diff options
3 files changed, 19 insertions, 1 deletions
diff --git a/Frameworks/SPMySQLFramework/Source/SPMySQLConnection Categories/Copying.m b/Frameworks/SPMySQLFramework/Source/SPMySQLConnection Categories/Copying.m index 022708b8..32efa375 100644 --- a/Frameworks/SPMySQLFramework/Source/SPMySQLConnection Categories/Copying.m +++ b/Frameworks/SPMySQLFramework/Source/SPMySQLConnection Categories/Copying.m @@ -54,6 +54,7 @@ [copy setSocketPath:socketPath]; [copy setUseSSL:useSSL]; [copy setSslKeyFilePath:sslKeyFilePath]; + [copy setSslCipherList:sslCipherList]; [copy setSslCertificatePath:sslCertificatePath]; [copy setSslCACertificatePath:sslCACertificatePath]; [copy setTimeout:timeout]; diff --git a/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.h b/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.h index 34b21043..1720fcf6 100644 --- a/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.h +++ b/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.h @@ -51,6 +51,7 @@ NSString *sslKeyFilePath; NSString *sslCertificatePath; NSString *sslCACertificatePath; + NSString *sslCipherList; // MySQL connection details and state struct st_mysql *mySQLConnection; @@ -143,6 +144,15 @@ @property (readwrite, retain) NSString *sslCertificatePath; @property (readwrite, retain) NSString *sslCACertificatePath; +/** + * List of supported ciphers for SSL/TLS connections. + * This is a colon-separated string of names as used by + * `openssl ciphers`. The order of entries specifies + * their preference (earlier = better). + * A value of nil (default) means SPMySQL will use its built-in cipher list. + */ +@property (readwrite, retain) NSString *sslCipherList; + @property (readwrite, assign) NSUInteger timeout; @property (readwrite, assign) BOOL useKeepAlive; @property (readwrite, assign) CGFloat keepAliveInterval; diff --git a/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.m b/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.m index 0d9d16ff..9fa5a9c8 100644 --- a/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.m +++ b/Frameworks/SPMySQLFramework/Source/SPMySQLConnection.m @@ -65,6 +65,7 @@ const char *SPMySQLSSLPermissibleCiphers = "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RS @synthesize sslKeyFilePath; @synthesize sslCertificatePath; @synthesize sslCACertificatePath; +@synthesize sslCipherList; @synthesize timeout; @synthesize useKeepAlive; @synthesize keepAliveInterval; @@ -217,6 +218,8 @@ const char *SPMySQLSSLPermissibleCiphers = "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RS [proxy setConnectionStateChangeSelector:NULL delegate:nil]; [proxy release]; } + + [self setSslCipherList:nil]; // Ensure the query lock is unlocked, thereafter setting to nil in case of pending calls if ([connectionLock condition] != SPMySQLConnectionIdle) { @@ -546,6 +549,7 @@ const char *SPMySQLSSLPermissibleCiphers = "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RS const char *theSSLKeyFilePath = NULL; const char *theSSLCertificatePath = NULL; const char *theCACertificatePath = NULL; + const char *theSSLCiphers = SPMySQLSSLPermissibleCiphers; if (sslKeyFilePath) { theSSLKeyFilePath = [[sslKeyFilePath stringByExpandingTildeInPath] UTF8String]; @@ -556,8 +560,11 @@ const char *SPMySQLSSLPermissibleCiphers = "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RS if (sslCACertificatePath) { theCACertificatePath = [[sslCACertificatePath stringByExpandingTildeInPath] UTF8String]; } + if(sslCipherList) { + theSSLCiphers = [sslCipherList UTF8String]; + } - mysql_ssl_set(theConnection, theSSLKeyFilePath, theSSLCertificatePath, theCACertificatePath, NULL, SPMySQLSSLPermissibleCiphers); + mysql_ssl_set(theConnection, theSSLKeyFilePath, theSSLCertificatePath, theCACertificatePath, NULL, theSSLCiphers); } MYSQL *connectionStatus = mysql_real_connect(theConnection, theHost, theUsername, thePassword, NULL, (unsigned int)port, theSocket, SPMySQLConnectionOptions); |