Bug #25547 Patch: Enable "requireSSLcert"
Submitted: 11 Jan 2007 14:43 Modified: 28 Jan 2022 8:42
Reporter: Lenz Grimmer Email Updates:
Status: Can't repeat Impact on me:
None 
Category:Connector / J Severity:S4 (Feature request)
Version:5.0.4 OS:Any
Assigned to: Mark Matthews CPU Architecture:Any
Tags: Contribution

[11 Jan 2007 14:43] Lenz Grimmer
Description:
This submission was taken from http://lists.mysql.com/internals/34026

Trying to follow directions at
 http://forge.mysql.com/wiki/Contributing
I include a diff -ur below.
I've not tried to update the documentation cause I don't understand
how it's generated.  I see lots of different formats.  Do they all
have to be modified separately?
In any case, what I've added is analogous to requireSSL:
   requireSSLcert (defaults to 'true')
   If requireSSLcert is true then the client requires a certificate
    from the server, otherwise it does not.
This is useful in java code that is to be downloaded as part of an
applet to run in a web page.  What one normally wants in that case 
is for the applet to contact the server and run without requiring 
the client to import additional certificates.

diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/ConnectionProperties.java
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ConnectionProperties.java
--- mysql-connector-java-5.0.4/src/com/mysql/jdbc/ConnectionProperties.java	2006-10-19
15:17:29.000000000 -0700
+++ mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ConnectionProperties.java	2006-10-25
14:52:34.000000000 -0700
@@ -1128,6 +1128,11 @@
 			"Require SSL connection if useSSL=true? (defaults to 'false').",
 			"3.1.0", SECURITY_CATEGORY, 3);
 
+	private BooleanConnectionProperty requireSSLcert = new BooleanConnectionProperty(
+			"requireSSLcert", true,
+			"Require SSL certificate if using SSL? (defaults to 'true').",
+			"3.1.0", SECURITY_CATEGORY, 3);
+
 	private StringConnectionProperty resourceId = new StringConnectionProperty(
 			"resourceId",
 			null, "A globally unique name that identifies the resource that this datasource or
connection is " +
@@ -2161,6 +2166,9 @@
 	public boolean getRequireSSL() {
 		return this.requireSSL.getValueAsBoolean();
 	}
+	public boolean getRequireSSLcert() {
+		return this.requireSSLcert.getValueAsBoolean();
+	}
 
 	protected boolean getRetainStatementAfterResultSetClose() {
 		return this.retainStatementAfterResultSetClose.getValueAsBoolean();
@@ -3224,6 +3232,9 @@
 	public void setRequireSSL(boolean property) {
 		this.requireSSL.setValue(property);
 	}
+	public void setRequireSSLcert(boolean property) {
+		this.requireSSLcert.setValue(property);
+	}
 
 	public void setRetainStatementAfterResultSetClose(boolean flag) {
 		this.retainStatementAfterResultSetClose.setValue(flag);
diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/ExportControlled.java
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ExportControlled.java
--- mysql-connector-java-5.0.4/src/com/mysql/jdbc/ExportControlled.java	2006-10-19
15:17:29.000000000 -0700
+++ mysql-connector-java-5.0.4+/src/com/mysql/jdbc/ExportControlled.java	2006-10-26
08:34:29.000000000 -0700
@@ -58,9 +58,14 @@
 	 */
 	protected static void transformSocketToSSLSocket(MysqlIO mysqlIO)
 			throws CommunicationsException {
-		javax.net.ssl.SSLSocketFactory sslFact = (javax.net.ssl.SSLSocketFactory)
javax.net.ssl.SSLSocketFactory
-				.getDefault();
-
+	    javax.net.ssl.SSLSocketFactory sslFact =
+		(mysqlIO.connection.getRequireSSLcert())
+		?
+		(javax.net.ssl.SSLSocketFactory)
+		javax.net.ssl.SSLSocketFactory.getDefault()
+		:
+		(TrustingSSLSocketFactory)
+		TrustingSSLSocketFactory.getDefault();
 		try {
 			mysqlIO.mysqlConnection = sslFact.createSocket(
 					mysqlIO.mysqlConnection, mysqlIO.host, mysqlIO.port, true);
@@ -91,4 +96,4 @@
 
 	private ExportControlled() { /* prevent instantiation */
 	}
-}
\ No newline at end of file
+}
diff -ur mysql-connector-java-5.0.4/src/com/mysql/jdbc/TrustingSSLSocketFactory.java
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/TrustingSSLSocketFactory.java
--- mysql-connector-java-5.0.4/src/com/mysql/jdbc/TrustingSSLSocketFactory.java	2006-10-26
11:04:34.000000000 -0700
+++
mysql-connector-java-5.0.4+/src/com/mysql/jdbc/TrustingSSLSocketFactory.java	2006-10-26
10:50:13.000000000 -0700
@@ -0,0 +1,75 @@
+package com.mysql.jdbc;
+import java.security.cert.*;
+import javax.net.*;
+import javax.net.ssl.*;
+import java.net.*;
+import java.io.*;
+import java.io.IOException;
+
+public class TrustingSSLSocketFactory extends SSLSocketFactory {
+    class MyX509TrustManager implements X509TrustManager {
+	public void checkClientTrusted
+	    (X509Certificate[] chain, String authType) {
+	    // return without complaint
+	}
+	public void checkServerTrusted
+	    (X509Certificate[] chain, String authType)
+	    throws CertificateException{
+	    // return without complaint
+	}
+	public X509Certificate[] getAcceptedIssuers() {
+	    return null;
+	}
+    }
+
+    private SSLSocketFactory factory;
+    public TrustingSSLSocketFactory() {
+	try {
+	    SSLContext sslcontext = SSLContext.getInstance( "TLS");
+	    sslcontext.init( null, // No KeyManager required
+			     new X509TrustManager[] { new MyX509TrustManager()},
+			     new java.security.SecureRandom());
+	    factory = ( SSLSocketFactory) sslcontext.getSocketFactory();
+
+	} catch( Exception ex) {
+	    ex.printStackTrace();
+	}
+    }
+
+    public static javax.net.ssl.SSLSocketFactory getDefault() {
+	return new TrustingSSLSocketFactory();
+    }
+
+    public Socket createSocket( Socket socket, String s, int i, boolean
+				flag)
+        throws IOException {
+	return factory.createSocket( socket, s, i, flag);
+    }
+
+    public Socket createSocket( InetAddress inaddr, int i,
+				InetAddress inaddr1, int j) throws IOException {
+	return factory.createSocket( inaddr, i, inaddr1, j);
+    }
+
+    public Socket createSocket( InetAddress inaddr, int i) throws
+	IOException {
+	return factory.createSocket( inaddr, i);
+    }
+
+    public Socket createSocket( String s, int i, InetAddress inaddr, int j)
+        throws IOException {
+	return factory.createSocket( s, i, inaddr, j);
+    }
+
+    public Socket createSocket( String s, int i) throws IOException {
+	return factory.createSocket( s, i);
+    }
+
+    public String[] getDefaultCipherSuites() {
+	return factory.getSupportedCipherSuites();
+    }
+
+    public String[] getSupportedCipherSuites() {
+	return factory.getSupportedCipherSuites();
+    }
+}

How to repeat:
Apply the patch.
[28 Jan 2022 8:42] Alexander Soklakov
Posted by developer:
 
This functionality is already implemented in Connector/J 5.1 and 8.0. See https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-security.html.