TLS fixes for C/C 3.4.x

- Always set/unset peer certificate verification flag - Return None (instead of raising an exception) for tls connection properties if TLS is not in use - bumped version number to 1.1.11
2025-07-28 06:40:03 +00:00 · 2024-09-16 10:13:38 +02:00
parent afb3ccd778
commit 1d03be3483
4 changed files with 18 additions and 8 deletions
--- a/include/mariadb_python.h
+++ b/include/mariadb_python.h
@ -225,6 +225,7 @@ typedef struct {
 #endif
    PyObject *last_executed_stmt;
    PyObject *converter;
+    uint8_t tls_in_use;
 } MrdbConnection;

 typedef struct {
--- a/mariadb/connections.py
+++ b/mariadb/connections.py
@ -579,14 +579,18 @@ class Connection(mariadb._mariadb.connection):
        """TLS cipher suite if a secure connection is used."""

        self._check_closed()
-        return self._mariadb_get_info(INFO.SSL_CIPHER)
+        if self._tls:
+            return self._mariadb_get_info(INFO.SSL_CIPHER)
+        return None

    @property
    def tls_version(self):
        """TLS protocol version if a secure connection is used."""

        self._check_closed()
-        return self._mariadb_get_info(INFO.TLS_VERSION)
+        if self._tls:
+            return self._mariadb_get_info(INFO.TLS_VERSION)
+        return None

    @property
    def server_status(self):
--- a/mariadb/mariadb_connection.c
+++ b/mariadb/mariadb_connection.c
@ -186,6 +186,11 @@ PyMemberDef MrdbConnection_Members[] =
        offsetof(MrdbConnection, converter),
        0,
        "Conversion dictionary"},
+    {"_tls",
+        T_BOOL,
+        offsetof(MrdbConnection, tls_in_use),
+        0,
+        "Indicates if connection uses TLS/SSL"},
    {NULL} /* always last */
 };
 #if MARIADB_PACKAGE_VERSION_ID > 30301
@ -435,11 +440,8 @@ MrdbConnection_Initialize(MrdbConnection *self,
        if (mysql_options(self->mysql, MYSQL_OPT_SSL_CRLPATH, ssl_crlpath))
          goto end;
    }
-    if (ssl_verify_cert)
-    {
-        if (mysql_options(self->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (unsigned char *) &ssl_verify_cert))
-          goto end;
-    }
+    if (mysql_options(self->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (unsigned char *) &ssl_verify_cert))
+        goto end;
    if (tls_version)
    {
        if (mysql_options(self->mysql, MARIADB_OPT_TLS_VERSION, tls_version))
@ -454,6 +456,9 @@ MrdbConnection_Initialize(MrdbConnection *self,
        goto end;
    }

+    if (mysql_get_ssl_cipher(self->mysql))
+        self->tls_in_use= 1;
+
    mariadb_get_infov(self->mysql, MARIADB_CONNECTION_HOST, (void *)&self->host);

    has_error= 0;
--- a/setup.py
+++ b/setup.py
@ -30,7 +30,7 @@ PY_MARIADB_AUTHORS = "Georg Richter"

 PY_MARIADB_MAJOR_VERSION = 1
 PY_MARIADB_MINOR_VERSION = 1
-PY_MARIADB_PATCH_VERSION = 10
+PY_MARIADB_PATCH_VERSION = 11
 PY_MARIADB_PRE_RELEASE_SEGMENT = None
 PY_MARIADB_PRE_RELEASE_NR = 0
 PY_MARIADB_POST_RELEASE_SEGMENT = None