'[PECL-CVS] com =?UTF-8?Q?pecl/database/mysql=5Fxdevapi=3A=20WL=23=31=32=37=33=32=3A?= =?UTF-8?Q?=20D'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pecl-cvs
Subject:    [PECL-CVS] com =?UTF-8?Q?pecl/database/mysql=5Fxdevapi=3A=20WL=23=31=32=37=33=32=3A?= =?UTF-8?Q?=20D
From:       hery ramilison <mysqlre () php ! net>
Date:       2019-04-27 14:41:57
Message-ID: php-mail-1f74acb4a9186e13ad9e6d209f5a94421893263748 () git ! php ! net
[Download RAW message or body]

Commit:    ef47da7ed9683922f271b1208a0e90dae388ab6f
Author:    Darek Slusarczyk <dariusz.slusarczyk@oracle.com>         Sat, 27 Apr 2019 \
                11:50:04 +0200
Parents:   08ad01ac818bfc2c1001ff2a71b5ddbebb7743cc
Branches:  release/8.0.18

Link:       http://git.php.net/?p=pecl/database/mysql_xdevapi.git;a=commitdiff;h=ef47da7ed9683922f271b1208a0e90dae388ab6f


Log:
WL#12732: DevAPI: Specify TLS ciphers to be used by a client or session
- update tests according to current spec
- improve error messages
- add some string utils

Bugs:
https://bugs.php.net/12732

Changed paths:
  M  util/exceptions.cc
  M  util/exceptions.h
  M  util/string_utils.h
  M  xmysqlnd/xmysqlnd_session.cc


Diff:
diff --git a/util/exceptions.cc b/util/exceptions.cc
index 605712e..42621e8 100644
--- a/util/exceptions.cc
+++ b/util/exceptions.cc
@@ -112,6 +112,8 @@ const std::map<xdevapi_exception::Code, const char* const> \
code_to_err_msg = {  { xdevapi_exception::Code::unknown_tls_version, "Unknown TLS \
version:" },  { xdevapi_exception::Code::openssl_unavailable,
 		"trying to setup secure connection while OpenSSL is not available" },
+	{ xdevapi_exception::Code::empty_tls_versions,
+		"at least one TLS protocol version must be specified in tls-versions list" },
 };
 /* }}} */
 
diff --git a/util/exceptions.h b/util/exceptions.h
index 4c04080..9ab9dba 100644
--- a/util/exceptions.h
+++ b/util/exceptions.h
@@ -100,7 +100,8 @@ struct xdevapi_exception : public std::runtime_error
 		unknown_client_conn_option,
 		unknown_ssl_mode,
 		unknown_tls_version,
-		openssl_unavailable
+		openssl_unavailable,
+		empty_tls_versions,
 	};
 
 	xdevapi_exception(Code code);
diff --git a/util/string_utils.h b/util/string_utils.h
index 52e88e2..e28a585 100644
--- a/util/string_utils.h
+++ b/util/string_utils.h
@@ -22,6 +22,7 @@
 #include "mysqlnd_api.h"
 #include "strings.h"
 #include <boost/algorithm/string/compare.hpp>
+#include <cctype>
 
 namespace mysqlx {
 
@@ -160,6 +161,32 @@ inline st_mysqlnd_const_string to_mysqlnd_cstr(const string& \
str)  bool to_int(const string& str, int* value);
 bool to_int(const std::string& str, int* value);
 
+//------------------------------------------------------------------------------
+
+template<typename String>
+bool contains_blank(const String& str)
+{
+	return std::find_if(
+		str.begin(),
+		str.end(),
+		[](unsigned char chr){ return std::isblank(chr); }) != str.end();
+}
+
+template<typename String>
+String quotation(const String& str)
+{
+	return "'" + str + "'";
+}
+
+template<typename String>
+String quotation_if_blank(const String& str)
+{
+	if (str.empty() || contains_blank(str)) {
+		return quotation(str);
+	}
+	return str;
+}
+
 } // namespace util
 
 } // namespace mysqlx
diff --git a/xmysqlnd/xmysqlnd_session.cc b/xmysqlnd/xmysqlnd_session.cc
index 423a571..2ee9784 100644
--- a/xmysqlnd/xmysqlnd_session.cc
+++ b/xmysqlnd/xmysqlnd_session.cc
@@ -3005,6 +3005,13 @@ enum_func_status \
Extract_client_option::assign_ssl_mode(Session_auth_data& auth,  DBG_RETURN(PASS);
 	}
 
+	if ((auth.ssl_mode == SSL_mode::any_secure) && (ssl_mode == SSL_mode::disabled)) {
+		throw util::xdevapi_exception(
+			util::xdevapi_exception::Code::inconsistent_ssl_options,
+			"cannot disable SSL connections when secure options are used");
+		DBG_RETURN(FAIL);
+	}
+
 	const char* error_reason{ "Only one ssl mode is allowed." };
 	DBG_ERR_FMT(error_reason);
 	throw util::xdevapi_exception(
@@ -3126,6 +3133,9 @@ void Extract_client_option::set_ssl_capath(const std::string& \
ssl_capath)  void Extract_client_option::set_tls_versions(const std::string& \
raw_tls_versions)  {
 	const util::std_strings& tls_versions{ parse_single_or_array(raw_tls_versions) };
+	if (tls_versions.empty()) {
+		throw util::xdevapi_exception(util::xdevapi_exception::Code::empty_tls_versions);
+	}
 	for (const auto& tls_version_str : tls_versions) {
 		const Tls_version tls_version{ parse_tls_version(tls_version_str) };
 		auth.tls_versions.push_back(tls_version);
@@ -3140,7 +3150,8 @@ Tls_version Extract_client_option::parse_tls_version(const \
std::string& tls_vers  { Tls_version_v10, Tls_version::tls_v1_0 },
 		{ Tls_version_v11, Tls_version::tls_v1_1 },
 		{ Tls_version_v12, Tls_version::tls_v1_2 },
-		{ Tls_version_v13, Tls_version::tls_v1_3 },
+		//TODO: wait for patch in PHP
+		//{ Tls_version_v13, Tls_version::tls_v1_3 },
 	};
 	auto it{ name_to_protocols.find(tls_version_str) };
 	if (it != name_to_protocols.end()) return it->second;
@@ -3154,7 +3165,7 @@ Tls_version Extract_client_option::parse_tls_version(const \
std::string& tls_vers  );
 
 	util::ostringstream os;
-	os << tls_version_str
+	os << util::quotation_if_blank(tls_version_str)
 		<< " not recognized as a valid TLS protocol version (should be one of "
 		<< boost::join(supported_protocols, ", ")
 		<< ')';
@@ -3199,8 +3210,10 @@ util::std_strings \
Extract_client_option::parse_single_or_array(const std::string  util::std_strings \
items;  if ((value.front() == '[') && (value.back() == ']')) {
 		const std::string contents(value.begin() + 1, value.end() - 1);
-		const char* Items_separator{ "," };
-		boost::split(items, contents, boost::is_any_of(Items_separator));
+		if (!contents.empty()) {
+			const char* Items_separator{ "," };
+			boost::split(items, contents, boost::is_any_of(Items_separator));
+		}
 	} else {
 		items.push_back(value);
 	}


--
PECL CVS Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic