Added SSLKEYLOGFILE support in mariadb client library

3 years ago · beb93196bc
parent 8f899e34f9
commit beb93196bc
5 changed files with 100 additions and 0 deletions
--- a/deps/Makefile
+++ b/deps/Makefile
@ -280,6 +280,10 @@ endif
 	# patches for x509 cache . See https://github.com/sysown/proxysql/issues/4117 (Slow connection time with SSL and large CA file , relevant on Aurora)
 	cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_lib.c < ../mariadb_lib.c.x509cache.patch
 	cd mariadb-client-library/mariadb_client && patch libmariadb/secure/openssl.c < ../openssl.c.x509cache.patch
+	cd mariadb-client-library/mariadb_client && patch include/mysql.h < ../mysql.h.sslkeylogfile.patch
+	cd mariadb-client-library/mariadb_client && patch include/ma_common.h < ../ma_common.h.sslkeylogfile.patch
+	cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_lib.c < ../mariadb_lib.c.sslkeylogfile.patch
+	cd mariadb-client-library/mariadb_client && patch libmariadb/secure/openssl.c < ../openssl.c.sslkeylogfile.patch
 	cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient
 #	cd mariadb-client-library/mariadb_client/include && make my_config.h

--- a/deps/mariadb-client-library/ma_common.h.sslkeylogfile.patch
+++ b/deps/mariadb-client-library/ma_common.h.sslkeylogfile.patch
@ -0,0 +1,14 @@
+@@ -78,12 +78,13 @@
+   my_bool (*set_option)(MYSQL *mysql, const char *config_option, const char *config_value);
+   HASH userdata;
+   char *server_public_key;
+   char *proxy_header;
+   size_t proxy_header_len;
+   int (*io_wait)(my_socket handle, my_bool is_read, int timeout);
+  void (*ssl_keylog_callback)(const void *ssl, const char *line);
+ };
+ 
+ typedef struct st_connection_handler
+ {
+   struct st_ma_connection_plugin *plugin;
+   void *data;
--- a/deps/mariadb-client-library/mariadb_lib.c.sslkeylogfile.patch
+++ b/deps/mariadb-client-library/mariadb_lib.c.sslkeylogfile.patch
@ -0,0 +1,32 @@
+@@ -3277,12 +3277,15 @@
+   case MYSQL_OPT_SSL_CRL:
+     OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_crl, (char *)arg1);
+     break;
+   case MYSQL_OPT_SSL_CRLPATH:
+     OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_crlpath, (char *)arg1);
+     break;
+  case MARIADB_OPT_SSL_KEYLOG_CALLBACK:
+    OPT_SET_EXTENDED_VALUE(&mysql->options, ssl_keylog_callback, arg1);
+    break;
+   case MYSQL_OPT_CONNECT_ATTR_DELETE:
+     {
+       uchar *h;
+       CHECK_OPT_EXTENSION_SET(&mysql->options);
+       if (hash_inited(&mysql->options.extension->connect_attrs) &&
+           (h= (uchar *)hash_search(&mysql->options.extension->connect_attrs, (uchar *)arg1,
+@@ -3614,12 +3617,15 @@
+   case MYSQL_OPT_SSL_CRL:
+     *((char **)arg)= mysql->options.extension ? mysql->options.ssl_cipher : NULL;
+     break;
+   case MYSQL_OPT_SSL_CRLPATH:
+     *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_crlpath : NULL;
+     break;
+  case MARIADB_OPT_SSL_KEYLOG_CALLBACK:
+    *((void(**)(const void *, const char *))arg)= mysql->options.extension ? mysql->options.extension->ssl_keylog_callback : NULL;
+    break;
+   case MYSQL_OPT_CONNECT_ATTRS:
+     /* mysql_get_optionsv(mysql, MYSQL_OPT_CONNECT_ATTRS, keys, vals, elements) */
+     {
+       unsigned int i, *elements;
+       char **key= NULL;
+       void *arg1;
--- a/deps/mariadb-client-library/mysql.h.sslkeylogfile.patch
+++ b/deps/mariadb-client-library/mysql.h.sslkeylogfile.patch
@ -0,0 +1,16 @@
+@@ -242,13 +242,14 @@
+     MARIADB_OPT_DEBUG,
+     MARIADB_OPT_FOUND_ROWS,
+     MARIADB_OPT_MULTI_RESULTS,
+     MARIADB_OPT_MULTI_STATEMENTS,
+     MARIADB_OPT_INTERACTIVE,
+     MARIADB_OPT_PROXY_HEADER,
+-    MARIADB_OPT_IO_WAIT
+    MARIADB_OPT_IO_WAIT,
+    MARIADB_OPT_SSL_KEYLOG_CALLBACK
+   };
+ 
+   enum mariadb_value {
+     MARIADB_CHARSET_ID,
+     MARIADB_CHARSET_NAME,
+     MARIADB_CLIENT_ERRORS,
--- a/deps/mariadb-client-library/openssl.c.sslkeylogfile.patch
+++ b/deps/mariadb-client-library/openssl.c.sslkeylogfile.patch
@ -0,0 +1,34 @@
+@@ -526,12 +526,19 @@
+   memset(buf, 0, size);
+   if (userdata)
+     strncpy(buf, (char *)userdata, size);
+   return (int)strlen(buf);
+ }
+ 
+static void ma_tls_set_sslkeylog_callback(MYSQL *mysql, SSL_CTX *ssl_ctx) 
+{
+ if (mysql->options.extension && mysql->options.extension->ssl_keylog_callback)
+  {
+    SSL_CTX_set_keylog_callback(ssl_ctx, (void(*)(const SSL*, const char*))mysql->options.extension->ssl_keylog_callback);
+  }
+}
+ 
+ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
+ {
+   char *certfile= mysql->options.ssl_cert,
+        *keyfile= mysql->options.ssl_key;
+   char *pw= (mysql->options.extension) ?
+@@ -653,12 +660,13 @@
+   if (!(ctx= SSL_CTX_new(SSLv23_client_method())))
+ #endif
+     goto error;
+   if (mysql->options.extension)
+     options|= ma_tls_version_options(mysql->options.extension->tls_version);
+   SSL_CTX_set_options(ctx, options);
+  ma_tls_set_sslkeylog_callback(mysql, ctx);
+ #ifdef HAVE_TLS_SESSION_CACHE
+   SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
+   ma_tls_sessions= (MA_SSL_SESSION *)calloc(1, sizeof(struct st_ma_tls_session) * ma_tls_session_cache_size);
+   SSL_CTX_sess_set_new_cb(ctx, ma_tls_session_cb);
+   SSL_CTX_sess_set_remove_cb(ctx, ma_tls_remove_session_cb);
+ #endif