diff --git a/.github/workflows/windows.yaml b/.github/workflows/windows.yaml index e884493..f8dbf87 100644 --- a/.github/workflows/windows.yaml +++ b/.github/workflows/windows.yaml @@ -17,7 +17,7 @@ jobs: uses: actions/cache@v4 with: path: c:/mariadb-connector - key: mariadb-connector-c-${{ env.CONNECTOR_VERSION }}-win + key: mariadb-connector-c-${{ env.CONNECTOR_VERSION }}-win-2 - name: Download and Unzip Connector if: steps.cache-connector.outputs.cache-hit != 'true' @@ -27,15 +27,32 @@ jobs: unzip "mariadb-connector-c-${CONNECTOR_VERSION}-src.zip" -d c:/ mv "c:/mariadb-connector-c-${CONNECTOR_VERSION}-src" c:/mariadb-connector-src - - name: Build Connector + - name: make build directory if: steps.cache-connector.outputs.cache-hit != 'true' shell: cmd working-directory: c:/mariadb-connector-src run: | mkdir build - cd build - cmake -A x64 .. -DCMAKE_BUILD_TYPE=Release -DCLIENT_PLUGIN_DIALOG=static -DCLIENT_PLUGIN_SHA256_PASSWORD=static -DCLIENT_PLUGIN_CACHING_SHA2_PASSWORD=static + + - name: cmake + if: steps.cache-connector.outputs.cache-hit != 'true' + shell: cmd + working-directory: c:/mariadb-connector-src/build + run: | + cmake -A x64 .. -DCMAKE_BUILD_TYPE=Release -DCLIENT_PLUGIN_DIALOG=static -DCLIENT_PLUGIN_SHA256_PASSWORD=static -DCLIENT_PLUGIN_CACHING_SHA2_PASSWORD=static -DDEFAULT_SSL_VERIFY_SERVER_CERT=0 + + - name: cmake build + if: steps.cache-connector.outputs.cache-hit != 'true' + shell: cmd + working-directory: c:/mariadb-connector-src/build + run: | cmake --build . -j 8 --config Release + + - name: cmake install + if: steps.cache-connector.outputs.cache-hit != 'true' + shell: cmd + working-directory: c:/mariadb-connector-src/build + run: | cmake -DCMAKE_INSTALL_PREFIX=c:/mariadb-connector -DCMAKE_INSTALL_COMPONENT=Development -DCMAKE_BUILD_TYPE=Release -P cmake_install.cmake - name: Checkout mysqlclient diff --git a/src/MySQLdb/_mysql.c b/src/MySQLdb/_mysql.c index b9ec1c1..1468f3e 100644 --- a/src/MySQLdb/_mysql.c +++ b/src/MySQLdb/_mysql.c @@ -543,23 +543,30 @@ _mysql_ConnectionObject_Initialize( mysql_options(&(self->connection), MYSQL_OPT_SSL_CIPHER, cipher); } - if (ssl_mode_set) { #ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE + if (ssl_mode_set) { mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode_num); + } #else - // MariaDB doesn't support MYSQL_OPT_SSL_MODE. - // See https://github.com/PyMySQL/mysqlclient/issues/474 - // TODO: Does MariaDB supports PREFERRED and VERIFY_CA? - // We support only two levels for now. - my_bool enforce_tls = 1; - if (ssl_mode_num >= SSLMODE_REQUIRED) { - mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_ENFORCE, (void *)&enforce_tls); - } - if (ssl_mode_num >= SSLMODE_VERIFY_CA) { - mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (void *)&enforce_tls); - } -#endif + // MariaDB doesn't support MYSQL_OPT_SSL_MODE. + // See https://github.com/PyMySQL/mysqlclient/issues/474 + // And MariDB 11.4 changed the default value of MYSQL_OPT_SSL_ENFORCE and + // MYSQL_OPT_SSL_VERIFY_SERVER_CERT to 1. + // https://github.com/mariadb-corporation/mariadb-connector-c/commit/8dffd56936df3d03eeccf47904773860a0cdeb57 + // We emulate the ssl_mode and old behavior. + my_bool my_true = 1; + my_bool my_false = 0; + if (ssl_mode_num >= SSLMODE_REQUIRED) { + mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_ENFORCE, (void *)&my_true); + } else { + mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_ENFORCE, (void *)&my_false); + } + if (ssl_mode_num >= SSLMODE_VERIFY_CA) { + mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (void *)&my_true); + } else { + mysql_optionsv(&(self->connection), MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (void *)&my_false); } +#endif if (charset) { mysql_options(&(self->connection), MYSQL_SET_CHARSET_NAME, charset); @@ -573,12 +580,9 @@ _mysql_ConnectionObject_Initialize( port, unix_socket, client_flag); Py_END_ALLOW_THREADS - if (ssl) { - int i; - for (i=0; i