[wix-devs] Discussion on fix Issue SqlExtension Incompatible with TLS 1.2 #5543
Rajeev Bansal (WSSC)
rajeev.bansal at microsoft.com
Thu Mar 15 17:45:11 PDT 2018
Please let me know in case any more info is required on it.
-----Original Message-----
From: Rajeev Bansal (WSSC)
Sent: Wednesday, March 14, 2018 12:24 PM
To: Bob Arnson <bob at firegiant.com>; WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
Subject: RE: Discussion on fix Issue SqlExtension Incompatible with TLS 1.2 #5543
Hi Bob,
Please find the attach .cpp file. Now I have removed the requirement of inclusion of sqlncli.h file and defined the macros etc (defined in sqlncli.h file) in the above .cpp file only.
So now the code changes for fixing the SqlExtension Incompatible with TLS 1.2 are in only one file, sqlutil.cpp file.
Documentation:
ExecuteSqlStrings uses SQLOLEDB to connect to DB, but SQLOLEDB does not have TLS1.2 support, so it gets failed.
The fix is to use SQL native Client to connect to DB as SQL native Client has TLS1.2 support.
Scenarios:
1. On Non-TLS1.2 enforced systems (here there is NO requirement to have SQL native Client installed on the system)
a. If the SQL native Client is installed on the system, then CoCreateInstance() call with SQLNCLI_CLSID will get pass.
b. If the SQL native Client is NOT installed on the system, then CoCreateInstance() call with SQLNCLI_CLSID will get fail, and then CoCreateInstance() call would be made with SQLOLEDB (Old behavior), and hence it will be able to connect to DB and hence will succeed.
2. On TLS1.2 enforced systems (here there is requirement to have SQL native Client installed on the system)
a. If the SQL native Client is installed on the system, then CoCreateInstance() call with SQLNCLI_CLSID will get pass.
b. If the SQL native Client is NOT installed on the system, then CoCreateInstance() call with SQLNCLI_CLSID will get fail, and then CoCreateInstance() call would be made with SQLOLEDB (Old behavior), and hence it will not be able to connect to DB and hence will fail.
Please let me know in case any more info is required on it.
Thanks,
Rajeev
-----Original Message-----
From: Bob Arnson <bob at firegiant.com>
Sent: Tuesday, March 13, 2018 9:06 PM
To: WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
Cc: Rajeev Bansal (WSSC) <Rajeev.Bansal at microsoft.com>
Subject: RE: Discussion on fix Issue SqlExtension Incompatible with TLS 1.2 #5543
1. Need to document the change for WixSqlExtension.
2. Rather than include sqlncli.h, can we use the progid? sqlncli.h is not marked redistributable, though it's just MIDL-generated.
-----Original Message-----
From: wix-devs <wix-devs-bounces at lists.wixtoolset.org> On Behalf Of Rajeev Bansal (WSSC) via wix-devs
Sent: Wednesday, 7 March, 2018 22:45
To: wix-devs at lists.wixtoolset.org
Cc: Rajeev Bansal (WSSC) <rajeev.bansal at microsoft.com>
Subject: Re: [wix-devs] Discussion on fix Issue SqlExtension Incompatible with TLS 1.2 #5543
I posted this yesterday, but seems blocked due to size.
Trying without attachment.
Thanks,
Rajeev
From: Rajeev Bansal (WSSC)
Sent: Wednesday, March 7, 2018 9:48 AM
To: 'wix-devs at lists.wixtoolset.org' <wix-devs at lists.wixtoolset.org>
Subject: Discussion on fix Issue SqlExtension Incompatible with TLS 1.2 #5543
Hi,
For the issue: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fwixtoolset%2Fissues%2Fissues%2F5543&data=04%7C01%7Crajeev.bansal%40microsoft.com%7Cddc40de7eabc476c5db708d588f81603%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636565521486504808%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=KfXFwTNW2EMOX9ppCZmCnsaoFNkOeUwZYF3yUT3Wzc8%3D&reserved=0 SqlExtension Incompatible with TLS 1.2 #5543
Here is the overview of how I am planning to fix it.
Root Cause and Fix
SQLOLEDB does not have TLS1.2 support, so need to use SQL native Client for it.
In the SqlConnectDatabase() API in file ..\wix3\src\libs\dutil\sqlutil.cpp
CoCreateInstance is being called with CLSID_SQLOLEDB as the first argument.
hr = ::CoCreateInstance(CLSID_SQLOLEDB, NULL, CLSCTX_INPROC_SERVER, IID_IDBInitialize, (LPVOID*)&pidbInitialize);
Fix would be to call it with SQLNCLI_CLSID and if that fails, then as a fallback call with CLSID_SQLOLEDB.
OLD CODE:
//obtain access to the SQLOLEDB provider
hr = ::CoCreateInstance(SQLNCLI_CLSID, NULL, CLSCTX_INPROC_SERVER,
IID_IDBInitialize, (LPVOID*)&pidbInitialize);
ExitOnFailure(hr, "failed to create IID_IDBInitialize object");
NEW CODE:
//obtain access to the SQLOLEDB provider
hr = ::CoCreateInstance(SQLNCLI_CLSID, NULL, CLSCTX_INPROC_SERVER,
IID_IDBInitialize, (LPVOID*)&pidbInitialize);
if (FAILED(hr))
{
hr = ::CoCreateInstance(CLSID_SQLOLEDB, NULL, CLSCTX_INPROC_SERVER,
IID_IDBInitialize, (LPVOID*)&pidbInitialize);
}
ExitOnFailure(hr, "failed to create IID_IDBInitialize object");
Other related changes:
1. SQLNCLI.h file has to be copied to ...\wix3\src\libs\dutil\inc folder 2. SQLNCLI.h has to be included in the ....\wix3\src\libs\dutil\dutil.vcxproj
3. SQLNCLI.h has to be included in the ....\wix3\src\ext\ca\serverca\scasched\precomp.h
4. SQLNCLI.h has to be included in the ....\wix3\src\libs\dutil\inc\sqlutil.h
5. #define _SQLNCLI_OLEDB_IGNORE_DEPRECATION_WARNING_ needs to be defined in file ..\wix3\src\libs\dutil\sqlutil.cpp
Attached is the header file that needs to be added to project.
Please let me know your thoughts on it.
Thanks,
Rajeev
____________________________________________________________________
WiX Toolset Developer Mailing List provided by FireGiant https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.firegiant.com%2F&data=04%7C01%7Crajeev.bansal%40microsoft.com%7Cddc40de7eabc476c5db708d588f81603%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636565521486504808%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=20XKZspnYulgM0xjSVT1uZ5Vk6FF%2FurCadPp1sHevj4%3D&reserved=0
More information about the wix-devs
mailing list