From: Peter van Dijk Date: Thu, 20 Jul 2023 12:23:02 +0000 (+0200) Subject: auth gmysql: deprecate gmysql-ssl flag, enable connection timeout X-Git-Tag: rec-5.1.0-alpha1~112^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5584d3b405abafea48e9855ef743eb4735b16ce0;p=thirdparty%2Fpdns.git auth gmysql: deprecate gmysql-ssl flag, enable connection timeout closes #12528 closes #12978 --- diff --git a/docs/backends/generic-mysql.rst b/docs/backends/generic-mysql.rst index 3c86bc9dc0..5695e9b618 100644 --- a/docs/backends/generic-mysql.rst +++ b/docs/backends/generic-mysql.rst @@ -136,7 +136,11 @@ Use the InnoDB READ-COMMITTED transaction isolation level. Default: yes. ``gmysql-ssl`` ^^^^^^^^^^^^^^^^^^ -Send the CLIENT_SSL capability flag to the server. SSL support is announced by the server via CLIENT_SSL and is enabled if the client returns the same capability. Default: no. +.. deprecated:: 5.0.0 + +Before 5.0.0: Send the CLIENT_SSL capability flag to the server. SSL support is announced by the server via CLIENT_SSL and is enabled if the client returns the same capability. Default: no. + +5.0.0 and up: this option does nothing. Use ``gmysql-group`` and put your TLS settings in ``my.cnf``. .. _setting-gmysql-timeout: diff --git a/modules/gmysqlbackend/smysql.cc b/modules/gmysqlbackend/smysql.cc index efcbffd18e..9a3452eca9 100644 --- a/modules/gmysqlbackend/smysql.cc +++ b/modules/gmysqlbackend/smysql.cc @@ -493,6 +493,7 @@ void SMySQL::connect() if (d_timeout) { mysql_options(&d_db, MYSQL_OPT_READ_TIMEOUT, &d_timeout); mysql_options(&d_db, MYSQL_OPT_WRITE_TIMEOUT, &d_timeout); + mysql_options(&d_db, MYSQL_OPT_CONNECT_TIMEOUT, &d_timeout); } #endif @@ -507,7 +508,7 @@ void SMySQL::connect() d_database.empty() ? nullptr : d_database.c_str(), d_port, d_msocket.empty() ? nullptr : d_msocket.c_str(), - (d_clientSSL ? CLIENT_SSL : 0) | CLIENT_MULTI_RESULTS)) { + CLIENT_MULTI_RESULTS)) { if (retry == 0) throw sPerrorException("Unable to connect to database");