8ac718f8496a6fbfbf00248a68e740a10c0bcf81
galt
  Tue Nov 26 00:42:19 2024 -0800
This change accomodates upgrade to openssl3.3 and mariadb10 using custom-compiled libmariadb.a. These files are in /cluster/software/maridb and /cluster/software/openssl. refs #34014,#27440. It also handles the new mariadb 10 and 11 that have configuration with ssl turned on by default.

diff --git src/hg/lib/jksql.c src/hg/lib/jksql.c
index 8a5f154..fa108dc 100644
--- src/hg/lib/jksql.c
+++ src/hg/lib/jksql.c
@@ -1114,38 +1114,49 @@
 if (addAsOpen)
     sc->node = dlAddValTail(sqlOpenConnections, sc);
 
 long oldTime = monitorEnterTime;
 monitorEnterTime = 0;
 monitorEnter();
 
 if ((sc->conn = conn = mysql_init(NULL)) == NULL)
     // no need for monitorLeave here
     errAbort("Couldn't connect to mySQL.");
 // Fix problem where client LOCAL setting is disabled by default for security
 mysql_options(conn, MYSQL_OPT_LOCAL_INFILE, NULL);
 
 // Boolean option to tell client to verify that the host server certificate Subject CN equals the hostname.
 // If turned on this can defeat Man-In-The-Middle attacks.
-if (sp->verifyServerCert && !sameString(sp->verifyServerCert,"0"))
+
+if (sp->verifyServerCert && !sameString(sp->verifyServerCert,"0")) // TURN VERIFICATION ON
     {
     #if !defined(MARIADB_VERSION_ID) && MYSQL_VERSION_ID >= 80000
     mysql_options(conn, MYSQL_OPT_SSL_MODE, SSL_MODE_REQUIRED);
     #else
     my_bool flag = TRUE;
     mysql_options(conn, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &flag);
     #endif
+
+    }
+else   // TURN VERIFICATION OFF
+    {
+    #if !defined(MARIADB_VERSION_ID) && MYSQL_VERSION_ID >= 80000 // OVER-RIDE DEFAULT COMPILED IN.
+    mysql_options(conn, MYSQL_OPT_SSL_MODE, SSL_MODE_PREFERRED);
+    #else
+    my_bool flag = FALSE;
+    mysql_options(conn, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &flag);
+    #endif
     }
 
 #if (MYSQL_VERSION_ID >= 50603) // mysql version "5.6.3"
     // If certificate revocation list file provided, set mysql option
     if (sp->crl)
 	mysql_options(conn, MYSQL_OPT_SSL_CRL, &sp->crl);
 
     // If path to directory with crl files provided, set mysql option
     if (sp->crlPath)
 	mysql_options(conn, MYSQL_OPT_SSL_CRLPATH, &sp->crlPath);
 #endif
 
 if (sp->key || sp->cert || sp->ca || sp->caPath || sp->cipher)
     mysql_ssl_set(conn, sp->key, sp->cert, sp->ca, sp->caPath, sp->cipher);