From beb93196bc31d86b04a66c03e6fbdd74786eaf88 Mon Sep 17 00:00:00 2001 From: Rahim Kanji Date: Tue, 6 Jun 2023 00:12:24 +0500 Subject: [PATCH] Added SSLKEYLOGFILE support in mariadb client library --- deps/Makefile | 4 +++ .../ma_common.h.sslkeylogfile.patch | 14 ++++++++ .../mariadb_lib.c.sslkeylogfile.patch | 32 +++++++++++++++++ .../mysql.h.sslkeylogfile.patch | 16 +++++++++ .../openssl.c.sslkeylogfile.patch | 34 +++++++++++++++++++ 5 files changed, 100 insertions(+) create mode 100644 deps/mariadb-client-library/ma_common.h.sslkeylogfile.patch create mode 100644 deps/mariadb-client-library/mariadb_lib.c.sslkeylogfile.patch create mode 100644 deps/mariadb-client-library/mysql.h.sslkeylogfile.patch create mode 100644 deps/mariadb-client-library/openssl.c.sslkeylogfile.patch diff --git a/deps/Makefile b/deps/Makefile index 1a1c990078..dbe495c001 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -280,6 +280,10 @@ endif # patches for x509 cache . See https://github.com/sysown/proxysql/issues/4117 (Slow connection time with SSL and large CA file , relevant on Aurora) cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_lib.c < ../mariadb_lib.c.x509cache.patch cd mariadb-client-library/mariadb_client && patch libmariadb/secure/openssl.c < ../openssl.c.x509cache.patch + cd mariadb-client-library/mariadb_client && patch include/mysql.h < ../mysql.h.sslkeylogfile.patch + cd mariadb-client-library/mariadb_client && patch include/ma_common.h < ../ma_common.h.sslkeylogfile.patch + cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_lib.c < ../mariadb_lib.c.sslkeylogfile.patch + cd mariadb-client-library/mariadb_client && patch libmariadb/secure/openssl.c < ../openssl.c.sslkeylogfile.patch cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient # cd mariadb-client-library/mariadb_client/include && make my_config.h diff --git a/deps/mariadb-client-library/ma_common.h.sslkeylogfile.patch b/deps/mariadb-client-library/ma_common.h.sslkeylogfile.patch new file mode 100644 index 0000000000..af13a9449c --- /dev/null +++ b/deps/mariadb-client-library/ma_common.h.sslkeylogfile.patch @@ -0,0 +1,14 @@ +@@ -78,12 +78,13 @@ + my_bool (*set_option)(MYSQL *mysql, const char *config_option, const char *config_value); + HASH userdata; + char *server_public_key; + char *proxy_header; + size_t proxy_header_len; + int (*io_wait)(my_socket handle, my_bool is_read, int timeout); ++ void (*ssl_keylog_callback)(const void *ssl, const char *line); + }; + + typedef struct st_connection_handler + { + struct st_ma_connection_plugin *plugin; + void *data; diff --git a/deps/mariadb-client-library/mariadb_lib.c.sslkeylogfile.patch b/deps/mariadb-client-library/mariadb_lib.c.sslkeylogfile.patch new file mode 100644 index 0000000000..e0245b5828 --- /dev/null +++ b/deps/mariadb-client-library/mariadb_lib.c.sslkeylogfile.patch @@ -0,0 +1,32 @@ +@@ -3277,12 +3277,15 @@ + case MYSQL_OPT_SSL_CRL: + OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_crl, (char *)arg1); + break; + case MYSQL_OPT_SSL_CRLPATH: + OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_crlpath, (char *)arg1); + break; ++ case MARIADB_OPT_SSL_KEYLOG_CALLBACK: ++ OPT_SET_EXTENDED_VALUE(&mysql->options, ssl_keylog_callback, arg1); ++ break; + case MYSQL_OPT_CONNECT_ATTR_DELETE: + { + uchar *h; + CHECK_OPT_EXTENSION_SET(&mysql->options); + if (hash_inited(&mysql->options.extension->connect_attrs) && + (h= (uchar *)hash_search(&mysql->options.extension->connect_attrs, (uchar *)arg1, +@@ -3614,12 +3617,15 @@ + case MYSQL_OPT_SSL_CRL: + *((char **)arg)= mysql->options.extension ? mysql->options.ssl_cipher : NULL; + break; + case MYSQL_OPT_SSL_CRLPATH: + *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_crlpath : NULL; + break; ++ case MARIADB_OPT_SSL_KEYLOG_CALLBACK: ++ *((void(**)(const void *, const char *))arg)= mysql->options.extension ? mysql->options.extension->ssl_keylog_callback : NULL; ++ break; + case MYSQL_OPT_CONNECT_ATTRS: + /* mysql_get_optionsv(mysql, MYSQL_OPT_CONNECT_ATTRS, keys, vals, elements) */ + { + unsigned int i, *elements; + char **key= NULL; + void *arg1; diff --git a/deps/mariadb-client-library/mysql.h.sslkeylogfile.patch b/deps/mariadb-client-library/mysql.h.sslkeylogfile.patch new file mode 100644 index 0000000000..793d16f17d --- /dev/null +++ b/deps/mariadb-client-library/mysql.h.sslkeylogfile.patch @@ -0,0 +1,16 @@ +@@ -242,13 +242,14 @@ + MARIADB_OPT_DEBUG, + MARIADB_OPT_FOUND_ROWS, + MARIADB_OPT_MULTI_RESULTS, + MARIADB_OPT_MULTI_STATEMENTS, + MARIADB_OPT_INTERACTIVE, + MARIADB_OPT_PROXY_HEADER, +- MARIADB_OPT_IO_WAIT ++ MARIADB_OPT_IO_WAIT, ++ MARIADB_OPT_SSL_KEYLOG_CALLBACK + }; + + enum mariadb_value { + MARIADB_CHARSET_ID, + MARIADB_CHARSET_NAME, + MARIADB_CLIENT_ERRORS, diff --git a/deps/mariadb-client-library/openssl.c.sslkeylogfile.patch b/deps/mariadb-client-library/openssl.c.sslkeylogfile.patch new file mode 100644 index 0000000000..631250e4cb --- /dev/null +++ b/deps/mariadb-client-library/openssl.c.sslkeylogfile.patch @@ -0,0 +1,34 @@ +@@ -526,12 +526,19 @@ + memset(buf, 0, size); + if (userdata) + strncpy(buf, (char *)userdata, size); + return (int)strlen(buf); + } + ++static void ma_tls_set_sslkeylog_callback(MYSQL *mysql, SSL_CTX *ssl_ctx) ++{ ++ if (mysql->options.extension && mysql->options.extension->ssl_keylog_callback) ++ { ++ SSL_CTX_set_keylog_callback(ssl_ctx, (void(*)(const SSL*, const char*))mysql->options.extension->ssl_keylog_callback); ++ } ++} + + static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl) + { + char *certfile= mysql->options.ssl_cert, + *keyfile= mysql->options.ssl_key; + char *pw= (mysql->options.extension) ? +@@ -653,12 +660,13 @@ + if (!(ctx= SSL_CTX_new(SSLv23_client_method()))) + #endif + goto error; + if (mysql->options.extension) + options|= ma_tls_version_options(mysql->options.extension->tls_version); + SSL_CTX_set_options(ctx, options); ++ ma_tls_set_sslkeylog_callback(mysql, ctx); + #ifdef HAVE_TLS_SESSION_CACHE + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT); + ma_tls_sessions= (MA_SSL_SESSION *)calloc(1, sizeof(struct st_ma_tls_session) * ma_tls_session_cache_size); + SSL_CTX_sess_set_new_cb(ctx, ma_tls_session_cb); + SSL_CTX_sess_set_remove_cb(ctx, ma_tls_remove_session_cb); + #endif