Description:
This submission was taken from http://lists.mysql.com/internals/34026
Trying to follow directions at
http://forge.mysql.com/wiki/Contributing
I include a diff -ur below.
I've not tried to update the documentation cause I don't understand
how it's generated. I see lots of different formats. Do they all
have to be modified separately?
In any case, what I've added is analogous to requireSSL:
requireSSLcert (defaults to 'true')
If requireSSLcert is true then the client requires a certificate
from the server, otherwise it does not.
This is useful in java code that is to be downloaded as part of an
applet to run in a web page. What one normally wants in that case
is for the applet to contact the server and run without requiring
the client to import additional certificates.
diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/ConnectionProperties.java
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ConnectionProperties.java
--- mysql-connector-java-5.0.4/src/com/mysql/jdbc/ConnectionProperties.java 2006-10-19
15:17:29.000000000 -0700
+++ mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ConnectionProperties.java 2006-10-25
14:52:34.000000000 -0700
@@ -1128,6 +1128,11 @@
"Require SSL connection if useSSL=true? (defaults to 'false').",
"3.1.0", SECURITY_CATEGORY, 3);
+ private BooleanConnectionProperty requireSSLcert = new BooleanConnectionProperty(
+ "requireSSLcert", true,
+ "Require SSL certificate if using SSL? (defaults to 'true').",
+ "3.1.0", SECURITY_CATEGORY, 3);
+
private StringConnectionProperty resourceId = new StringConnectionProperty(
"resourceId",
null, "A globally unique name that identifies the resource that this datasource or
connection is " +
@@ -2161,6 +2166,9 @@
public boolean getRequireSSL() {
return this.requireSSL.getValueAsBoolean();
}
+ public boolean getRequireSSLcert() {
+ return this.requireSSLcert.getValueAsBoolean();
+ }
protected boolean getRetainStatementAfterResultSetClose() {
return this.retainStatementAfterResultSetClose.getValueAsBoolean();
@@ -3224,6 +3232,9 @@
public void setRequireSSL(boolean property) {
this.requireSSL.setValue(property);
}
+ public void setRequireSSLcert(boolean property) {
+ this.requireSSLcert.setValue(property);
+ }
public void setRetainStatementAfterResultSetClose(boolean flag) {
this.retainStatementAfterResultSetClose.setValue(flag);
diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/ExportControlled.java
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ExportControlled.java
--- mysql-connector-java-5.0.4/src/com/mysql/jdbc/ExportControlled.java 2006-10-19
15:17:29.000000000 -0700
+++ mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ExportControlled.java 2006-10-26
08:34:29.000000000 -0700
@@ -58,9 +58,14 @@
*/
protected static void transformSocketToSSLSocket(MysqlIO mysqlIO)
throws CommunicationsException {
- javax.net.ssl.SSLSocketFactory sslFact = (javax.net.ssl.SSLSocketFactory)
javax.net.ssl.SSLSocketFactory
- .getDefault();
-
+ javax.net.ssl.SSLSocketFactory sslFact =
+ (mysqlIO.connection.getRequireSSLcert())
+ ?
+ (javax.net.ssl.SSLSocketFactory)
+ javax.net.ssl.SSLSocketFactory.getDefault()
+ :
+ (TrustingSSLSocketFactory)
+ TrustingSSLSocketFactory.getDefault();
try {
mysqlIO.mysqlConnection = sslFact.createSocket(
mysqlIO.mysqlConnection, mysqlIO.host, mysqlIO.port, true);
@@ -91,4 +96,4 @@
private ExportControlled() { /* prevent instantiation */
}
-}
\ No newline at end of file
+}
diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/TrustingSSLSocketFactory.java
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/TrustingSSLSocketFactory.java
--- mysql-connector-java-5.0.4/src/com/mysql/jdbc/TrustingSSLSocketFactory.java 2006-10-26
11:04:34.000000000 -0700
+++
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/TrustingSSLSocketFactory.java 2006-10-26
10:50:13.000000000 -0700
@@ -0,0 +1,75 @@
+package com.mysql.jdbc;
+import java.security.cert.*;
+import javax.net.*;
+import javax.net.ssl.*;
+import java.net.*;
+import java.io.*;
+import java.io.IOException;
+
+public class TrustingSSLSocketFactory extends SSLSocketFactory {
+ class MyX509TrustManager implements X509TrustManager {
+ public void checkClientTrusted
+ (X509Certificate[] chain, String authType) {
+ // return without complaint
+ }
+ public void checkServerTrusted
+ (X509Certificate[] chain, String authType)
+ throws CertificateException{
+ // return without complaint
+ }
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ }
+
+ private SSLSocketFactory factory;
+ public TrustingSSLSocketFactory() {
+ try {
+ SSLContext sslcontext = SSLContext.getInstance( "TLS");
+ sslcontext.init( null, // No KeyManager required
+ new X509TrustManager[] { new MyX509TrustManager()},
+ new java.security.SecureRandom());
+ factory = ( SSLSocketFactory) sslcontext.getSocketFactory();
+
+ } catch( Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+ public static javax.net.ssl.SSLSocketFactory getDefault() {
+ return new TrustingSSLSocketFactory();
+ }
+
+ public Socket createSocket( Socket socket, String s, int i, boolean
+ flag)
+ throws IOException {
+ return factory.createSocket( socket, s, i, flag);
+ }
+
+ public Socket createSocket( InetAddress inaddr, int i,
+ InetAddress inaddr1, int j) throws IOException {
+ return factory.createSocket( inaddr, i, inaddr1, j);
+ }
+
+ public Socket createSocket( InetAddress inaddr, int i) throws
+ IOException {
+ return factory.createSocket( inaddr, i);
+ }
+
+ public Socket createSocket( String s, int i, InetAddress inaddr, int j)
+ throws IOException {
+ return factory.createSocket( s, i, inaddr, j);
+ }
+
+ public Socket createSocket( String s, int i) throws IOException {
+ return factory.createSocket( s, i);
+ }
+
+ public String[] getDefaultCipherSuites() {
+ return factory.getSupportedCipherSuites();
+ }
+
+ public String[] getSupportedCipherSuites() {
+ return factory.getSupportedCipherSuites();
+ }
+}
How to repeat:
Apply the patch.