New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend SSL client API #289

Open

andreas-bok-sociomantic wants to merge 1 commit into sociomantic-tsunami:v6.x.x from andreas-bok-sociomantic:extend-ssl-api

Contributor

andreas-bok-sociomantic commented Apr 19, 2018 •

edited

Loading

Add client API functions to get the cipher name and
protocol version of the established connection

Update release notes


          Extend SSL client API

af445d6

Add client API functions to get the cipher name and
protocol version of the established connection

andreas-bok-sociomantic added the status-blocked label

andreas-bok-sociomantic added this to the v6.2.0 milestone

ben-palmer-sociomantic requested changes

View reviewed changes

Collaborator

ben-palmer-sociomantic left a comment

Few comments and a change requested.

include/libdrizzle-redux/ssl.h

@@ @@ -58,6 +58,36 @@ DRIZZLE_API @@
               drizzle_return_t drizzle_set_ssl(drizzle_st *con, const char *key,
                   const char *cert, const char *ca, const char *capath, const char *cipher);
+              /**
+               * @brief Get a pointer to the name of the cipher used current established
+               * connection.

Collaborator

ben-palmer-sociomantic Apr 25, 2018

used in the currently established connection?

include/libdrizzle-redux/ssl.h

+               * If the cipher is NULL, cipher is set to "(NONE)".
+               *
+               * param[in] con A connection object
+               * param[out] cipher reference to a const char pointer

Collaborator

ben-palmer-sociomantic Apr 25, 2018

Should Reference be capitalised?

include/libdrizzle-redux/ssl.h

+              /**
+               * @brief Get the string which indicates the SSL/TLS protocol version that first
+               * defined the cipher, or in the case the SSL/TLS protocol negotiated between
+               * client and server.

Collaborator

ben-palmer-sociomantic Apr 25, 2018

You need to reword the or in the case ... section.

include/libdrizzle-redux/ssl.h

+               * client and server.
+               *
+               * This is currently SSLv2 or TLSv1/SSLv3. In some cases it
+               * should possibly return "TLSv1.2" but does not;

Collaborator

ben-palmer-sociomantic Apr 25, 2018

Why doesn't it?

include/libdrizzle-redux/ssl.h

+               *
+               * This is currently SSLv2 or TLSv1/SSLv3. In some cases it
+               * should possibly return "TLSv1.2" but does not;
+               * If cipher is NULL, "(NONE)" `cipher` is set to "(NONE)".

Collaborator

ben-palmer-sociomantic Apr 25, 2018

"(NONE)" cipher is set to "(NONE)"?

src/ssl.cc

+                }
+                const SSL_CIPHER *cipher;
+                cipher = SSL_get_current_cipher((SSL *)con->ssl);

Collaborator

ben-palmer-sociomantic Apr 25, 2018

Why not combine the above two lines?

src/ssl.cc

+                *cipher_version = SSL_CIPHER_get_version(cipher);
+                return DRIZZLE_RETURN_OK;
+              }
               #else
               drizzle_return_t drizzle_set_ssl(drizzle_st*, const char*, const char*, const char*, const char*, const char*)

Collaborator

ben-palmer-sociomantic Apr 25, 2018

Is this now missing:

{
  return DRIZZLE_RETURN_INVALID_ARGUMENT;
}

Contributor Author

andreas-bok-sociomantic commented Apr 25, 2018

Thanks for the review. After reading a book on OpenSSL, it seems like the semantics of drizzle_get_cipher is actually different from what I originally though. Since we choose another solution internally for setting up encrypted connections. I will put this on hold for now

bokchan modified the milestones: v6.2.0, Future work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels