySQLdb.constants.rst | 8 -------- metadata.cfg | 1 - 5 files changed, 2 insertions(+), 28 deletions(-) delete mode 100644 MySQLdb/constants/SSL_MODE.py diff --git a/MySQLdb/connections.py b/MySQLdb/connections.py index e0519ae0..5ddb892d 100644 --- a/MySQLdb/connections.py +++ b/MySQLdb/connections.py @@ -130,7 +130,7 @@ class object, used to create cursors (keyword only) There are a number of undocumented, non-standard methods. See the documentation for the MySQL C API for some hints on what they do. """ - from MySQLdb.constants import CLIENT, FIELD_TYPE, SSL_MODE + from MySQLdb.constants import CLIENT, FIELD_TYPE from MySQLdb.converters import conversions, _bytes_or_str from weakref import proxy @@ -169,12 +169,6 @@ class object, used to create cursors (keyword only) kwargs2['client_flag'] = client_flag - if 'ssl_mode' in kwargs: - if hasattr(SSL_MODE, kwargs['ssl_mode']): - kwargs2['ssl_mode'] = getattr(SSL_MODE, kwargs['ssl_mode']) - else: - raise NotSupportedError('Unknown MySQL ssl_mode specification: %s' % kwargs['ssl_mode']) - # PEP-249 requires autocommit to be initially off autocommit = kwargs2.pop('autocommit', False) diff --git a/MySQLdb/constants/SSL_MODE.py b/MySQLdb/constants/SSL_MODE.py deleted file mode 100644 index 4b935655..00000000 --- a/MySQLdb/constants/SSL_MODE.py +++ /dev/null @@ -1,11 +0,0 @@ -"""MySQL SSL_MODE Constants - -These constants are used to specify SSL_MODE. - -""" - -DISABLED = 1 -PREFERRED = 2 -REQUIRED = 3 -VERIFY_CA = 4 -VERIFY_IDENTITY = 5 diff --git a/MySQLdb/constants/__init__.py b/MySQLdb/constants/__init__.py index 8c2c1725..3e774cd9 100644 --- a/MySQLdb/constants/__init__.py +++ b/MySQLdb/constants/__init__.py @@ -1 +1 @@ -__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG','SSL_MODE'] +__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG'] diff --git a/doc/MySQLdb.constants.rst b/doc/MySQLdb.constants.rst index 2ff7fee1..a803e3e5 100644 --- a/doc/MySQLdb.constants.rst +++ b/doc/MySQLdb.constants.rst @@ -48,11 +48,3 @@ constants Package :members: :undoc-members: :show-inheritance: - -:mod:`SSL_MODE` Module ------------------- - -.. automodule:: MySQLdb.constants.SSL_MODE - :members: - :undoc-members: - :show-inheritance: diff --git a/metadata.cfg b/metadata.cfg index 35d2c999..bae8bd44 100644 --- a/metadata.cfg +++ b/metadata.cfg @@ -38,4 +38,3 @@ py_modules: MySQLdb.constants.ER MySQLdb.constants.FIELD_TYPE MySQLdb.constants.FLAG - MySQLdb.constants.SSL_MODE From bd87447c263cfabb98c05be807ccc560d6bf19ff Mon Sep 17 00:00:00 2001 From: Jun Yamasaki Date: Tue, 3 Dec 2019 19:14:30 +0900 Subject: [PATCH 10/10] Check ssl_mode setting on C lang side --- MySQLdb/_mysql.c | 55 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 11 deletions(-) diff --git a/MySQLdb/_mysql.c b/MySQLdb/_mysql.c index 9c6843d5..13280ace 100644 --- a/MySQLdb/_mysql.c +++ b/MySQLdb/_mysql.c @@ -34,6 +34,14 @@ PERFORMANCE OF THIS SOFTWARE. #define my_bool _Bool #endif +#if ((MYSQL_VERSION_ID >= 50555 && MYSQL_VERSION_ID <= 50599) || \ +(MYSQL_VERSION_ID >= 50636 && MYSQL_VERSION_ID <= 50699) || \ +(MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \ +(MYSQL_VERSION_ID >= 80000)) && \ +!defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) +#define HAVE_ENUM_MYSQL_OPT_SSL_MODE +#endif + #define PY_SSIZE_T_CLEAN 1 #include "Python.h" @@ -371,6 +379,23 @@ static int _mysql_ResultObject_clear(_mysql_ResultObject *self) return 0; } +#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE +static int +_get_ssl_mode_num(char *ssl_mode) +{ + static char *ssl_mode_list[] = { "DISABLED", "PREFERRED", + "REQUIRED", "VERIFY_CA", "VERIFY_IDENTITY" }; + unsigned int i; + for (i=0; i < sizeof(ssl_mode_list)/sizeof(ssl_mode_list[0]); i++) { + if (strcmp(ssl_mode, ssl_mode_list[i]) == 0) { + // SSL_MODE one-based + return i + 1; + } + } + return -1; +} +#endif + static int _mysql_ConnectionObject_Initialize( _mysql_ConnectionObject *self, @@ -380,11 +405,11 @@ _mysql_ConnectionObject_Initialize( MYSQL *conn = NULL; PyObject *conv = NULL; PyObject *ssl = NULL; + char *ssl_mode = NULL; const char *key = NULL, *cert = NULL, *ca = NULL, *capath = NULL, *cipher = NULL; PyObject *ssl_keepref[5] = {NULL}; int n_ssl_keepref = 0; - int ssl_mode = 0; char *host = NULL, *user = NULL, *passwd = NULL, *db = NULL, *unix_socket = NULL; unsigned int port = 0; @@ -413,7 +438,7 @@ _mysql_ConnectionObject_Initialize( self->open = 0; if (!PyArg_ParseTupleAndKeywords(args, kwargs, - "|ssssisOiiisssiOiiiiss:connect", + "|ssssisOiiisssiOsiiiss:connect", kwlist, &host, &user, &passwd, &db, &port, &unix_socket, &conv, @@ -442,6 +467,17 @@ _mysql_ConnectionObject_Initialize( _stringsuck(key, value, ssl); _stringsuck(cipher, value, ssl); } + if (ssl_mode) { +#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE + if (_get_ssl_mode_num(ssl_mode) <= 0) { + PyErr_SetString(_mysql_NotSupportedError, "Unknown ssl_mode specification"); + return -1; + } +#else + PyErr_SetString(_mysql_NotSupportedError, "MySQL client library does not support ssl_mode specification"); + return -1; +#endif + } conn = mysql_init(&(self->connection)); if (!conn) { @@ -481,18 +517,15 @@ _mysql_ConnectionObject_Initialize( if (local_infile != -1) mysql_options(&(self->connection), MYSQL_OPT_LOCAL_INFILE, (char *) &local_infile); -#if ((MYSQL_VERSION_ID >= 50555 && MYSQL_VERSION_ID <= 50599) || \ -(MYSQL_VERSION_ID >= 50636 && MYSQL_VERSION_ID <= 50699) || \ -(MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \ -(MYSQL_VERSION_ID >= 80000)) && \ -!defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) - if (ssl_mode) { - mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode); - } -#endif if (ssl) { mysql_ssl_set(&(self->connection), key, cert, ca, capath, cipher); } +#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE + if (ssl_mode) { + int ssl_mode_num = _get_ssl_mode_num(ssl_mode); + mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode_num); + } +#endif if (charset) { mysql_options(&(self->connection), MYSQL_SET_CHARSET_NAME, charset); }