dict_mysql.c (postfix 3.2.0-5, 3.3.0 and current) to allow build against MySQL 8.x

olli hauer Sun, 25 Feb 2018 14:00:51 -0800

On 2018-02-25 17:19, Wietse Venema wrote:
> olli hauer:
> [ Charset ISO-8859-15 converted... ]
>> >From https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html
>> o  MYSQL_OPT_SSL_VERIFY_SERVER_CERT (argument type: my_bool *)
>>      This option is deprecated as of MySQL 5.7.11 and is removed in MySQL 
>> 8.0.
>>      Instead, use MYSQL_OPT_SSL_MODE with a value of 
>> SSL_MODE_VERIFY_IDENTITY.
>>
>>
>> There are some issues in case postfix builds against mariadb or percona 
>> instead
>> mysql, because both define MYSQL_VERSION_ID >= 50711 and only mariadb also
>> defines MARIADB_VERSION_ID.
>>
>> mariadb (10.2.13):
>>   #define MYSQL_VERSION_ID     100212
>>   #define MARIADB_VERSION_ID   100212
>>
>> percona (5.7.20-18):
>>   #define MYSQL_VERSION_ID     50720
>>
>>
>> Given the listed MYSQL_VERSION_ID's the following diff should be safe.
>>
>> --- src/global/dict_mysql.c.orig        2017-02-19 01:58:20 UTC
>> +++ src/global/dict_mysql.c
>> @@ -656,7 +656,11 @@ static void plmysql_connect_single(DICT_
>>                       dict_mysql->tls_key_file, dict_mysql->tls_cert_file,
>>                       dict_mysql->tls_CAfile, dict_mysql->tls_CApath,
>>                       dict_mysql->tls_ciphers);
>> -#if MYSQL_VERSION_ID >= 50023
>> +#if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID)
>> +    if (dict_mysql->tls_verify_cert != -1)
>> +       mysql_options(host->db, MYSQL_OPT_SSL_MODE,
>> +                     &dict_mysql->tls_verify_cert);
>> +#elif MYSQL_VERSION_ID >= 50023
>>      if (dict_mysql->tls_verify_cert != -1)
>>         mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
>>                       &dict_mysql->tls_verify_cert);
> 
> 
> Couple suggestions. First. I wonder if this is complete - there are
> three instances of the ``#if MYSQL_VERSION_ID >= 50023'' guard.
> 
> Second, I prefer not to litter the code with runs of nearly duplicate
> code. Instead I suggest defining a new macro:
> 
>     #if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID)
>     #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_MODE
>     #elif MYSQL_VERSION_ID >= 50023
>     #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_VERIFY_SERVER_CERT
>     #endif
> 
> Then, use DICT_MYSQL_SSL_VERIFY_SERVER_CERT in the code instead of
> the 'raw' defines from the mysql/mariadb libraries.
> 
> #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
>     int     tls_verify_cert;
> #endif
> 
> #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
>      if (dict_mysql->tls_verify_cert != -1)
>          mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT,
>                        &dict_mysql->tls_verify_cert);
> #endif
> 
> #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
>     dict_mysql->tls_verify_cert = cfg_get_bool(p, "tls_verify_cert", -1);
> #endif
> 
> But I dont have time to test this.
> 
>       Wietse
>


New patch with your suggestions:
  
https://people.freebsd.org/~ohauer/postfix.dict__mysql/patch-src_global_dict__mysql.c.diff

build logs (postfix-3.3.0) against:
 - mysql56-client-5.6.39
 - mysql80-client-8.0.2
 - mariadb55-client-5.5.59
 - mariadb102-client-10.2.12
 - percona57-client-5.7.20.18

can reviewed here:
  https://people.freebsd.org/~ohauer/postfix.dict__mysql/


log apply patch against:
 - postfix-3.0.12
 - postfix-3.1.8
 - postfix-3.2.5
 - postfix-3.3.0
 - postfix-3.4-20180222

can reviewed here:
  
https://people.freebsd.org/~ohauer/postfix.dict__mysql/postfix-dict__mysql-patch.log


So far it looks good to me, but cross tests / reviews are welcome.


-- 
olli

--- src/global/dict_mysql.c.orig        2017-02-19 01:58:20 UTC
+++ src/global/dict_mysql.c
@@ -198,6 +198,15 @@
 
 #include "dict_mysql.h"
 
+/* MySQL 8.x API change */
+
+#if MYSQL_VERSION_ID >= 80000 && !defined(MARIADB_VERSION_ID)
+#define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_MODE
+#elif MYSQL_VERSION_ID >= 50023
+#define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_VERIFY_SERVER_CERT
+#endif
+
+
 /* need some structs to help organize things */
 typedef struct {
     MYSQL  *db;
@@ -237,7 +246,7 @@ typedef struct {
     char   *tls_CAfile;
     char   *tls_CApath;
     char   *tls_ciphers;
-#if MYSQL_VERSION_ID >= 50023
+#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
     int     tls_verify_cert;
 #endif
 #endif
@@ -656,9 +665,9 @@ static void plmysql_connect_single(DICT_
                      dict_mysql->tls_key_file, dict_mysql->tls_cert_file,
                      dict_mysql->tls_CAfile, dict_mysql->tls_CApath,
                      dict_mysql->tls_ciphers);
-#if MYSQL_VERSION_ID >= 50023
+#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
     if (dict_mysql->tls_verify_cert != -1)
-       mysql_options(host->db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+         mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT,
                      &dict_mysql->tls_verify_cert);
 #endif
 #endif
@@ -723,7 +732,7 @@ static void mysql_parse_config(DICT_MYSQ
     dict_mysql->tls_CAfile = cfg_get_str(p, "tls_CAfile", NULL, 0, 0);
     dict_mysql->tls_CApath = cfg_get_str(p, "tls_CApath", NULL, 0, 0);
     dict_mysql->tls_ciphers = cfg_get_str(p, "tls_ciphers", NULL, 0, 0);
-#if MYSQL_VERSION_ID >= 50023
+#if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
     dict_mysql->tls_verify_cert = cfg_get_bool(p, "tls_verify_cert", -1);
 #endif
 #endif

Re: [patch] src/global/dict_mysql.c (postfix 3.2.0-5, 3.3.0 and current) to allow build against MySQL 8.x

Reply via email to