From c92ee619c3e5aaa0a815283f6ad4b57353d3ce82 Mon Sep 17 00:00:00 2001 From: Austin Bonander Date: Mon, 13 Jan 2020 20:42:49 -0800 Subject: [PATCH] fix some behaviors with TLS in MySQL --- sqlx-core/src/mysql/connection.rs | 6 +++++- sqlx-core/src/mysql/protocol/ssl_request.rs | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/sqlx-core/src/mysql/connection.rs b/sqlx-core/src/mysql/connection.rs index aa237ff1d..2c2510494 100644 --- a/sqlx-core/src/mysql/connection.rs +++ b/sqlx-core/src/mysql/connection.rs @@ -206,6 +206,10 @@ impl MySqlConnection { client_capabilities |= Capabilities::CONNECT_WITH_DB; } + if cfg!(feature = "tls") { + client_capabilities |= Capabilities::SSL; + } + self.capabilities = (client_capabilities & handshake.server_capabilities) | Capabilities::PROTOCOL_41; @@ -462,7 +466,7 @@ impl MySqlConnection { // try to upgrade #[cfg(feature = "tls")] "PREFERRED" => if let Err(e) = self_.try_ssl(&url, None, true).await { - log::warn!("server does not support TLS"); + log::warn!("TLS handshake failed, falling back to insecure: {}", e); // fallback, redo connection self_ = Self::new(&url).await?; handshake = self_.receive_handshake(&url).await?; diff --git a/sqlx-core/src/mysql/protocol/ssl_request.rs b/sqlx-core/src/mysql/protocol/ssl_request.rs index 088081ca2..346827630 100644 --- a/sqlx-core/src/mysql/protocol/ssl_request.rs +++ b/sqlx-core/src/mysql/protocol/ssl_request.rs @@ -14,9 +14,11 @@ pub struct SslRequest { impl Encode for SslRequest { fn encode(&self, buf: &mut Vec, capabilities: Capabilities) { - // client capabilities : int<4> // SSL must be set or else it makes no sense to ask for an upgrade - buf.put_u32::((capabilities | Capabilities::SSL).bits() as u32); + assert!(capabilities.contains(Capabilities::SSL), "SSL bit must be set for Capabilities"); + + // client capabilities : int<4> + buf.put_u32::(capabilities.bits() as u32); // max packet size : int<4> buf.put_u32::(self.max_packet_size);