Re: [patch] src/global/dict_mysql.c (postfix 3.2.0-5, 3.3.0 and current) to allow build against MySQL 8.x

Sun, 25 Feb 2018 08:19:44 -0800 

olli hauer:
[ Charset ISO-8859-15 converted... ]
> >From https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html
> o  MYSQL_OPT_SSL_VERIFY_SERVER_CERT (argument type: my_bool *)
>      This option is deprecated as of MySQL 5.7.11 and is removed in MySQL 8.0.
>      Instead, use MYSQL_OPT_SSL_MODE with a value of SSL_MODE_VERIFY_IDENTITY.
> 
> 
> There are some issues in case postfix builds against mariadb or percona 
> instead
> mysql, because both define MYSQL_VERSION_ID >= 50711 and only mariadb also
> defines MARIADB_VERSION_ID.
> 
> mariadb (10.2.13):
>   #define MYSQL_VERSION_ID     100212
>   #define MARIADB_VERSION_ID   100212
> 
> percona (5.7.20-18):
>   #define MYSQL_VERSION_ID     50720
> 
> 
> Given the listed MYSQL_VERSION_ID's the following diff should be safe.
> 
> --- src/global/dict_mysql.c.orig        2017-02-19 01:58:20 UTC
> +++ src/global/dict_mysql.c
> @@ -656,7 +656,11 @@ static void plmysql_connect_single(DICT_
>                       dict_mysql->tls_key_file, dict_mysql->tls_cert_file,
>                       dict_mysql->tls_CAfile, dict_mysql->tls_CApath,
>                       dict_mysql->tls_ciphers);
> -#if MYSQL_VERSION_ID >= 50023
> +#if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID)
> +    if (dict_mysql->tls_verify_cert != -1)
> +       mysql_options(host->db, MYSQL_OPT_SSL_MODE,
> +                     &dict_mysql->tls_verify_cert);
> +#elif MYSQL_VERSION_ID >= 50023
>      if (dict_mysql->tls_verify_cert != -1)
>         mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
>                       &dict_mysql->tls_verify_cert);


Couple suggestions. First. I wonder if this is complete - there are
three instances of the ``#if MYSQL_VERSION_ID >= 50023'' guard.

Second, I prefer not to litter the code with runs of nearly duplicate
code. Instead I suggest defining a new macro:

    #if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID)
    #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_MODE
    #elif MYSQL_VERSION_ID >= 50023
    #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_VERIFY_SERVER_CERT
    #endif

Then, use DICT_MYSQL_SSL_VERIFY_SERVER_CERT in the code instead of
the 'raw' defines from the mysql/mariadb libraries.

#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
    int     tls_verify_cert;
#endif

#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
     if (dict_mysql->tls_verify_cert != -1)
         mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT,
                       &dict_mysql->tls_verify_cert);
#endif

#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
    dict_mysql->tls_verify_cert = cfg_get_bool(p, "tls_verify_cert", -1);
#endif

But I dont have time to test this.

        Wietse

Reply via email to