@@ -3462,6 +3462,7 @@ static void mysql_ssl_free(MYSQL *mysql) {
34623462 mysql->options .extension ->client_auth_info [idx].password = nullptr ;
34633463 }
34643464 }
3465+ mysql->options .extension ->ssl_context = nullptr ;
34653466 }
34663467 mysql->options .ssl_key = nullptr ;
34673468 mysql->options .ssl_cert = nullptr ;
@@ -3628,6 +3629,19 @@ bool STDCALL mysql_get_ssl_session_reused(MYSQL *mysql) {
36283629 return false ;
36293630}
36303631
3632+ void *STDCALL
3633+ mysql_take_ssl_context_ownership (MYSQL *mysql MY_ATTRIBUTE ((unused))) {
3634+ DBUG_ENTER (" mysql_take_ssl_context_ownership" );
3635+ #if defined(HAVE_OPENSSL)
3636+ if (mysql->connector_fd ) {
3637+ struct st_VioSSLFd *ssl_fd = (struct st_VioSSLFd *)mysql->connector_fd ;
3638+ ssl_fd->owned = false ;
3639+ DBUG_RETURN (ssl_fd->ssl_context );
3640+ }
3641+ #endif
3642+ DBUG_RETURN (nullptr );
3643+ }
3644+
36313645/*
36323646 Check the server's (subject) Common Name against the
36333647 hostname we connected to
@@ -4461,22 +4475,34 @@ static int cli_establish_ssl(MYSQL *mysql) {
44614475 MYSQL_TRACE_STAGE (mysql, SSL_NEGOTIATION );
44624476
44634477 /* Create the VioSSLConnectorFd - init SSL and load certs */
4464- if (!(ssl_fd = new_VioSSLConnectorFd (
4465- options->ssl_key , options->ssl_cert , options->ssl_ca ,
4466- options->ssl_capath , options->ssl_cipher ,
4467- options->extension ? options->extension ->tls_ciphersuites
4468- : nullptr ,
4469- &ssl_init_error,
4470- options->extension ? options->extension ->ssl_crl : nullptr ,
4471- options->extension ? options->extension ->ssl_crlpath : nullptr ,
4472- options->extension ? options->extension ->ssl_ctx_flags : 0 ,
4473- verify_identity ? mysql->host : nullptr ))) {
4474- set_mysql_extended_error (mysql, CR_SSL_CONNECTION_ERROR , unknown_sqlstate,
4475- ER_CLIENT (CR_SSL_CONNECTION_ERROR ),
4476- sslGetErrString (ssl_init_error));
4477- goto error;
4478+ if (!mysql->connector_fd ) {
4479+ /* Create the VioSSLConnectorFd - init SSL and load certs */
4480+ if (options->extension && options->extension ->ssl_context ) {
4481+ ssl_fd = new_VioSSLConnectorFdFromContext (
4482+ (SSL_CTX *)options->extension ->ssl_context , &ssl_init_error);
4483+ } else {
4484+ if (!(ssl_fd = new_VioSSLConnectorFd (
4485+ options->ssl_key , options->ssl_cert , options->ssl_ca ,
4486+ options->ssl_capath , options->ssl_cipher ,
4487+ options->extension ? options->extension ->tls_ciphersuites
4488+ : nullptr ,
4489+ &ssl_init_error,
4490+ options->extension ? options->extension ->ssl_crl : nullptr ,
4491+ options->extension ? options->extension ->ssl_crlpath
4492+ : nullptr ,
4493+ options->extension ? options->extension ->ssl_ctx_flags : 0 ,
4494+ verify_identity ? mysql->host : nullptr ))) {
4495+ set_mysql_extended_error (mysql, CR_SSL_CONNECTION_ERROR ,
4496+ unknown_sqlstate,
4497+ ER_CLIENT (CR_SSL_CONNECTION_ERROR ),
4498+ sslGetErrString (ssl_init_error));
4499+ goto error;
4500+ }
4501+ }
4502+ mysql->connector_fd = (unsigned char *)ssl_fd;
4503+ } else {
4504+ ssl_fd = (struct st_VioSSLFd *)mysql->connector_fd ;
44784505 }
4479- mysql->connector_fd = (unsigned char *)ssl_fd;
44804506 SSL_SESSION *ssl_session = ssl_session_deserialize_from_data (mysql);
44814507
44824508 /* Connect to the server */
@@ -4624,20 +4650,26 @@ static net_async_status cli_establish_ssl_nonblocking(MYSQL *mysql, int *res) {
46244650 long flags = options->extension ? options->extension ->ssl_ctx_flags : 0 ;
46254651
46264652 /* Create the VioSSLConnectorFd - init SSL and load certs */
4627- if (!(ssl_fd = new_VioSSLConnectorFd (
4628- options->ssl_key , options->ssl_cert , options->ssl_ca ,
4629- options->ssl_capath , options->ssl_cipher ,
4630- options->extension ? options->extension ->tls_ciphersuites
4631- : nullptr ,
4632- &ssl_init_error,
4633- options->extension ? options->extension ->ssl_crl : nullptr ,
4634- options->extension ? options->extension ->ssl_crlpath : nullptr ,
4635- flags, verify_identity ? mysql->host : nullptr ))) {
4636- set_mysql_extended_error (mysql, CR_SSL_CONNECTION_ERROR ,
4637- unknown_sqlstate,
4638- ER_CLIENT (CR_SSL_CONNECTION_ERROR ),
4639- sslGetErrString (ssl_init_error));
4640- goto error;
4653+ if (options->extension && options->extension ->ssl_context ) {
4654+ ssl_fd = new_VioSSLConnectorFdFromContext (
4655+ (SSL_CTX *)options->extension ->ssl_context , &ssl_init_error);
4656+ } else {
4657+ if (!(ssl_fd = new_VioSSLConnectorFd (
4658+ options->ssl_key , options->ssl_cert , options->ssl_ca ,
4659+ options->ssl_capath , options->ssl_cipher ,
4660+ options->extension ? options->extension ->tls_ciphersuites
4661+ : nullptr ,
4662+ &ssl_init_error,
4663+ options->extension ? options->extension ->ssl_crl : nullptr ,
4664+ options->extension ? options->extension ->ssl_crlpath
4665+ : nullptr ,
4666+ flags, verify_identity ? mysql->host : nullptr ))) {
4667+ set_mysql_extended_error (mysql, CR_SSL_CONNECTION_ERROR ,
4668+ unknown_sqlstate,
4669+ ER_CLIENT (CR_SSL_CONNECTION_ERROR ),
4670+ sslGetErrString (ssl_init_error));
4671+ goto error;
4672+ }
46414673 }
46424674 mysql->connector_fd = (unsigned char *)ssl_fd;
46434675 } else {
@@ -7461,8 +7493,7 @@ void mysql_close_free(MYSQL *mysql) {
74617493 my_free (mysql->field_alloc );
74627494
74637495 if (mysql->connector_fd )
7464- free_vio_ssl_acceptor_fd (
7465- reinterpret_cast <st_VioSSLFd *>(mysql->connector_fd ));
7496+ free_vio_ssl_fd (reinterpret_cast <st_VioSSLFd *>(mysql->connector_fd ));
74667497 mysql->connector_fd = nullptr ;
74677498
74687499 mysql->field_alloc = nullptr ;
@@ -8727,6 +8758,11 @@ int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
87278758 EXTENSION_SET_STRING (&mysql->options , ssl_session_data,
87288759 static_cast <const char *>(arg));
87298760 break ;
8761+ case MYSQL_OPT_SSL_CONTEXT :
8762+ ENSURE_EXTENSIONS_PRESENT (&mysql->options );
8763+ mysql->options .extension ->ssl_context = const_cast <void *>(arg);
8764+ break ;
8765+
87308766 default :
87318767 return 1 ;
87328768 }
0 commit comments