-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MDEV-33863: New mysqladmin command tls-info #3247
base: 11.4
Are you sure you want to change the base?
Changes from all commits
c05610b
5d028ad
e6cb2e1
33ee3df
f0db8a5
8e6da8b
3feed05
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -92,7 +92,8 @@ enum commands { | |
ADMIN_FLUSH_TABLE_STATISTICS, ADMIN_FLUSH_INDEX_STATISTICS, | ||
ADMIN_FLUSH_USER_STATISTICS, ADMIN_FLUSH_CLIENT_STATISTICS, | ||
ADMIN_FLUSH_USER_RESOURCES, | ||
ADMIN_FLUSH_ALL_STATUS, ADMIN_FLUSH_ALL_STATISTICS, ADMIN_FLUSH_SSL | ||
ADMIN_FLUSH_ALL_STATUS, ADMIN_FLUSH_ALL_STATISTICS, ADMIN_FLUSH_SSL, | ||
ADMIN_TLS_INFO | ||
}; | ||
static const char *command_names[]= { | ||
"create", "drop", "shutdown", | ||
|
@@ -108,6 +109,7 @@ static const char *command_names[]= { | |
"flush-table-statistics", "flush-index-statistics", | ||
"flush-user-statistics", "flush-client-statistics", "flush-user-resources", | ||
"flush-all-status", "flush-all-statistics", "flush-ssl", | ||
"tls-info", | ||
NullS | ||
}; | ||
|
||
|
@@ -772,6 +774,40 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) | |
return -1; | ||
} | ||
break; | ||
case ADMIN_TLS_INFO: | ||
if (mysql_get_ssl_cipher(mysql)) | ||
{ | ||
MARIADB_X509_INFO *info; | ||
new_line=1; | ||
char *version; | ||
|
||
printf("Cipher suite:\t%s\n", mysql_get_ssl_cipher(mysql)); | ||
mariadb_get_infov(mysql, MARIADB_CONNECTION_TLS_VERSION, &version); | ||
printf("TLS version:\t%s\n\n", version); | ||
|
||
mariadb_get_infov(mysql, MARIADB_TLS_PEER_CERT_INFO, &info); | ||
if (info) | ||
{ | ||
printf("Peer certificate information:\n\n"); | ||
printf("Version:\t%d\n", info->version); | ||
printf("Issuer:\t\t%s\n\n", info->issuer); | ||
printf("Subject:\t%s\n\n", info->subject); | ||
printf("Valid not before:\t%04d-%02d-%02d %02d:%02d\n", info->not_before.tm_year + 1900, | ||
info->not_before.tm_mon + 1, info->not_before.tm_mday, | ||
info->not_before.tm_hour, info->not_before.tm_min); | ||
printf("Valid not after:\t%04d-%02d-%02d %02d:%02d\n\n", info->not_after.tm_year + 1900, | ||
info->not_after.tm_mon + 1, info->not_after.tm_mday, | ||
info->not_after.tm_hour, info->not_after.tm_min); | ||
printf("SHA256 fingerprint: %s\n", info->fingerprint); | ||
} else { | ||
my_printf_error(0, "Unable to retrieve peer certificate", 0); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. indenting error. And style would say There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just for verbosity the CODING STANDARDS link in the PR template provides the coding style guideline and coding standards in general. |
||
return 1; | ||
} | ||
} else { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same here. |
||
my_printf_error(0, "No TLS connection", 0); | ||
return 1; | ||
} | ||
break; | ||
case ADMIN_VER: | ||
new_line=1; | ||
print_version(); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
--tls_version=TLSv1.0 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nice 😄 |
||
--tls_version=TLSv1.1 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,6 @@ | ||
Variable_name Value | ||
Ssl_version TLSv1 | ||
Variable_name Value | ||
Ssl_version TLSv1 | ||
Ssl_version TLSv1.1 | ||
@@tls_version | ||
TLSv1.0 | ||
TLSv1.1 | ||
call mtr.add_suppression("TLSv1.0 and TLSv1.1 are insecure"); | ||
FOUND 1 /TLSv1.0 and TLSv1.1 are insecure/ in mysqld.1.err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is calling the same pure function a second time, but I guess its ok since the C/C function is so shallow.