On 2018-02-25 17:19, Wietse Venema wrote: > olli hauer: > [ Charset ISO-8859-15 converted... ] >> >From https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html >> o MYSQL_OPT_SSL_VERIFY_SERVER_CERT (argument type: my_bool *) >> This option is deprecated as of MySQL 5.7.11 and is removed in MySQL >> 8.0. >> Instead, use MYSQL_OPT_SSL_MODE with a value of >> SSL_MODE_VERIFY_IDENTITY. >> >> >> There are some issues in case postfix builds against mariadb or percona >> instead >> mysql, because both define MYSQL_VERSION_ID >= 50711 and only mariadb also >> defines MARIADB_VERSION_ID. >> >> mariadb (10.2.13): >> #define MYSQL_VERSION_ID 100212 >> #define MARIADB_VERSION_ID 100212 >> >> percona (5.7.20-18): >> #define MYSQL_VERSION_ID 50720 >> >> >> Given the listed MYSQL_VERSION_ID's the following diff should be safe. >> >> --- src/global/dict_mysql.c.orig 2017-02-19 01:58:20 UTC >> +++ src/global/dict_mysql.c >> @@ -656,7 +656,11 @@ static void plmysql_connect_single(DICT_ >> dict_mysql->tls_key_file, dict_mysql->tls_cert_file, >> dict_mysql->tls_CAfile, dict_mysql->tls_CApath, >> dict_mysql->tls_ciphers); >> -#if MYSQL_VERSION_ID >= 50023 >> +#if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID) >> + if (dict_mysql->tls_verify_cert != -1) >> + mysql_options(host->db, MYSQL_OPT_SSL_MODE, >> + &dict_mysql->tls_verify_cert); >> +#elif MYSQL_VERSION_ID >= 50023 >> if (dict_mysql->tls_verify_cert != -1) >> mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, >> &dict_mysql->tls_verify_cert); > > > Couple suggestions. First. I wonder if this is complete - there are > three instances of the ``#if MYSQL_VERSION_ID >= 50023'' guard. > > Second, I prefer not to litter the code with runs of nearly duplicate > code. Instead I suggest defining a new macro: > > #if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID) > #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_MODE > #elif MYSQL_VERSION_ID >= 50023 > #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_VERIFY_SERVER_CERT > #endif > > Then, use DICT_MYSQL_SSL_VERIFY_SERVER_CERT in the code instead of > the 'raw' defines from the mysql/mariadb libraries. > > #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT) > int tls_verify_cert; > #endif > > #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT) > if (dict_mysql->tls_verify_cert != -1) > mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT, > &dict_mysql->tls_verify_cert); > #endif > > #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT) > dict_mysql->tls_verify_cert = cfg_get_bool(p, "tls_verify_cert", -1); > #endif > > But I dont have time to test this. > > Wietse >
I agree with your argument about code duplication and will try to create a new patch based on your suggestions in the next days / weeks as soon I find some spare time. Since the FreeBSD ports framework allows to choose between four different MySQL/MariaDB and three different Percona versions (sum: eleven versions), I have to admit that I've done only builds but no functional tests against: - mysql-5.7.21 - mysql-8.0.2 - mariadb-10.1.31 - mariadb-10.2.13 - percona-5.6.38.83.0 - percona-5.7.20.18 I'm myself not a MySQL, MariaDB, Percona user, the issue was reported by a FreeBSD user using MySQL 8.x who noted the MySQL 5.7 -> 8.0 API deprecation. -- olli
