[prev in list] [next in list] [prev in thread] [next in thread]
List: pecl-cvs
Subject: [PECL-CVS] com =?UTF-8?Q?pecl/database/mysql=5Fxdevapi=3A=20WL=23=31=32=37=33=32=3A?= =?UTF-8?Q?=20D
From: hery ramilison <mysqlre () php ! net>
Date: 2019-04-27 14:41:57
Message-ID: php-mail-1f74acb4a9186e13ad9e6d209f5a94421893263748 () git ! php ! net
[Download RAW message or body]
Commit: ef47da7ed9683922f271b1208a0e90dae388ab6f
Author: Darek Slusarczyk <dariusz.slusarczyk@oracle.com> Sat, 27 Apr 2019 \
11:50:04 +0200
Parents: 08ad01ac818bfc2c1001ff2a71b5ddbebb7743cc
Branches: release/8.0.18
Link: http://git.php.net/?p=pecl/database/mysql_xdevapi.git;a=commitdiff;h=ef47da7ed9683922f271b1208a0e90dae388ab6f
Log:
WL#12732: DevAPI: Specify TLS ciphers to be used by a client or session
- update tests according to current spec
- improve error messages
- add some string utils
Bugs:
https://bugs.php.net/12732
Changed paths:
M util/exceptions.cc
M util/exceptions.h
M util/string_utils.h
M xmysqlnd/xmysqlnd_session.cc
Diff:
diff --git a/util/exceptions.cc b/util/exceptions.cc
index 605712e..42621e8 100644
--- a/util/exceptions.cc
+++ b/util/exceptions.cc
@@ -112,6 +112,8 @@ const std::map<xdevapi_exception::Code, const char* const> \
code_to_err_msg = { { xdevapi_exception::Code::unknown_tls_version, "Unknown TLS \
version:" }, { xdevapi_exception::Code::openssl_unavailable,
"trying to setup secure connection while OpenSSL is not available" },
+ { xdevapi_exception::Code::empty_tls_versions,
+ "at least one TLS protocol version must be specified in tls-versions list" },
};
/* }}} */
diff --git a/util/exceptions.h b/util/exceptions.h
index 4c04080..9ab9dba 100644
--- a/util/exceptions.h
+++ b/util/exceptions.h
@@ -100,7 +100,8 @@ struct xdevapi_exception : public std::runtime_error
unknown_client_conn_option,
unknown_ssl_mode,
unknown_tls_version,
- openssl_unavailable
+ openssl_unavailable,
+ empty_tls_versions,
};
xdevapi_exception(Code code);
diff --git a/util/string_utils.h b/util/string_utils.h
index 52e88e2..e28a585 100644
--- a/util/string_utils.h
+++ b/util/string_utils.h
@@ -22,6 +22,7 @@
#include "mysqlnd_api.h"
#include "strings.h"
#include <boost/algorithm/string/compare.hpp>
+#include <cctype>
namespace mysqlx {
@@ -160,6 +161,32 @@ inline st_mysqlnd_const_string to_mysqlnd_cstr(const string& \
str) bool to_int(const string& str, int* value);
bool to_int(const std::string& str, int* value);
+//------------------------------------------------------------------------------
+
+template<typename String>
+bool contains_blank(const String& str)
+{
+ return std::find_if(
+ str.begin(),
+ str.end(),
+ [](unsigned char chr){ return std::isblank(chr); }) != str.end();
+}
+
+template<typename String>
+String quotation(const String& str)
+{
+ return "'" + str + "'";
+}
+
+template<typename String>
+String quotation_if_blank(const String& str)
+{
+ if (str.empty() || contains_blank(str)) {
+ return quotation(str);
+ }
+ return str;
+}
+
} // namespace util
} // namespace mysqlx
diff --git a/xmysqlnd/xmysqlnd_session.cc b/xmysqlnd/xmysqlnd_session.cc
index 423a571..2ee9784 100644
--- a/xmysqlnd/xmysqlnd_session.cc
+++ b/xmysqlnd/xmysqlnd_session.cc
@@ -3005,6 +3005,13 @@ enum_func_status \
Extract_client_option::assign_ssl_mode(Session_auth_data& auth, DBG_RETURN(PASS);
}
+ if ((auth.ssl_mode == SSL_mode::any_secure) && (ssl_mode == SSL_mode::disabled)) {
+ throw util::xdevapi_exception(
+ util::xdevapi_exception::Code::inconsistent_ssl_options,
+ "cannot disable SSL connections when secure options are used");
+ DBG_RETURN(FAIL);
+ }
+
const char* error_reason{ "Only one ssl mode is allowed." };
DBG_ERR_FMT(error_reason);
throw util::xdevapi_exception(
@@ -3126,6 +3133,9 @@ void Extract_client_option::set_ssl_capath(const std::string& \
ssl_capath) void Extract_client_option::set_tls_versions(const std::string& \
raw_tls_versions) {
const util::std_strings& tls_versions{ parse_single_or_array(raw_tls_versions) };
+ if (tls_versions.empty()) {
+ throw util::xdevapi_exception(util::xdevapi_exception::Code::empty_tls_versions);
+ }
for (const auto& tls_version_str : tls_versions) {
const Tls_version tls_version{ parse_tls_version(tls_version_str) };
auth.tls_versions.push_back(tls_version);
@@ -3140,7 +3150,8 @@ Tls_version Extract_client_option::parse_tls_version(const \
std::string& tls_vers { Tls_version_v10, Tls_version::tls_v1_0 },
{ Tls_version_v11, Tls_version::tls_v1_1 },
{ Tls_version_v12, Tls_version::tls_v1_2 },
- { Tls_version_v13, Tls_version::tls_v1_3 },
+ //TODO: wait for patch in PHP
+ //{ Tls_version_v13, Tls_version::tls_v1_3 },
};
auto it{ name_to_protocols.find(tls_version_str) };
if (it != name_to_protocols.end()) return it->second;
@@ -3154,7 +3165,7 @@ Tls_version Extract_client_option::parse_tls_version(const \
std::string& tls_vers );
util::ostringstream os;
- os << tls_version_str
+ os << util::quotation_if_blank(tls_version_str)
<< " not recognized as a valid TLS protocol version (should be one of "
<< boost::join(supported_protocols, ", ")
<< ')';
@@ -3199,8 +3210,10 @@ util::std_strings \
Extract_client_option::parse_single_or_array(const std::string util::std_strings \
items; if ((value.front() == '[') && (value.back() == ']')) {
const std::string contents(value.begin() + 1, value.end() - 1);
- const char* Items_separator{ "," };
- boost::split(items, contents, boost::is_any_of(Items_separator));
+ if (!contents.empty()) {
+ const char* Items_separator{ "," };
+ boost::split(items, contents, boost::is_any_of(Items_separator));
+ }
} else {
items.push_back(value);
}
--
PECL CVS Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic