-
OpenSSL is ending support for version 1.0.1 in December 2016; see https://www.openssl.org/policies/releasestrat.html. Consequently, Connector/C++ Commercial builds now use version 1.0.2 rather than version 1.0.1, and the linked OpenSSL library for the Connector/C++ Commercial has been updated from version 1.0.1 to version 1.0.2j. For a description of issues fixed in this version, see https://www.openssl.org/news/vulnerabilities.html.
This change does not affect Oracle-produced MySQL Community builds of Connector/C++, which use the yaSSL library instead.
-
Connector/C++ now supports a
OPT_TLS_VERSION
connection option for specifying the protocols permitted for encrypted connections. The option value is string containing a comma-separated list of one or more protocol versions. Example:connection_properties["OPT_TLS_VERSION"] = sql::SQLString("TLSv1.1,TLSv1.2");
The permitted values depend on the SSL library used to compile MySQL:
TLSv1
,TLSv1.1
,TLSv1.2
if OpenSSL was used;TLSv1
andTLSv1.1
if yaSSL was used. The default is to permit all available protocols.For more information about TLS protocols in MySQL, see Encrypted Connection TLS Protocols and Ciphers. (Bug #23496967)
-
Connector/C++ now supports a
OPT_SSL_MODE
connection option for specifying the security state of the connection to the server. Permitted option values areSSL_MODE_PREFERRED
(the default),SSL_MODE_DISABLED
,SSL_MODE_REQUIRED
,SSL_MODE_VERIFY_CA
, andSSL_MODE_VERIFY_IDENTITY
. These values correspond to the values of the--ssl-mode
option supported by MySQL client programs; see Command Options for Encrypted Connections. For example, this setting specifies that the connection should be unencrypted:connection_properties["OPT_SSL_MODE"] = sql::SSL_MODE_DISABLED;
The
OPT_SSL_MODE
option comprises the capabilities of thesslEnforce
andsslVerify
connection options. Consequently, both of those options are now deprecated. (Bug #23496952) Connector/C++ now supports
OPT_MAX_ALLOWED_PACKET
andOPT_NET_BUFFER_LENGTH
connection options. Each option takes a numeric value. They correspond to theMYSQL_OPT_MAX_ALLOWED_PACKET
andMYSQL_OPT_NET_BUFFER_LENGTH
options for themysql_options()
C API function.Issues compiling Connector/C++ under Visual Studio 2015 were corrected.
A segmentation fault could occur for attempts to insert a large string using a prepared statement. (Bug #23212333, Bug #81213)
The certification verification checks that are enabled by the
verifySSL
connection option were not performed properly. (Bug #22931974)Connector/C++ failed to compile against a version of the MySQL C API older than 5.7. (Bug #22838573, Bug #80539, Bug #25201287)