Bug#26555814 URI ssl-* and only socket should throw error (XAPI

imlpementation)

Author: silvakid

xapi/mysqlx_cc_internal.h

@@ -404,6 +404,8 @@ typedef struct mysqlx_session_options_struct
 
   std::bitset<LAST> m_options_used;
 
+  bool m_has_ssl = false;
+
   /*
     This struct extends cdk::ds::TCPIP to allow setting
     host and port at any time
@@ -469,6 +471,7 @@ typedef struct mysqlx_session_options_struct
   {
     Host_list &m_list;
     unsigned short priority = 0;
+    bool socket_only = true;
     Host_list::const_iterator &m_last_tcpip;
 #ifndef _WIN32
     Host_list::const_iterator &m_last_socket;
@@ -490,7 +493,8 @@ typedef struct mysqlx_session_options_struct
 
     void operator() (const TCPIP_t &ds_tcp)
     {
-       m_last_tcpip = m_list.emplace(priority, ds_tcp);
+      m_last_tcpip = m_list.emplace(priority, ds_tcp);
+      socket_only = false;
     }
 
 #ifndef _WIN32

xapi/session.cc

@@ -536,7 +536,6 @@ void mysqlx_session_options_struct::set_multiple_options(va_list args)
 
           ds = TCPIP_t(char_data);
           selected_type = TCPIP_type;
-
           break;
         case MYSQLX_OPT_PORT:
           uint_data = (va_arg(args, unsigned int));
@@ -601,10 +600,12 @@ void mysqlx_session_options_struct::set_multiple_options(va_list args)
         case MYSQLX_OPT_SSL_CA:
           char_data = va_arg(args, char*);
           set_ssl_ca(char_data);
+          m_has_ssl = true;
           break;
         case MYSQLX_OPT_SSL_MODE:
           uint_data = va_arg(args, unsigned int);
           set_ssl_mode(mysqlx_ssl_mode_t(uint_data));
+          m_has_ssl = true;
           break;
 #else
         case MYSQLX_OPT_SSL_MODE:
@@ -653,6 +654,7 @@ mysqlx_session_options_struct::get_multi_source() const
 #endif //_WIN32
 
     unsigned short m_priority;
+    bool m_socket_only = true;
 
     Sources_add(Host_sources& sources
                 ,cdk::ds::TCPIP::Options &tcp_opt
@@ -670,6 +672,7 @@ mysqlx_session_options_struct::get_multi_source() const
     void operator()(const cdk::ds::mysqlx::TCPIP& to_add)
     {
       m_sources.add(to_add, m_tcp_opt, m_priority);
+      m_socket_only = false;
     }
 
 #ifndef _WIN32
@@ -711,6 +714,10 @@ mysqlx_session_options_struct::get_multi_source() const
     it->second.visit(sources);
 
   }
+#ifndef _WIN32
+  if (sources.m_socket_only && m_has_ssl)
+    throw Mysqlx_exception("TLS connections over Unix domain socket are not supported");
+#endif
   return self->m_ms;
 }
 
@@ -825,6 +832,7 @@ void mysqlx_session_options_struct::key_val(const std::string& key, const std::s
 
   if (lc_key.find("ssl-", 0) == 0)
   {
+    m_has_ssl = true;
 #ifdef WITH_SSL
     if (lc_key == "ssl-ca")
     {

xapi/tests/xapi-t.cc

@@ -1632,6 +1632,45 @@ TEST_F(xapi, unix_socket)
 
   mysqlx_free_options(opt);
 
+
+  uri << "?ssl-mode=REQUIRED";
+
+  local_sess = mysqlx_get_session_from_url(uri.str().c_str(),
+                                           conn_error,
+                                           &conn_err_code);
+  if (local_sess)
+  {
+    mysqlx_session_close(local_sess);
+    FAIL() << "ssl-mode used on unix domain socket";
+  }
+
+  std::cout << "Expected connection error: " << conn_err_code << std::endl;
+
+  opt = mysqlx_session_options_new();
+
+  EXPECT_EQ(RESULT_OK,
+            mysqlx_session_option_set(opt,
+                                      OPT_SOCKET(m_xplugin_socket),
+                                      OPT_USER(m_xplugin_usr),
+                                      OPT_PWD(m_xplugin_pwd),
+                                      OPT_SSL_MODE(SSL_MODE_REQUIRED),
+                                      PARAM_END
+                                      )
+            );
+
+  local_sess = mysqlx_get_session_from_options(opt, conn_error, &conn_err_code);
+
+  mysqlx_free_options(opt);
+
+  if (local_sess)
+  {
+    mysqlx_session_close(local_sess);
+    FAIL() << "ssl-mode used on unix domain socket";
+  }
+
+  std::cout << "Expected connection error: " << conn_err_code << std::endl;
+
+
   std::cout << "Done" << std::endl;
 }
 #endif //_WIN32