--- lbbs/src/database.c 2025/11/04 14:58:56 1.19 +++ lbbs/src/database.c 2025/11/27 11:24:46 1.27 @@ -6,23 +6,39 @@ * Copyright (C) 2004-2025 Leaflet */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "common.h" #include "database.h" #include "log.h" +#include +#include +#include #include -#include +#include +#include // Global declaration for database -char DB_host[256]; -char DB_username[50]; -char DB_password[50]; -char DB_database[50]; -char DB_timezone[50]; +char DB_ca_cert[FILE_PATH_LEN] = "conf/ca_cert.pem"; +char DB_host[DB_host_max_len + 1]; +char DB_username[DB_username_max_len + 1]; +char DB_password[DB_password_max_len + 1]; +char DB_database[DB_database_max_len + 1]; +char DB_timezone[DB_timezone_max_len + 1]; MYSQL *db_open() { MYSQL *db = NULL; +#ifdef HAVE_MARIADB_CLIENT + my_bool verify_server_cert = 0; +#else + unsigned int ssl_mode = SSL_MODE_PREFERRED; +#endif char sql[SQL_BUFFER_LEN]; + int fd; + int have_ca_cert = 0; db = mysql_init(NULL); if (db == NULL) @@ -31,6 +47,43 @@ MYSQL *db_open() return NULL; } + fd = open(DB_ca_cert, O_RDONLY); + if (fd == -1) + { + if (errno != ENOENT) + { + log_error("open(%s) error: %d\n", DB_ca_cert, errno); + } + } + else + { + close(fd); + have_ca_cert = 1; +#ifndef HAVE_MARIADB_CLIENT + ssl_mode = SSL_MODE_VERIFY_CA; +#endif + } + + if (mysql_ssl_set(db, NULL, NULL, (have_ca_cert ? DB_ca_cert : NULL), NULL, NULL) != 0) + { + log_error("mysql_ssl_set() error\n"); + return NULL; + } + +#ifdef HAVE_MARIADB_CLIENT + if (mysql_optionsv(db, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify_server_cert) != 0) + { + log_error("mysql_optionsv() error\n"); + return NULL; + } +#else + if (mysql_options(db, MYSQL_OPT_SSL_MODE, &ssl_mode) != 0) + { + log_error("mysql_options() error\n"); + return NULL; + } +#endif + if (mysql_real_connect(db, DB_host, DB_username, DB_password, DB_database, 0, NULL, 0) == NULL) {