From cdc842356931bdec8383c2f2107040a2eb9cb198 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Wed, 14 Dec 2022 14:40:06 +0000 Subject: [PATCH] Adding some details on SSL and fast_forward implementation --- include/MySQL_Data_Stream.h | 9 ++++++++- lib/mysql_connection.cpp | 1 + lib/mysql_data_stream.cpp | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/MySQL_Data_Stream.h b/include/MySQL_Data_Stream.h index 19627975d..b8272879d 100644 --- a/include/MySQL_Data_Stream.h +++ b/include/MySQL_Data_Stream.h @@ -207,12 +207,19 @@ class MySQL_Data_Stream myconn=mc; myconn->statuses.myconnpoll_get++; mc->myds=this; + encrypted = false; // this is the default // we handle encryption for backend // // we have a similar code in MySQL_Connection // in case of ASYNC_CONNECT_SUCCESSFUL - encrypted = false; if (sess != NULL && sess->session_fast_forward == true) { + // if frontend and backend connection use SSL we will set + // encrypted = true and we will start using the SSL structure + // directly from P_MARIADB_TLS structure. + // + // For futher details: + // - without ssl: we use the file descriptor from mysql connection + // - with ssl: we use the SSL structure from mysql connection if (myconn->mysql && myconn->ret_mysql) { if (myconn->mysql->options.use_ssl == 1) { encrypted = true; diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp index c51df2fdd..cd58f3275 100644 --- a/lib/mysql_connection.cpp +++ b/lib/mysql_connection.cpp @@ -1118,6 +1118,7 @@ handler_again: // we handle encryption for backend // // we have a similar code in MySQL_Data_Stream::attach_connection() + // see there for further details if (mysql->options.use_ssl == 1) if (myds) if (myds->sess != NULL) diff --git a/lib/mysql_data_stream.cpp b/lib/mysql_data_stream.cpp index 66d3f0914..7e80ae292 100644 --- a/lib/mysql_data_stream.cpp +++ b/lib/mysql_data_stream.cpp @@ -532,7 +532,7 @@ int MySQL_Data_Stream::read_from_net() { r = recv(fd, queue_w_ptr(queueIN), s, 0); } } - } else { + } else { // encrypted == true /* if (!SSL_is_init_finished(ssl)) { int ret = SSL_do_handshake(ssl);