Changed version number from RC to stable

Fixed bug in Yassle to get correct error messages in case of errors Provide better error messages in case of ssl connect failure Updated out-of-date ssl certificates to fix failing mysql-test-system (certificates now active for 10 years) Fixed bug in query_cache that could cause asserts and hangs in DEBUG builds. Fixed bug where one connection did not see changes done by another connection. configure.in: Changed version number from RC to stable extra/yassl/src/yassl_error.cpp: Fixed bug in Yassle to get correct error messages in case of errors - 'error' is an enum that hold more error numbers than the enum was defined for include/violite.h: Added error output string for sslaccept() and sslconnect() to get reason for connect failure mysql-test/mysql-test-run.pl: Write failed test cases if mysql-test-run fails because of too many errors mysql-test/r/grant.result: Update results to reflect new certificates mysql-test/r/openssl_1.result: Update results to reflect new certificates mysql-test/std_data/cacert.pem: Update ssl certificate mysql-test/std_data/client-cert.pem: Update ssl certificate mysql-test/std_data/client-key.pem: Update ssl certificate mysql-test/std_data/server-cert.pem: Update ssl certificate mysql-test/std_data/server-key.pem: Update ssl certificate mysql-test/t/grant.test: Update test to reflect new certificates mysql-test/t/openssl_1.test: Update test to reflect new certificates mysql-test/t/query_cache_debug.test: Remove 'big_test' as test is now fast sql-common/client.c: Give a better error message if ssl connect fails sql/net_serv.cc: Fixed compiler warnings sql/slave.cc: Give a better error message in logs if ssl connect fails sql/sql_cache.cc: debug_wait_for_kill() now removes the set watch variable after kill signal This is needed as invalidate_table() may be called twice for one query. Ensure that net->query_cache_query is reset after query. This fixes assert in query_cache_end_of_result() if query_cache_query holds results from previous query. Removed DBUG_ASSERT(0), as this code can be run by query_cache_debug.test sql/sql_connect.cc: Give a better error message if ssl connect fails sql/sql_parse.cc: Fixed bug where one connection did not see changes done by another connection. For statements that changes tables, close_thread_tables() MUST be called before sending OK as a table handler may not make the changes available for other connections before unlock_tables(). vio/viossl.c: Give a better error message if ssl connect fails

Changed version number from RC to stable
Fixed bug in Yassle to get correct error messages in case of errors Provide better error messages in case of ssl connect failure Updated out-of-date ssl certificates to fix failing mysql-test-system (certificates now active for 10 years) Fixed bug in query_cache that could cause asserts and hangs in DEBUG builds. Fixed bug where one connection did not see changes done by another connection. configure.in: Changed version number from RC to stable extra/yassl/src/yassl_error.cpp: Fixed bug in Yassle to get correct error messages in case of errors - 'error' is an enum that hold more error numbers than the enum was defined for include/violite.h: Added error output string for sslaccept() and sslconnect() to get reason for connect failure mysql-test/mysql-test-run.pl: Write failed test cases if mysql-test-run fails because of too many errors mysql-test/r/grant.result: Update results to reflect new certificates mysql-test/r/openssl_1.result: Update results to reflect new certificates mysql-test/std_data/cacert.pem: Update ssl certificate mysql-test/std_data/client-cert.pem: Update ssl certificate mysql-test/std_data/client-key.pem: Update ssl certificate mysql-test/std_data/server-cert.pem: Update ssl certificate mysql-test/std_data/server-key.pem: Update ssl certificate mysql-test/t/grant.test: Update test to reflect new certificates mysql-test/t/openssl_1.test: Update test to reflect new certificates mysql-test/t/query_cache_debug.test: Remove 'big_test' as test is now fast sql-common/client.c: Give a better error message if ssl connect fails sql/net_serv.cc: Fixed compiler warnings sql/slave.cc: Give a better error message in logs if ssl connect fails sql/sql_cache.cc: debug_wait_for_kill() now removes the set watch variable after kill signal This is needed as invalidate_table() may be called twice for one query. Ensure that net->query_cache_query is reset after query. This fixes assert in query_cache_end_of_result() if query_cache_query holds results from previous query. Removed DBUG_ASSERT(0), as this code can be run by query_cache_debug.test sql/sql_connect.cc: Give a better error message if ssl connect fails sql/sql_parse.cc: Fixed bug where one connection did not see changes done by another connection. For statements that changes tables, close_thread_tables() MUST be called before sending OK as a table handler may not make the changes available for other connections before unlock_tables(). vio/viossl.c: Give a better error message if ssl connect fails
4847e50d · Michael Widenius · a0417475 · 89b1bb0b · 4847e50d · 4847e50d
Commit 4847e50d authored Jan 29, 2010 by Michael Widenius
21 changed files
--- a/configure.in
+++ b/configure.in
@@ -10,7 +10,7 @@ AC_CANONICAL_SYSTEM
 #
 # When changing major version number please also check switch statement
 # in mysqlbinlog::check_master_version().
-AM_INIT_AUTOMAKE(mysql, 5.1.42-MariaDB-rc)
+AM_INIT_AUTOMAKE(mysql, 5.1.42-MariaDB)
 AM_CONFIG_HEADER([include/config.h:config.h.in])

 # Request support for automake silent-rules if available.

--- a/extra/yassl/src/yassl_error.cpp
+++ b/extra/yassl/src/yassl_error.cpp
@@ -60,7 +60,7 @@ void SetErrorString(YasslError error, char* buffer)
    using namespace TaoCrypt;
    const int max = MAX_ERROR_SZ;  // shorthand

-    switch (error) {
+    switch ((int) error) {

        // yaSSL proper errors
    case range_error :

--- a/include/violite.h
+++ b/include/violite.h
@@ -123,8 +123,8 @@ struct st_VioSSLFd
  SSL_CTX *ssl_context;
 };

-int sslaccept(struct st_VioSSLFd*, Vio *, long timeout);
-int sslconnect(struct st_VioSSLFd*, Vio *, long timeout);
+int sslaccept(struct st_VioSSLFd*, Vio *, long timeout, char *error_string);
+int sslconnect(struct st_VioSSLFd*, Vio *, long timeout, char *error_string);

 struct st_VioSSLFd
 *new_VioSSLConnectorFd(const char *key_file, const char *cert_file,

--- a/mysql-test/mysql-test-run.pl
+++ b/mysql-test/mysql-test-run.pl
@@ -413,7 +413,6 @@ sub main {
    # Not all tests completed, failure
    mtr_report();
    mtr_report("Only ", int(@$completed), " of $num_tests completed.");
-    mtr_error("Not all tests completed");
  }

  mtr_print_line();
@@ -425,6 +424,10 @@ sub main {

  mtr_report_stats($fail, $completed, $extra_warnings);

+  if ( @$completed != $num_tests)
+  {
+    mtr_error("Not all tests completed");
+  }
  exit(0);
 }


--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@@ -29,15 +29,15 @@ show grants for mysqltest_1@localhost;
 Grants for mysqltest_1@localhost
 GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
 GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
-grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "MySQL AB";
+grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "Monty Program Ab";
 show grants for mysqltest_1@localhost;
 Grants for mysqltest_1@localhost
-GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
+GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'Monty Program Ab' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
 GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
 revoke all privileges on mysqltest.* from mysqltest_1@localhost;
 show grants for mysqltest_1@localhost;
 Grants for mysqltest_1@localhost
-GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
+GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'Monty Program Ab' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
 delete from mysql.user where user='mysqltest_1';
 flush privileges;
 delete from mysql.user where user='mysqltest_1';

--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -3,8 +3,10 @@ create table t1(f1 int);
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher
+"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
+grant select on test.* to ssl_user4@localhost require cipher
+"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org" ISSUER "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
 connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
@@ -44,9 +46,9 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1
 drop user ssl_user1@localhost, ssl_user2@localhost,
 ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
 drop table t1;
-mysqltest: Could not open connection 'default': 2026 SSL connection error
-mysqltest: Could not open connection 'default': 2026 SSL connection error
-mysqltest: Could not open connection 'default': 2026 SSL connection error
+mysqltest: Could not open connection 'default': 2026 SSL error: ASN: bad other signature confirmation
+mysqltest: Could not open connection 'default': 2026 SSL error: ASN: bad other signature confirmation
+mysqltest: Could not open connection 'default': 2026 SSL error: ASN: bad other signature confirmation
 SSL error: Unable to get private key from ''
 mysqltest: Could not open connection 'default': 2026 SSL connection error
 SSL error: Unable to get certificate from ''

--- a/mysql-test/std_data/cacert.pem
+++ b/mysql-test/std_data/cacert.pem
 -----BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIJAJXpePU0UOTVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
-VQQKEwhNeVNRTCBBQjAeFw0wOTAxMjgxMDQ5NDZaFw0xNDAxMjcxMDQ5NDZaMEQx
-CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
-MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-4XQHAe5R1+TXC8noZtWf+d5E0v1C59FWpn9SWEUCBjE5UiIwuJvi4Y+7xWGOXLAI
-/JzJx5gNXLBiTsE/zh0uX9fKlajLhxB0GN+QU0ZlpQ1BeYipEcNXeI/7cT499f6v
-XWabnTflivdCgHSWUOQ20/Lzs6kP6/e6OoZd/DPSjPECAwEAAaOBpjCBozAdBgNV
-HQ4EFgQU8uLqVWWkmuKsnZf1RWz294wRrd8wdAYDVR0jBG0wa4AU8uLqVWWkmuKs
-nZf1RWz294wRrd+hSKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxh
-MRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAJXpePU0UOTV
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMMTE5sDN+Z0ZlV7KvH3g
-6+aKvql8dTpRT3hYukeQlWua0nq74WPGVw0c4e/M/vbiMwmJcCYpB9pd4+dHqzSw
-aPyoenjY6UF8n7B4quWy3SIUk2LSHeJLW+kzJn2afN9gvipFhdVh/uU2TIyLGOur
-Z/vmJX2W7hF1uqPnbfa8Lrw=
+MIIDIjCCAougAwIBAgIJAJhuvLP+2mGwMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV
+BAYTAkZJMRAwDgYDVQQIEwdUdXVzdWxhMRkwFwYDVQQKExBNb250eSBQcm9ncmFt
+IEFiMS4wLAYJKoZIhvcNAQkBFh9hYnN0cmFjdC5kZXZlbG9wZXJAYXNrbW9udHku
+b3JnMB4XDTEwMDEyODIxNTcyNVoXDTEwMDIyNzIxNTcyNVowajELMAkGA1UEBhMC
+RkkxEDAOBgNVBAgTB1R1dXN1bGExGTAXBgNVBAoTEE1vbnR5IFByb2dyYW0gQWIx
+LjAsBgkqhkiG9w0BCQEWH2Fic3RyYWN0LmRldmVsb3BlckBhc2ttb250eS5vcmcw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIaY4pwbst50S32xJH3bSXhPGep
+6gx1AWwZKsHTXL3VeMO6PHmC8zu5HM0zbOcrIJcXL3YVnpmE4b9OQxIiMSx1Yd+U
+u8/sTkxgpsEKhCbIzECIwPhppyT/JP5aSXCadEvg+PSjikv8dOVkD68wVG4CcFIX
+MFttsPebBVzEokZZAgMBAAGjgc8wgcwwHQYDVR0OBBYEFOCKaNHFFPrju8AwzWxS
+f96IKfRwMIGcBgNVHSMEgZQwgZGAFOCKaNHFFPrju8AwzWxSf96IKfRwoW6kbDBq
+MQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVHV1c3VsYTEZMBcGA1UEChMQTW9udHkg
+UHJvZ3JhbSBBYjEuMCwGCSqGSIb3DQEJARYfYWJzdHJhY3QuZGV2ZWxvcGVyQGFz
+a21vbnR5Lm9yZ4IJAJhuvLP+2mGwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
+BQADgYEAsmCX2/k9AInq2qhXtnkLip6cB0iOerLTNAzEijZc/aVf4wUjkL3cqhmC
+kSTCwAHIOxp+ICwh6ky3xghXjoI9QnPFDVkRkzPT2tV0IoBaeQuI4e0CU2EY7L3P
+XoDqp3oq1XtVcr9ZZdP68fBYUG/qcrWcXWk45ZFaBmBv3TotsGk=
 -----END CERTIFICATE-----
--- a/mysql-test/std_data/client-cert.pem
+++ b/mysql-test/std_data/client-cert.pem
 Certificate:
    Data:
        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
+        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
+        Issuer: C=FI, ST=Tuusula, O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org
        Validity
-            Not Before: Jan 28 11:04:39 2009 GMT
-            Not After : Jan 28 11:04:39 2010 GMT
-        Subject: C=SE, ST=Uppsala, O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com
+            Not Before: Jan 28 22:01:38 2010 GMT
+            Not After : Dec  7 22:01:38 2019 GMT
+        Subject: C=FI, ST=Tuusula, O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:e1:52:30:2c:d9:be:64:28:91:5d:7a:fd:d9:e9:
-                    14:35:7a:d2:94:4e:91:46:e0:db:9f:6b:79:f4:4c:
-                    ac:6e:07:61:34:86:74:62:a7:a8:44:af:fa:87:87:
-                    a8:7d:42:61:ff:ab:50:d4:7b:bf:75:fa:d5:d5:b3:
-                    74:fb:56:1e:37
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bd:dc:3d:f8:3c:0b:d4:d2:c0:a3:9c:34:2d:e7:
+                    11:ff:4d:43:35:17:f6:0d:91:01:92:9e:4f:4d:c0:
+                    38:d5:62:03:55:33:db:66:a2:91:d3:f2:b6:23:34:
+                    95:53:50:3d:4f:e3:0c:d7:76:fd:f6:54:64:e6:f6:
+                    dc:70:74:7c:6b:74:41:59:b0:19:5d:62:90:3c:a7:
+                    c8:5e:21:8f:2b:22:6b:c7:43:9b:be:79:84:60:da:
+                    16:c9:ce:ee:fd:66:cb:54:81:e2:b5:1c:cf:f9:74:
+                    de:38:2b:28:d4:31:33:55:d2:30:1c:a3:e4:c2:c7:
+                    31:46:43:d5:33:3d:8a:0b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
-                58:30:B5:9B:2C:05:94:06:BA:3D:3C:F0:B2:CD:1D:67:65:E3:7F:85
+                BE:E6:DB:19:8D:DB:72:9A:85:EE:B2:B8:5D:E7:FF:61:DF:09:08:AF
            X509v3 Authority Key Identifier: 
-                keyid:F2:E2:EA:55:65:A4:9A:E2:AC:9D:97:F5:45:6C:F6:F7:8C:11:AD:DF
-                DirName:/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB
-                serial:95:E9:78:F5:34:50:E4:D5
+                keyid:E0:8A:68:D1:C5:14:FA:E3:BB:C0:30:CD:6C:52:7F:DE:88:29:F4:70

    Signature Algorithm: sha1WithRSAEncryption
-        05:19:e3:13:14:fc:c5:28:bf:69:f8:00:b3:25:cb:bd:ca:9f:
-        2f:4c:b3:a8:04:11:f0:74:27:bd:82:2c:b4:49:9b:a7:59:f0:
-        f7:87:d1:e0:ba:99:a2:fe:4b:1d:10:6f:e4:a2:b3:cd:7f:8b:
-        68:31:46:ee:cd:9e:e2:47:e1:4c:fa:74:d1:e2:8b:cc:a0:4b:
-        a8:24:d1:a4:c3:6b:2a:c6:28:cd:41:e0:06:48:e6:cf:f2:3c:
-        ca:37:95:d7:29:64:6b:91:91:83:e7:ac:c8:0b:87:bc:da:a6:
-        aa:f1:44:43:c8:74:7b:15:26:91:2e:03:c4:71:50:6c:f8:68:
-        dc:8c
+        41:95:6d:0a:a4:ee:af:68:cd:94:26:59:9a:18:b7:75:3c:c5:
+        0f:22:d3:5c:31:9b:85:a0:93:b3:f0:50:29:ba:1e:d3:5a:43:
+        0b:77:2d:98:87:a7:a7:39:0f:40:8d:03:d3:b3:67:43:77:bc:
+        3c:51:c2:f9:9e:7a:2d:39:c4:5c:16:d7:70:d6:74:d1:6c:e1:
+        6a:4d:fd:1f:10:af:64:3b:f4:64:e9:b2:b3:fb:c8:cd:c5:41:
+        cd:99:e0:ac:83:1d:81:2c:6b:99:ba:80:02:12:72:f7:3b:bb:
+        93:72:00:da:ff:d3:87:75:d2:3a:a4:ca:4d:c1:8b:c1:21:50:
+        cb:57
 -----BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJTRTEQ
-MA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlT
-UUwgQUIwHhcNMDkwMTI4MTEwNDM5WhcNMTAwMTI4MTEwNDM5WjBlMQswCQYDVQQG
-EwJTRTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxMTAvBgkq
-hkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wXDAN
-BgkqhkiG9w0BAQEFAANLADBIAkEA4VIwLNm+ZCiRXXr92ekUNXrSlE6RRuDbn2t5
-9EysbgdhNIZ0YqeoRK/6h4eofUJh/6tQ1Hu/dfrV1bN0+1YeNwIDAQABo4GjMIGg
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFFgwtZssBZQGuj088LLNHWdl43+FMHQGA1Ud
-IwRtMGuAFPLi6lVlpJrirJ2X9UVs9veMEa3foUikRjBEMQswCQYDVQQGEwJTRTEQ
-MA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlT
-UUwgQUKCCQCV6Xj1NFDk1TANBgkqhkiG9w0BAQUFAAOBgQAFGeMTFPzFKL9p+ACz
-Jcu9yp8vTLOoBBHwdCe9giy0SZunWfD3h9Hgupmi/ksdEG/korPNf4toMUbuzZ7i
-R+FM+nTR4ovMoEuoJNGkw2sqxijNQeAGSObP8jzKN5XXKWRrkZGD56zIC4e82qaq
-8URDyHR7FSaRLgPEcVBs+GjcjA==
+MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJGSTEQ
+MA4GA1UECBMHVHV1c3VsYTEZMBcGA1UEChMQTW9udHkgUHJvZ3JhbSBBYjEuMCwG
+CSqGSIb3DQEJARYfYWJzdHJhY3QuZGV2ZWxvcGVyQGFza21vbnR5Lm9yZzAeFw0x
+MDAxMjgyMjAxMzhaFw0xOTEyMDcyMjAxMzhaMGoxCzAJBgNVBAYTAkZJMRAwDgYD
+VQQIEwdUdXVzdWxhMRkwFwYDVQQKExBNb250eSBQcm9ncmFtIEFiMS4wLAYJKoZI
+hvcNAQkBFh9hYnN0cmFjdC5kZXZlbG9wZXJAYXNrbW9udHkub3JnMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC93D34PAvU0sCjnDQt5xH/TUM1F/YNkQGSnk9N
+wDjVYgNVM9tmopHT8rYjNJVTUD1P4wzXdv32VGTm9txwdHxrdEFZsBldYpA8p8he
+IY8rImvHQ5u+eYRg2hbJzu79ZstUgeK1HM/5dN44KyjUMTNV0jAco+TCxzFGQ9Uz
+PYoLRwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvubbGY3bcpqF7rK4Xef/
+Yd8JCK8wHwYDVR0jBBgwFoAU4Ipo0cUU+uO7wDDNbFJ/3ogp9HAwDQYJKoZIhvcN
+AQEFBQADgYEAQZVtCqTur2jNlCZZmhi3dTzFDyLTXDGbhaCTs/BQKboe01pDC3ct
+mIenpzkPQI0D07NnQ3e8PFHC+Z56LTnEXBbXcNZ00Wzhak39HxCvZDv0ZOmys/vI
+zcVBzZngrIMdgSxrmbqAAhJy9zu7k3IA2v/Th3XSOqTKTcGLwSFQy1c=
 -----END CERTIFICATE-----
--- a/mysql-test/std_data/client-key.pem
+++ b/mysql-test/std_data/client-key.pem
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAOFSMCzZvmQokV16/dnpFDV60pROkUbg259refRMrG4HYTSGdGKn
-qESv+oeHqH1CYf+rUNR7v3X61dWzdPtWHjcCAwEAAQJAXYooM8ZlcuEgj+VKU1ee
-qyEFIMqJJxqcMk+E/nWCM96WxCP3zHNSrqNfSpI3ld7QzMwhdRz+gFLxT2gGNpIw
-MQIhAPxzM/lDihe67X3ADYtDl9ZjA8Pm430x9sXlcxI17tCZAiEA5H1SyFl4mUee
-9VnfSC2XGW7lwz72ZygfVX+b7tLWF08CIEh40gzW5MfXM+KLxdea+fXjyursV5ZT
-R6KcMiKiNQLRAiAcmHqlzFzFgisotai2Fc6VRkXHG7gmzOSvBJt1VjmpDQIge6jf
-2N7whTdvC4ferB+zUlgWQdyvx1c3T4gnt6PYdaY=
+MIICXgIBAAKBgQC93D34PAvU0sCjnDQt5xH/TUM1F/YNkQGSnk9NwDjVYgNVM9tm
+opHT8rYjNJVTUD1P4wzXdv32VGTm9txwdHxrdEFZsBldYpA8p8heIY8rImvHQ5u+
+eYRg2hbJzu79ZstUgeK1HM/5dN44KyjUMTNV0jAco+TCxzFGQ9UzPYoLRwIDAQAB
+AoGBAJa2lprPT7UJ99Ho1aL6ota/RnKHKtNqII17DgjyZis9OtgP6kJ3GrvdF6iq
+vT79my4nVrJTyxYXuGF/5U1/qqNjuPPBE1Xbu1ubQlFv8CT0kKYynQ7Z3ls8fAHC
+B3VJXnUVlG+GHtUEFFG4FQVX1fn/Sga67ioJ6ivAiBlHKaPBAkEA5f2ToWlj4u9O
+KgfRkN54wdIp4yu2c40pbhMfKGjGGsBAHk92+qSBpzEmxLcI6Ay+4/QysSR4jYmK
+jCJuxiTu1QJBANNU3Hx8Il2SF/2BqGLcIh2SHxzKQIT5wAyD2jb+P2cHvbk6pKGR
+VTmw5bibxXmYMS6J/L2zUF2xtFe+Svwz96sCQEnKYSqBqOWvyBFeLtPfPTlal8vm
+Q4SxfuBtTCrn6t+8XRYcgt0KGPsunvSwkS/6nuh+eiExxWgMACLUDVyPjv0CQQC4
+sJJc7LOv6Oy0bWr2swHRrBEqvQsz63zOszCzHPHWHirNxZV5aiT8XT/2XZRwlvRs
+gsVyGFLk/1fn0vN/g/8vAkEAxUdzUKvC1ZwjzGhgcz2bQU0tEZN4C9jBCiwOI2ud
+BpAsPG0xAGGL2+hz0B0n88XiTHobiTZ1bg4Z41i4pXx2ZA==
 -----END RSA PRIVATE KEY-----
--- a/mysql-test/std_data/server-cert.pem
+++ b/mysql-test/std_data/server-cert.pem
@@ -3,53 +3,59 @@ Certificate:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
+        Issuer: C=FI, ST=Tuusula, O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org
        Validity
-            Not Before: Jan 28 10:55:13 2009 GMT
-            Not After : Jan 28 10:55:13 2010 GMT
-        Subject: C=SE, ST=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com
+            Not Before: Jan 28 21:59:14 2010 GMT
+            Not After : Dec  7 21:59:14 2019 GMT
+        Subject: C=FI, ST=Tuusula, O=Monty Program Ab, CN=localhost/emailAddress=abstract.developer@askmonty.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:b6:8f:e5:b7:b4:86:83:13:8a:f9:bf:63:cb:64:
-                    2d:b9:51:d1:de:ab:7b:45:1f:aa:b5:66:73:13:f9:
-                    a6:07:d5:ba:7c:fa:92:bd:37:e2:ad:87:db:3e:b6:
-                    6a:12:64:f8:ee:17:e3:15:06:2f:a8:82:68:bf:57:
-                    8d:c3:04:98:27
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cc:79:74:2a:14:7e:77:06:b0:ec:1b:b6:da:70:
+                    4c:4f:0e:94:04:8a:e7:69:f4:4c:9c:67:22:41:56:
+                    3a:96:53:9e:95:9d:17:55:80:41:c0:13:d6:94:0f:
+                    cd:2c:51:fe:a4:6e:f2:74:d8:5d:3b:3a:80:e3:85:
+                    5b:a5:bc:7d:5c:25:55:e5:40:77:fe:f3:cb:5b:cd:
+                    da:a5:f4:36:64:30:a2:a0:7f:93:b3:c4:56:75:2a:
+                    c0:f7:65:2a:d7:e6:ff:88:25:03:e0:b4:40:2e:74:
+                    4c:cb:46:95:73:cb:25:5c:87:0e:ec:0f:5a:19:c2:
+                    b6:dc:9e:e8:f0:30:b1:9c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
-                D9:9A:B8:5F:22:EA:04:10:C8:25:7D:82:57:E6:2E:FD:19:29:E7:DA
+                6D:13:3B:40:52:3C:AF:18:EA:33:D1:B7:56:21:1B:05:FE:0B:9E:38
            X509v3 Authority Key Identifier: 
-                keyid:F2:E2:EA:55:65:A4:9A:E2:AC:9D:97:F5:45:6C:F6:F7:8C:11:AD:DF
-                DirName:/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB
-                serial:95:E9:78:F5:34:50:E4:D5
+                keyid:E0:8A:68:D1:C5:14:FA:E3:BB:C0:30:CD:6C:52:7F:DE:88:29:F4:70

    Signature Algorithm: sha1WithRSAEncryption
-        54:07:2d:21:0b:a5:af:3b:58:23:32:5e:56:7f:ab:58:63:48:
-        91:aa:38:90:89:16:f9:cc:bf:a4:0e:78:2b:9f:c5:1b:58:a6:
-        e6:08:8f:2e:ae:97:03:21:9b:f1:cd:c0:26:8f:1d:d7:28:27:
-        a0:8e:81:09:1b:1c:0f:c9:a5:41:3a:2d:44:3f:9c:fa:87:ff:
-        c8:4c:2b:44:f7:1b:c1:3e:4f:01:7f:e9:26:cc:9f:1c:06:b5:
-        0b:27:d1:10:90:be:93:0c:9c:e7:b0:d1:ea:27:99:4e:06:14:
-        0c:7a:e9:c1:52:c5:33:68:bc:61:0d:db:81:3b:57:48:57:bf:
-        42:9a
+        97:db:65:23:7f:f1:15:3c:1e:83:ac:0e:0a:50:a0:0c:22:b8:
+        45:d4:ca:21:05:47:3b:3d:03:b5:6c:4b:8d:bb:5f:57:c3:c7:
+        4e:71:23:cf:33:a3:7f:a0:3d:bd:58:75:b8:37:22:16:2f:e9:
+        ed:ae:9b:94:29:81:6e:34:79:cf:41:bd:3d:8d:17:d7:22:1c:
+        1b:58:c7:0f:79:13:56:1d:e8:d8:4e:e5:07:3f:79:1b:dd:c4:
+        06:9b:c5:b6:02:34:43:c5:bf:e5:87:ad:f1:c1:8a:f2:be:c2:
+        00:1d:d4:27:1f:87:c8:80:31:ec:6e:97:95:b4:84:40:d1:73:
+        42:71
 -----BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJTRTEQ
-MA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlT
-UUwgQUIwHhcNMDkwMTI4MTA1NTEzWhcNMTAwMTI4MTA1NTEzWjB5MQswCQYDVQQG
-EwJTRTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxEjAQBgNV
-BAMTCWxvY2FsaG9zdDExMC8GCSqGSIb3DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2
-ZWxvcGVyQG15c3FsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC2j+W3tIaD
-E4r5v2PLZC25UdHeq3tFH6q1ZnMT+aYH1bp8+pK9N+Kth9s+tmoSZPjuF+MVBi+o
-gmi/V43DBJgnAgMBAAGjgaMwgaAwCQYDVR0TBAIwADAdBgNVHQ4EFgQU2Zq4XyLq
-BBDIJX2CV+Yu/Rkp59owdAYDVR0jBG0wa4AU8uLqVWWkmuKsnZf1RWz294wRrd+h
-SKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdV
-cHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAJXpePU0UOTVMA0GCSqGSIb3DQEB
-BQUAA4GBAFQHLSELpa87WCMyXlZ/q1hjSJGqOJCJFvnMv6QOeCufxRtYpuYIjy6u
-lwMhm/HNwCaPHdcoJ6COgQkbHA/JpUE6LUQ/nPqH/8hMK0T3G8E+TwF/6SbMnxwG
-tQsn0RCQvpMMnOew0eonmU4GFAx66cFSxTNovGEN24E7V0hXv0Ka
+MIIC2TCCAkKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJGSTEQ
+MA4GA1UECBMHVHV1c3VsYTEZMBcGA1UEChMQTW9udHkgUHJvZ3JhbSBBYjEuMCwG
+CSqGSIb3DQEJARYfYWJzdHJhY3QuZGV2ZWxvcGVyQGFza21vbnR5Lm9yZzAeFw0x
+MDAxMjgyMTU5MTRaFw0xOTEyMDcyMTU5MTRaMH4xCzAJBgNVBAYTAkZJMRAwDgYD
+VQQIEwdUdXVzdWxhMRkwFwYDVQQKExBNb250eSBQcm9ncmFtIEFiMRIwEAYDVQQD
+Ewlsb2NhbGhvc3QxLjAsBgkqhkiG9w0BCQEWH2Fic3RyYWN0LmRldmVsb3BlckBh
+c2ttb250eS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMx5dCoUfncG
+sOwbttpwTE8OlASK52n0TJxnIkFWOpZTnpWdF1WAQcAT1pQPzSxR/qRu8nTYXTs6
+gOOFW6W8fVwlVeVAd/7zy1vN2qX0NmQwoqB/k7PEVnUqwPdlKtfm/4glA+C0QC50
+TMtGlXPLJVyHDuwPWhnCttye6PAwsZyZAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBRtEztAUjyvGOoz0bdWIRsF/gueODAfBgNVHSMEGDAWgBTgimjRxRT647vA
+MM1sUn/eiCn0cDANBgkqhkiG9w0BAQUFAAOBgQCX22Ujf/EVPB6DrA4KUKAMIrhF
+1MohBUc7PQO1bEuNu19Xw8dOcSPPM6N/oD29WHW4NyIWL+ntrpuUKYFuNHnPQb09
+jRfXIhwbWMcPeRNWHejYTuUHP3kb3cQGm8W2AjRDxb/lh63xwYryvsIAHdQnH4fI
+gDHsbpeVtIRA0XNCcQ==
 -----END CERTIFICATE-----
--- a/mysql-test/std_data/server-key.pem
+++ b/mysql-test/std_data/server-key.pem
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBALaP5be0hoMTivm/Y8tkLblR0d6re0UfqrVmcxP5pgfVunz6kr03
-4q2H2z62ahJk+O4X4xUGL6iCaL9XjcMEmCcCAwEAAQJASA5VwgNb0CKHiPm0ntOk
-hG+54SRX3DmafEy6gRjZIl/bZ/asSLhXUZ+CeohyrQh7BZgYWvykd8pRISL9eKsU
-GQIhAOXkUrOtP/EtjyqNluEqZdG+RZi/7p61JS3Ce13Myu+LAiEAy0uMlV34AJpM
-b40FPKqlHxw8DD/Dt1iKhNVAg8+LDVUCIFjv7fbJDbW2VG63/Cj8CAwOukoP5rbL
-iaicVrHBKrllAiB9+MiaXeopZXNrxDS0jQFYr8Q9yt1aJVFgUkxx4Q9HKQIgZPs0
-KlF3NNNWw78INaAEkyf0IEssnLMsuoCWw0DIOak=
+MIICXgIBAAKBgQDMeXQqFH53BrDsG7bacExPDpQEiudp9EycZyJBVjqWU56VnRdV
+gEHAE9aUD80sUf6kbvJ02F07OoDjhVulvH1cJVXlQHf+88tbzdql9DZkMKKgf5Oz
+xFZ1KsD3ZSrX5v+IJQPgtEAudEzLRpVzyyVchw7sD1oZwrbcnujwMLGcmQIDAQAB
+AoGBAMdMYkNZsmJFbVDVOobzCg3Mgc1jrmeBrOKNS8AvUe+QFXRyp3m5B102eOHb
+/PmD+hU/5qao9UZzoYkiRM/oRq45jrqJEYwWrX007bKK0F9hnErtC1ImM1nBFVhx
+6+6cr+ShUkvtj8+wJ2d5bIccUzGCUfFR5tb5BnePTXK8IVoBAkEA7WGNxHAVKgjS
+AzlpHr5fvpivA07hNVJizTwZdWGGYeETilZhkkuMRwREceeohF6ILMf0FTZdFSa/
+8EeLa3icIQJBANyDKFjynKwWy5pyRSz75mVwrEi+4eTQPsCPNWLkbpbEPwqPLYWJ
+2VSFkISXF7b7Od48JkQWgiB8/kXqMDEdsXkCQQCzZvj3ryWvoP7nhOoXXBWMPGR4
+gZLe86bMKVGsTsp7CtnzwRj4sbQQr/7yfvvzHmaYQX4M0gtDQwfolomd7YdBAkEA
+y24ETuqjNu9grf81aiaJipPDnOjcJOcovSRgr/blPxmUvv0Pld5yLNN7W5a4PgrO
+fAMpmi7ZpXcqbP17sBQgoQJAWTDFKAmfHPVdDGZuCw4yceP5d+Tv7ABglZUvpPKx
+kAvGN1WBASUuCQJDOIgzl6gvYX07S5p147i9mv7UBWOpvw==
 -----END RSA PRIVATE KEY-----
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -35,7 +35,7 @@ revoke delete on mysqltest.* from mysqltest_1@localhost;
 show grants for mysqltest_1@localhost;
 grant select on mysqltest.* to mysqltest_1@localhost require NONE;
 show grants for mysqltest_1@localhost;
-grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "MySQL AB";
+grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "Monty Program Ab";
 show grants for mysqltest_1@localhost;
 revoke all privileges on mysqltest.* from mysqltest_1@localhost;
 show grants for mysqltest_1@localhost;

--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -15,8 +15,10 @@ insert into t1 values (5);

 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher
+"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
+grant select on test.* to ssl_user4@localhost require cipher
+"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org" ISSUER "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;


--- a/mysql-test/t/query_cache_debug.test
+++ b/mysql-test/t/query_cache_debug.test
 --source include/not_embedded.inc
--source include/big_test.inc
 --source include/have_query_cache.inc
 --source include/have_debug.inc


--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1863,6 +1863,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
 		       uint port, const char *unix_socket,ulong client_flag)
 {
  char		buff[NAME_LEN+USERNAME_LENGTH+100];
+  char		error_string[1024];
  char		*end,*host_info= NULL;
  my_socket	sock;
  in_addr_t	ip_addr;
@@ -2331,9 +2332,14 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
    /* Connect to the server */
    DBUG_PRINT("info", ("IO layer change in progress..."));
    if (sslconnect(ssl_fd, mysql->net.vio,
-                   (long) (mysql->options.connect_timeout)))
+                   (long) (mysql->options.connect_timeout),
+                   error_string))
    {
-      set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
+      set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR,
+                               unknown_sqlstate,
+                               "SSL error: %s",
+                               error_string[0] ? error_string :
+                               ER(CR_SSL_CONNECTION_ERROR));
      goto error;
    }
    DBUG_PRINT("info", ("IO layer change done!"));

--- a/sql/net_serv.cc
+++ b/sql/net_serv.cc
@@ -219,7 +219,7 @@ my_bool net_realloc(NET *net, size_t length)
    -1   Don't know if data is ready or not
 */

-#if !defined(EMBEDDED_LIBRARY)
+#if !defined(EMBEDDED_LIBRARY) && defined(DBUG_OFF)

 static int net_data_is_ready(my_socket sd)
 {
@@ -280,7 +280,7 @@ static int net_data_is_ready(my_socket sd)

 void net_clear(NET *net, my_bool clear_buffer)
 {
-#if !defined(EMBEDDED_LIBRARY)
+#if !defined(EMBEDDED_LIBRARY) && defined(DBUG_OFF)
  size_t count;
  int ready;
 #endif

--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -3803,10 +3803,11 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi,
      suppress_warnings= 0;
      mi->report(ERROR_LEVEL, last_errno,
                 "error %s to master '%s@%s:%d'"
-                 " - retry-time: %d  retries: %lu",
+                 " - retry-time: %d  retries: %lu  message: %s",
                 (reconnect ? "reconnecting" : "connecting"),
                 mi->user, mi->host, mi->port,
-                 mi->connect_retry, master_retry_count);
+                 mi->connect_retry, master_retry_count,
+                 mysql_error(mysql));
    }
    /*
      By default we try forever. The reason is that failure will trigger

--- a/sql/sql_cache.cc
+++ b/sql/sql_cache.cc
@@ -377,9 +377,11 @@ TODO list:

 static void debug_wait_for_kill(const char *info)
 {
-  DBUG_ENTER("debug_wait_for_kill");
  const char *prev_info;
  THD *thd;
+  char buff[1024];
+  DBUG_ENTER("debug_wait_for_kill");
+
  thd= current_thd;
  prev_info= thd->proc_info;
  thd->proc_info= info;
@@ -387,8 +389,16 @@ static void debug_wait_for_kill(const char *info)
  while(!thd->killed)
    my_sleep(1000);
  thd->killed= THD::NOT_KILLED;
+  /*
+    Remove the set debug variable, to ensure we don't get stuck on it again
+    This is needed as for MyISAM, invalidate_table() may be called twice
+    (Once from mysql_delete() and once from mi_update_status())
+  */
+  sprintf(buff, "-d,%s", info);
+  DBUG_SET(buff);
  sql_print_information("Exit debug_wait_for_kill");
  thd->proc_info= prev_info;
+
  DBUG_VOID_RETURN;
 }

@@ -914,15 +924,18 @@ void query_cache_insert(NET *net, const char *packet, ulong length)

 void query_cache_abort(NET *net)
 {
+  THD *thd;
  DBUG_ENTER("query_cache_abort");
-  THD *thd= current_thd;

  /* See the comment on double-check locking usage above. */
  if (net->query_cache_query == 0)
    DBUG_VOID_RETURN;

  if (query_cache.try_lock())
+  {
+    net->query_cache_query = 0;
    DBUG_VOID_RETURN;
+  }

  /*
    While we were waiting another thread might have changed the status
@@ -932,6 +945,7 @@ void query_cache_abort(NET *net)
                                   net->query_cache_query);
  if (query_block)
  {
+    thd= current_thd;
    thd_proc_info(thd, "storing result in query cache");
    DUMP(&query_cache);
    BLOCK_LOCK_WR(query_block);
@@ -941,6 +955,7 @@ void query_cache_abort(NET *net)
    DBUG_EXECUTE("check_querycache",query_cache.check_integrity(1););
  }

+  DBUG_ASSERT(!net->query_cache_query);
  query_cache.unlock();
  DBUG_VOID_RETURN;
 }
@@ -970,8 +985,12 @@ void query_cache_end_of_result(THD *thd)
 #endif

  if (query_cache.try_lock())
+  {
+    thd->net.query_cache_query= 0;
    DBUG_VOID_RETURN;
+  }

+  /* thd->net.query_cache_query may have changed during resize */
  query_block= ((Query_cache_block*) thd->net.query_cache_query);
  if (query_block)
  {
@@ -997,8 +1016,8 @@ void query_cache_end_of_result(THD *thd)
        to this function. In the release version that query should be ignored
        and removed from QC.
      */
-      DBUG_ASSERT(0);
      query_cache.free_query(query_block);
+      thd->net.query_cache_query= 0;
      query_cache.unlock();
      DBUG_VOID_RETURN;
    }

--- a/sql/sql_connect.cc
+++ b/sql/sql_connect.cc
@@ -798,6 +798,7 @@ static int check_connection(THD *thd)
  DBUG_PRINT("info", ("client capabilities: %lu", thd->client_capabilities));
  if (thd->client_capabilities & CLIENT_SSL)
  {
+    char error_string[1024];
    /* Do the SSL layering. */
    if (!ssl_acceptor_fd)
    {
@@ -806,7 +807,7 @@ static int check_connection(THD *thd)
      return 1;
    }
    DBUG_PRINT("info", ("IO layer change in progress..."));
-    if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout))
+    if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout, error_string))
    {
      DBUG_PRINT("error", ("Failed to accept new SSL connection"));
      inc_host_errors(&thd->remote.sin_addr);

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -1252,12 +1252,14 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
      ha_maria::implicit_commit(thd, FALSE);
 #endif

-      net_end_statement(thd);
-      query_cache_end_of_result(thd);
      /*
        Multiple queries exits, execute them individually
      */
      close_thread_tables(thd);
+
+      net_end_statement(thd);
+      query_cache_end_of_result(thd);
+
      ulong length= (ulong)(packet_end - beginning_of_next_stmt);

      log_slow_statement(thd);
@@ -1645,13 +1647,22 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
  ha_maria::implicit_commit(thd, FALSE);
 #endif

+  if (!(sql_command_flags[thd->lex->sql_command] & CF_CHANGES_DATA))
+  {
+    /* No changes in data;  We can send ok at once to the client */
    net_end_statement(thd);
    query_cache_end_of_result(thd);
-
+  }
  thd->proc_info= "closing tables";
  /* Free tables */
  close_thread_tables(thd);

+  if (sql_command_flags[thd->lex->sql_command] & CF_CHANGES_DATA)
+  {
+    net_end_statement(thd);
+    query_cache_end_of_result(thd);
+  }
+
  log_slow_statement(thd);

  thd_proc_info(thd, "cleaning up");

--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -74,8 +74,11 @@ report_errors(SSL* ssl)
  }

  if (ssl)
-    DBUG_PRINT("error", ("error: %s",
-                         ERR_error_string(SSL_get_error(ssl, l), buf)));
+  {
+    int error= SSL_get_error(ssl, l);
+    DBUG_PRINT("error", ("error: %s (%d)",
+                         ERR_error_string(error, buf), error));
+  }

  DBUG_PRINT("info", ("socket_errno: %d", socket_errno));
  DBUG_VOID_RETURN;
@@ -174,16 +177,17 @@ void vio_ssl_delete(Vio *vio)


 static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
-                  int (*connect_accept_func)(SSL*))
+                  int (*connect_accept_func)(SSL*), char *error_string)
 {
  SSL *ssl;
  my_bool unused;
  my_bool was_blocking;
-
  DBUG_ENTER("ssl_do");
  DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d  ctx: 0x%lx",
                       (long) ptr, vio->sd, (long) ptr->ssl_context));

+  error_string[0]= 0;
+
  /* Set socket to blocking if not already set */
  vio_blocking(vio, 1, &was_blocking);

@@ -191,6 +195,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
  {
    DBUG_PRINT("error", ("SSL_new failure"));
    report_errors(ssl);
+    strmov(error_string, "SSL_new failed");
    vio_blocking(vio, was_blocking, &unused);
    DBUG_RETURN(1);
  }
@@ -203,6 +208,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
  {
    DBUG_PRINT("error", ("SSL_connect/accept failure"));
    report_errors(ssl);
+    ERR_error_string(SSL_get_error(ssl, 0), error_string);
    SSL_free(ssl);
    vio_blocking(vio, was_blocking, &unused);
    DBUG_RETURN(1);
@@ -250,17 +256,19 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
 }


-int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
+int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
+              char *error_string)
 {
  DBUG_ENTER("sslaccept");
-  DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_accept));
+  DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_accept, error_string));
 }


-int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
+int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
+               char *error_string)
 {
  DBUG_ENTER("sslconnect");
-  DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_connect));
+  DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_connect, error_string));
 }