-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MDEV-33863: New mysqladmin command tls-info #3247
base: 11.4
Are you sure you want to change the base?
Changes from 1 commit
c05610b
5d028ad
e6cb2e1
33ee3df
f0db8a5
8e6da8b
3feed05
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
Added new command tls-info which provides the following information: Cipher suite in use TLS protocol version Peer certificate information: - Version - Subject - Issuer - Valid not before/after - SHA256 finger print
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -92,7 +92,8 @@ enum commands { | |
ADMIN_FLUSH_TABLE_STATISTICS, ADMIN_FLUSH_INDEX_STATISTICS, | ||
ADMIN_FLUSH_USER_STATISTICS, ADMIN_FLUSH_CLIENT_STATISTICS, | ||
ADMIN_FLUSH_USER_RESOURCES, | ||
ADMIN_FLUSH_ALL_STATUS, ADMIN_FLUSH_ALL_STATISTICS, ADMIN_FLUSH_SSL | ||
ADMIN_FLUSH_ALL_STATUS, ADMIN_FLUSH_ALL_STATISTICS, ADMIN_FLUSH_SSL, | ||
ADMIN_TLS_INFO | ||
}; | ||
static const char *command_names[]= { | ||
"create", "drop", "shutdown", | ||
|
@@ -108,6 +109,7 @@ static const char *command_names[]= { | |
"flush-table-statistics", "flush-index-statistics", | ||
"flush-user-statistics", "flush-client-statistics", "flush-user-resources", | ||
"flush-all-status", "flush-all-statistics", "flush-ssl", | ||
"tls-info", | ||
NullS | ||
}; | ||
|
||
|
@@ -772,6 +774,40 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) | |
return -1; | ||
} | ||
break; | ||
case ADMIN_TLS_INFO: | ||
if (mysql_get_ssl_cipher(mysql)) | ||
{ | ||
MARIADB_X509_INFO *info; | ||
new_line=1; | ||
char *version; | ||
|
||
printf("Cipher suite:\t%s\n", mysql_get_ssl_cipher(mysql)); | ||
mariadb_get_infov(mysql, MARIADB_CONNECTION_TLS_VERSION, &version); | ||
printf("TLS version:\t%s\n\n", version); | ||
|
||
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info); | ||
if (info) | ||
{ | ||
printf("Peer certificate information:\n\n"); | ||
printf("Version:\t%d\n", info->version); | ||
printf("Issuer:\t\t%s\n\n", info->issuer); | ||
printf("Subject:\t%s\n\n", info->subject); | ||
printf("Valid not before:\t%04d-%02d-%02d %02d:%02d\n", info->not_before.tm_year + 1900, | ||
info->not_before.tm_mon + 1, info->not_before.tm_mday, | ||
info->not_before.tm_hour, info->not_before.tm_min); | ||
printf("Valid not after:\t%04d-%02d-%02d %02d:%02d\n\n", info->not_after.tm_year + 1900, | ||
info->not_after.tm_mon + 1, info->not_after.tm_mday, | ||
info->not_after.tm_hour, info->not_after.tm_min); | ||
printf("SHA256 fingerprint: %s\n", info->fingerprint); | ||
} else { | ||
my_printf_error(0, "Unable to retrieve peer certificate", 0); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. indenting error. And style would say There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just for verbosity the CODING STANDARDS link in the PR template provides the coding style guideline and coding standards in general. |
||
return 1; | ||
} | ||
} else { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same here. |
||
my_printf_error(0, "No TLS connection", 0); | ||
return 1; | ||
} | ||
break; | ||
case ADMIN_VER: | ||
new_line=1; | ||
print_version(); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is calling the same pure function a second time, but I guess its ok since the C/C function is so shallow.