From bce35385b362db9c2949f01395ee9dc3b619605e Mon Sep 17 00:00:00 2001 From: Francis Dupont Date: Wed, 11 Jun 2025 16:48:20 +0200 Subject: [PATCH] [#3638] Added a second TLS check --- src/lib/mysql/testutils/mysql_schema.cc | 65 +++++++++++++++++++++++-- src/lib/mysql/testutils/mysql_schema.h | 5 ++ 2 files changed, 66 insertions(+), 4 deletions(-) diff --git a/src/lib/mysql/testutils/mysql_schema.cc b/src/lib/mysql/testutils/mysql_schema.cc index fd4f8b1534..9ecd4e70cc 100644 --- a/src/lib/mysql/testutils/mysql_schema.cc +++ b/src/lib/mysql/testutils/mysql_schema.cc @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -115,10 +116,57 @@ string getMySQLTlsServerVariable(string variable) { } MYSQL_ROW row = mysql_fetch_row(result); if (!row) { - isc_throw(DbOperationError, sql << " returned row is null"); + // This means the variable does not exist. + mysql_free_result(result); + return (""); + } + // first column is variable name e.g. 'have_ssl', second is the status. + string name(row[0]); + if (name != variable) { + isc_throw(DbOperationError, + sql << " returned a wrong name '" << name + << "', expected '" << variable << "'"); + } + string value(row[1]); + mysql_free_result(result); + return (value); + } catch (...) { + if (result) { + mysql_free_result(result); + } + throw; + } +} + +string getMySQLTlsStatusVariable(string variable) { + MYSQL_RES* result(0); + try { + DatabaseConnection::ParameterMap parameters = + DatabaseConnection::parse(validMySQLConnectionString()); + MySqlConnection conn(parameters); + conn.openDatabase(); + string sql("SHOW STATUS LIKE '"); + sql += variable; + sql += "'"; + if (mysql_query(conn.mysql_, sql.c_str())) { + isc_throw(DbOperationError, + sql << ": " << mysql_error(conn.mysql_)); } - // first column is 'have_ssl', second is the status. + result = mysql_use_result(conn.mysql_); + size_t count = mysql_num_fields(result); + if (count != 2) { + isc_throw(DbOperationError, + sql << " returned " << count << " rows, expecting 2"); + } + MYSQL_ROW row = mysql_fetch_row(result); + if (!row) { + // This means the variable does not exist. + mysql_free_result(result); + return (""); + } + // first column is variable name e.g. 'Ssl_cipher', second is the status. string name(row[0]); + util::str::lowercase(name); if (name != variable) { isc_throw(DbOperationError, sql << " returned a wrong name '" << name @@ -150,8 +198,17 @@ bool isMySQLTlsConfigured() { string getMySQLTlsServer() { string value = getMySQLTlsServerVariable("have_ssl"); - if (value == "YES" && !isMySQLTlsConfigured()) { - value = "UNCONFIGURED"; + if (value == "YES") { + if (!isMySQLTlsConfigured()) { + value = "UNCONFIGURED"; + } + } else if (value.empty()) { + value = getMySQLTlsStatusVariable("ssl_cipher"); + if (value.empty() || !isMySQLTlsConfigured()) { + value = "UNCONFIGURED"; + } else { + value = "YES"; + } } const string env("KEA_MYSQL_HAVE_SSL"); static_cast(setenv(env.c_str(), value.c_str(), 1)); diff --git a/src/lib/mysql/testutils/mysql_schema.h b/src/lib/mysql/testutils/mysql_schema.h index 9178bc59ba..0862c94933 100644 --- a/src/lib/mysql/testutils/mysql_schema.h +++ b/src/lib/mysql/testutils/mysql_schema.h @@ -116,6 +116,11 @@ bool isMySQLTlsConfigured(); /// @param variable The server global variable name std::string getMySQLTlsServerVariable(std::string variable); +/// @brief Get the status variable value +/// +/// @param variable The server global variable name +std::string getMySQLTlsStatusVariable(std::string variable); + } } } -- 2.47.3