Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MDEV-33863: New mysqladmin command tls-info #3247

Open
wants to merge 7 commits into
base: 11.4
Choose a base branch
from
Open

MDEV-33863: New mysqladmin command tls-info #3247

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c05610b
Use C/C branch 3.4-georg
9EOR9 Feb 20, 2024
5d028ad
test fixes:
9EOR9 Feb 21, 2024
e6cb2e1
MDEV-33863: New mysqladmin command tls-info
9EOR9 Apr 29, 2024
33ee3df
Use C/C branch 3.4-georg
9EOR9 Feb 20, 2024
f0db8a5
test fixes:
9EOR9 Feb 21, 2024
8e6da8b
MDEV-33863: New mysqladmin command tls-info
9EOR9 Apr 29, 2024
3feed05
Merge branch 'bb-11.4-georg' of https://github.com/mariadb/server int…
9EOR9 May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Prev Previous commit
Next Next commit
MDEV-33863: New mysqladmin command tls-info 
Added new command tls-info which provides the following
information:

Cipher suite in use
TLS protocol version
Peer certificate information:
  - Version
  - Subject
  - Issuer
  - Valid not before/after
  - SHA256 finger print
  • Loading branch information
@9EOR9
9EOR9 committed Apr 29, 2024
commit e6cb2e127ebbadd8de860c55372ab20a3694d58b
1 change: 1 addition & 0 deletions client/client_priv.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ enum options_client
OPT_IGNORE_SERVER_IDS,
OPT_DO_SERVER_IDS,
OPT_SSL_FP, OPT_SSL_FPLIST,
OPT_TLS_CERT_INFO,
OPT_MAX_CLIENT_OPTION /* should be always the last */
};

Expand Down
38 changes: 37 additions & 1 deletion client/mysqladmin.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ enum commands {
ADMIN_FLUSH_TABLE_STATISTICS, ADMIN_FLUSH_INDEX_STATISTICS,
ADMIN_FLUSH_USER_STATISTICS, ADMIN_FLUSH_CLIENT_STATISTICS,
ADMIN_FLUSH_USER_RESOURCES,
ADMIN_FLUSH_ALL_STATUS, ADMIN_FLUSH_ALL_STATISTICS, ADMIN_FLUSH_SSL
ADMIN_FLUSH_ALL_STATUS, ADMIN_FLUSH_ALL_STATISTICS, ADMIN_FLUSH_SSL,
ADMIN_TLS_INFO
};
static const char *command_names[]= {
"create", "drop", "shutdown",
Expand All @@ -108,6 +109,7 @@ static const char *command_names[]= {
"flush-table-statistics", "flush-index-statistics",
"flush-user-statistics", "flush-client-statistics", "flush-user-resources",
"flush-all-status", "flush-all-statistics", "flush-ssl",
"tls-info",
NullS
};

Expand Down Expand Up @@ -772,6 +774,40 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
return -1;
}
break;
case ADMIN_TLS_INFO:
if (mysql_get_ssl_cipher(mysql))
{
MARIADB_X509_INFO *info;
new_line=1;
char *version;

printf("Cipher suite:\t%s\n", mysql_get_ssl_cipher(mysql));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is calling the same pure function a second time, but I guess its ok since the C/C function is so shallow.

mariadb_get_infov(mysql, MARIADB_CONNECTION_TLS_VERSION, &version);
printf("TLS version:\t%s\n\n", version);

mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info);
if (info)
{
printf("Peer certificate information:\n\n");
printf("Version:\t%d\n", info->version);
printf("Issuer:\t\t%s\n\n", info->issuer);
printf("Subject:\t%s\n\n", info->subject);
printf("Valid not before:\t%04d-%02d-%02d %02d:%02d\n", info->not_before.tm_year + 1900,
info->not_before.tm_mon + 1, info->not_before.tm_mday,
info->not_before.tm_hour, info->not_before.tm_min);
printf("Valid not after:\t%04d-%02d-%02d %02d:%02d\n\n", info->not_after.tm_year + 1900,
info->not_after.tm_mon + 1, info->not_after.tm_mday,
info->not_after.tm_hour, info->not_after.tm_min);
printf("SHA256 fingerprint: %s\n", info->fingerprint);
} else {
my_printf_error(0, "Unable to retrieve peer certificate", 0);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indenting error. And style would say { on the next line.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for verbosity the CODING STANDARDS link in the PR template provides the coding style guideline and coding standards in general.

return 1;
}
} else {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here.

my_printf_error(0, "No TLS connection", 0);
return 1;
}
break;
case ADMIN_VER:
new_line=1;
print_version();
Expand Down
2 changes: 1 addition & 1 deletion libmariadb
Open in desktop
Submodule libmariadb updated from fe411b to 19dffe