Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
cae9149d
Commit
cae9149d
authored
Aug 28, 2007
by
msvensson@pilot.(none)
Browse files
Options
Browse Files
Download
Plain Diff
Merge pilot.(none):/data/msvensson/mysql/mysql-5.0-maint
into pilot.(none):/data/msvensson/mysql/mysql-5.1-new-maint
parents
bb4ce6d2
bce8ea54
Changes
17
Hide whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
101 additions
and
104 deletions
+101
-104
extra/yassl/include/openssl/crypto.h
extra/yassl/include/openssl/crypto.h
+1
-0
extra/yassl/include/openssl/des_old.h
extra/yassl/include/openssl/des_old.h
+1
-0
extra/yassl/include/openssl/evp.h
extra/yassl/include/openssl/evp.h
+10
-0
extra/yassl/include/openssl/hmac.h
extra/yassl/include/openssl/hmac.h
+1
-0
extra/yassl/include/openssl/objects.h
extra/yassl/include/openssl/objects.h
+1
-0
extra/yassl/include/openssl/prefix_ssl.h
extra/yassl/include/openssl/prefix_ssl.h
+3
-0
extra/yassl/include/openssl/sha.h
extra/yassl/include/openssl/sha.h
+1
-0
extra/yassl/include/openssl/ssl.h
extra/yassl/include/openssl/ssl.h
+2
-1
extra/yassl/include/yassl_int.hpp
extra/yassl/include/yassl_int.hpp
+1
-1
extra/yassl/src/handshake.cpp
extra/yassl/src/handshake.cpp
+4
-0
extra/yassl/src/socket_wrapper.cpp
extra/yassl/src/socket_wrapper.cpp
+0
-4
extra/yassl/src/ssl.cpp
extra/yassl/src/ssl.cpp
+6
-0
extra/yassl/src/yassl_int.cpp
extra/yassl/src/yassl_int.cpp
+1
-0
extra/yassl/taocrypt/src/coding.cpp
extra/yassl/taocrypt/src/coding.cpp
+3
-2
extra/yassl/taocrypt/src/crypto.cpp
extra/yassl/taocrypt/src/crypto.cpp
+5
-0
mysql-test/suite/rpl/t/rpl_ssl.test
mysql-test/suite/rpl/t/rpl_ssl.test
+15
-0
vio/viossl.c
vio/viossl.c
+46
-96
No files found.
extra/yassl/include/openssl/crypto.h
View file @
cae9149d
...
...
@@ -9,6 +9,7 @@
const
char
*
SSLeay_version
(
int
type
);
#define SSLEAY_NUMBER_DEFINED
#define SSLEAY_VERSION 0x0900L
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
...
...
extra/yassl/include/openssl/des_old.h
0 → 100644
View file @
cae9149d
/* des_old.h for openvn */
extra/yassl/include/openssl/evp.h
0 → 100644
View file @
cae9149d
/* evp.h for openSSL */
#ifndef SSLEAY_NUMBER_DEFINED
#define SSLEAY_NUMBER_DEFINED
/* for OpenVPN */
#define SSLEAY_VERSION_NUMBER 0x0090700f
#endif
/* SSLEAY_NUMBER_DEFINED */
extra/yassl/include/openssl/hmac.h
0 → 100644
View file @
cae9149d
/* hmac.h for openvpn */
extra/yassl/include/openssl/objects.h
0 → 100644
View file @
cae9149d
/* objects.h for openvpn */
extra/yassl/include/openssl/prefix_ssl.h
View file @
cae9149d
...
...
@@ -30,6 +30,7 @@
#define SSL_CTX_new yaSSL_CTX_new
#define SSL_new yaSSL_new
#define SSL_set_fd yaSSL_set_fd
#define SSL_get_fd yaSSL_get_fd
#define SSL_connect yaSSL_connect
#define SSL_write yaSSL_write
#define SSL_read yaSSL_read
...
...
@@ -91,6 +92,8 @@
#define SSL_set_rfd yaSSL_set_rfd
#define SSL_set_wfd yaSSL_set_wfd
#define SSL_set_shutdown yaSSL_set_shutdown
#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown
#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown
#define SSL_want_read yaSSL_want_read
#define SSL_want_write yaSSL_want_write
#define SSL_pending yaSSL_pending
...
...
extra/yassl/include/openssl/sha.h
0 → 100644
View file @
cae9149d
/* sha.h for openvpn */
extra/yassl/include/openssl/ssl.h
View file @
cae9149d
...
...
@@ -34,7 +34,7 @@
#include "rsa.h"
#define YASSL_VERSION "1.
6.5
"
#define YASSL_VERSION "1.
7.2
"
#if defined(__cplusplus)
...
...
@@ -201,6 +201,7 @@ typedef int YASSL_SOCKET_T;
SSL_CTX
*
SSL_CTX_new
(
SSL_METHOD
*
);
SSL
*
SSL_new
(
SSL_CTX
*
);
int
SSL_set_fd
(
SSL
*
,
YASSL_SOCKET_T
);
YASSL_SOCKET_T
SSL_get_fd
(
const
SSL
*
);
int
SSL_connect
(
SSL
*
);
int
SSL_write
(
SSL
*
,
const
void
*
,
int
);
int
SSL_read
(
SSL
*
,
void
*
,
int
);
...
...
extra/yassl/include/yassl_int.hpp
View file @
cae9149d
...
...
@@ -584,7 +584,7 @@ class SSL {
Socket
socket_
;
// socket wrapper
Buffers
buffers_
;
// buffered handshakes and data
Log
log_
;
// logger
bool
quietShutdown_
;
// shutdown without handshakes
bool
quietShutdown_
;
// optimization variables
bool
has_data_
;
// buffered data ready?
...
...
extra/yassl/src/handshake.cpp
View file @
cae9149d
...
...
@@ -719,6 +719,10 @@ int DoProcessReply(SSL& ssl)
// add new data
uint
read
=
ssl
.
useSocket
().
receive
(
buffer
.
get_buffer
()
+
buffSz
,
ready
);
if
(
read
==
static_cast
<
uint
>
(
-
1
))
{
ssl
.
SetError
(
receive_error
);
return
0
;
}
buffer
.
add_size
(
read
);
uint
offset
=
0
;
const
MessageFactory
&
mf
=
ssl
.
getFactory
().
getMessage
();
...
...
extra/yassl/src/socket_wrapper.cpp
View file @
cae9149d
...
...
@@ -114,8 +114,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
const
byte
*
pos
=
buf
;
const
byte
*
end
=
pos
+
sz
;
assert
(
socket_
!=
INVALID_SOCKET
);
while
(
pos
!=
end
)
{
int
sent
=
::
send
(
socket_
,
reinterpret_cast
<
const
char
*>
(
pos
),
static_cast
<
int
>
(
end
-
pos
),
flags
);
...
...
@@ -132,7 +130,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
uint
Socket
::
receive
(
byte
*
buf
,
unsigned
int
sz
,
int
flags
)
{
assert
(
socket_
!=
INVALID_SOCKET
);
wouldBlock_
=
false
;
int
recvd
=
::
recv
(
socket_
,
reinterpret_cast
<
char
*>
(
buf
),
sz
,
flags
);
...
...
@@ -163,7 +160,6 @@ bool Socket::wait()
void
Socket
::
shutDown
(
int
how
)
{
assert
(
socket_
!=
INVALID_SOCKET
);
shutdown
(
socket_
,
how
);
}
...
...
extra/yassl/src/ssl.cpp
View file @
cae9149d
...
...
@@ -239,6 +239,12 @@ int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd)
}
YASSL_SOCKET_T
SSL_get_fd
(
const
SSL
*
ssl
)
{
return
ssl
->
getSocket
().
get_fd
();
}
int
SSL_connect
(
SSL
*
ssl
)
{
if
(
ssl
->
GetError
()
==
YasslError
(
SSL_ERROR_WANT_READ
))
...
...
extra/yassl/src/yassl_int.cpp
View file @
cae9149d
...
...
@@ -773,6 +773,7 @@ void SSL::SetError(YasslError ye)
// TODO: add string here
}
// set the quiet shutdown mode (close_nofiy not sent or received on shutdown)
void
SSL
::
SetQuietShutdown
(
bool
mode
)
{
...
...
extra/yassl/taocrypt/src/coding.cpp
View file @
cae9149d
...
...
@@ -107,11 +107,12 @@ void HexDecoder::Decode()
// sanity checks
assert
(
b
<
sizeof
(
hexDecode
)
/
sizeof
(
hexDecode
[
0
])
);
assert
(
b2
<
sizeof
(
hexDecode
)
/
sizeof
(
hexDecode
[
0
])
);
assert
(
b
!=
bad
&&
b2
!=
bad
);
b
=
hexDecode
[
b
];
b2
=
hexDecode
[
b2
];
assert
(
b
!=
bad
&&
b2
!=
bad
);
decoded_
[
i
++
]
=
(
b
<<
4
)
|
b2
;
bytes
-=
2
;
}
...
...
@@ -184,7 +185,7 @@ void Base64Decoder::Decode()
{
word32
bytes
=
coded_
.
size
();
word32
plainSz
=
bytes
-
((
bytes
+
(
pemLineSz
-
1
))
/
pemLineSz
);
plainSz
=
(
(
plainSz
*
3
)
/
4
)
+
3
;
plainSz
=
(
plainSz
*
3
+
3
)
/
4
;
decoded_
.
New
(
plainSz
);
word32
i
=
0
;
...
...
extra/yassl/taocrypt/src/crypto.cpp
View file @
cae9149d
...
...
@@ -26,6 +26,11 @@ extern "C" {
// locking handled internally by library
char
CRYPTO_lock
()
{
return
0
;}
char
CRYPTO_add_lock
()
{
return
0
;}
// for openvpn, test are the signatures they use
char
EVP_CIPHER_CTX_init
()
{
return
0
;
}
char
CRYPTO_mem_ctrl
()
{
return
0
;
}
}
// extern "C"
...
...
mysql-test/suite/rpl/t/rpl_ssl.test
View file @
cae9149d
...
...
@@ -41,28 +41,43 @@ select * from t1;
# Do the same thing a number of times
disable_query_log
;
disable_result_log
;
let
$i
=
100
;
while
(
$i
)
{
start
slave
;
connection
master
;
insert
into
t1
values
(
NULL
);
select
*
from
t1
;
# Some variance
connection
slave
;
select
*
from
t1
;
# Some variance
stop
slave
;
dec
$i
;
}
start
slave
;
enable_query_log
;
enable_result_log
;
connection
master
;
# INSERT one more record to make sure
# the sync has something to do
insert
into
t1
values
(
NULL
);
let
$master_count
=
`select count(*) from t1`
;
sync_slave_with_master
;
--
source
include
/
wait_for_slave_to_start
.
inc
--
replace_result
$MYSQL_TEST_DIR
MYSQL_TEST_DIR
$MASTER_MYPORT
MASTER_MYPORT
--
replace_column
1
# 7 # 8 # 9 # 22 # 23 # 33 # 35 # 36 #
query_vertical
show
slave
status
;
let
$slave_count
=
`select count(*) from t1`
;
if
(
`select $slave_count != $master_count`
)
{
echo
master
and
slave
differed
in
number
of
rows
;
echo
master
:
$master_count
;
echo
slave
:
$slave_count
;
}
connection
master
;
drop
user
replssl
@
localhost
;
drop
table
t1
;
...
...
vio/viossl.c
View file @
cae9149d
...
...
@@ -172,78 +172,10 @@ void vio_ssl_delete(Vio *vio)
vio_delete
(
vio
);
}
int
sslaccept
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
{
SSL
*
ssl
;
my_bool
unused
;
my_bool
net_blocking
;
enum
enum_vio_type
old_type
;
DBUG_ENTER
(
"sslaccept"
);
DBUG_PRINT
(
"enter"
,
(
"sd: %d ptr: 0x%lx, timeout: %ld"
,
vio
->
sd
,
(
long
)
ptr
,
timeout
));
old_type
=
vio
->
type
;
net_blocking
=
vio_is_blocking
(
vio
);
vio_blocking
(
vio
,
1
,
&
unused
);
/* Must be called before reset */
vio_reset
(
vio
,
VIO_TYPE_SSL
,
vio
->
sd
,
0
,
FALSE
);
if
(
!
(
ssl
=
SSL_new
(
ptr
->
ssl_context
)))
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
(
ssl
);
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
vio
->
ssl_arg
=
(
void
*
)
ssl
;
DBUG_PRINT
(
"info"
,
(
"ssl: 0x%lx timeout: %ld"
,
(
long
)
ssl
,
timeout
));
SSL_clear
(
ssl
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
ssl
),
timeout
);
SSL_set_fd
(
ssl
,
vio
->
sd
);
if
(
SSL_accept
(
ssl
)
<
1
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_accept failure"
));
report_errors
(
ssl
);
SSL_free
(
ssl
);
vio
->
ssl_arg
=
0
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
#ifndef DBUG_OFF
{
char
buf
[
1024
];
X509
*
client_cert
;
DBUG_PRINT
(
"info"
,(
"cipher_name= '%s'"
,
SSL_get_cipher_name
(
ssl
)));
if
((
client_cert
=
SSL_get_peer_certificate
(
ssl
)))
{
DBUG_PRINT
(
"info"
,(
"Client certificate:"
));
X509_NAME_oneline
(
X509_get_subject_name
(
client_cert
),
buf
,
sizeof
(
buf
));
DBUG_PRINT
(
"info"
,(
"
\t
subject: %s"
,
buf
));
X509_NAME_oneline
(
X509_get_issuer_name
(
client_cert
),
buf
,
sizeof
(
buf
));
DBUG_PRINT
(
"info"
,(
"
\t
issuer: %s"
,
buf
));
X509_free
(
client_cert
);
}
else
DBUG_PRINT
(
"info"
,(
"Client does not have certificate."
));
if
(
SSL_get_shared_ciphers
(
ssl
,
buf
,
sizeof
(
buf
)))
{
DBUG_PRINT
(
"info"
,(
"shared_ciphers: '%s'"
,
buf
));
}
else
DBUG_PRINT
(
"info"
,(
"no shared ciphers!"
));
}
#endif
DBUG_RETURN
(
0
);
DBUG_RETURN
(
sslconnect
(
ptr
,
vio
,
timeout
));
}
...
...
@@ -251,57 +183,75 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL
*
ssl
;
my_bool
unused
;
my_bool
net_blocking
;
enum
enum_vio_type
old_type
;
my_bool
was_blocking
;
DBUG_ENTER
(
"sslconnect"
);
DBUG_PRINT
(
"enter"
,
(
"sd: %d ptr: 0x%lx ctx: 0x%lx"
,
vio
->
sd
,
(
long
)
ptr
,
(
long
)
ptr
->
ssl_context
));
DBUG_PRINT
(
"enter"
,
(
"ptr: 0x%lx, sd: %d ctx: 0x%lx"
,
(
long
)
ptr
,
vio
->
sd
,
(
long
)
ptr
->
ssl_context
));
/* Set socket to blocking if not already set */
vio_blocking
(
vio
,
1
,
&
was_blocking
);
old_type
=
vio
->
type
;
net_blocking
=
vio_is_blocking
(
vio
);
vio_blocking
(
vio
,
1
,
&
unused
);
/* Must be called before reset */
vio_reset
(
vio
,
VIO_TYPE_SSL
,
vio
->
sd
,
0
,
FALSE
);
if
(
!
(
ssl
=
SSL_new
(
ptr
->
ssl_context
)))
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
(
ssl
);
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
vio_blocking
(
vio
,
was_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
vio
->
ssl_arg
=
(
void
*
)
ssl
;
DBUG_PRINT
(
"info"
,
(
"ssl: 0x%lx timeout: %ld"
,
(
long
)
ssl
,
timeout
));
SSL_clear
(
ssl
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
ssl
),
timeout
);
SSL_set_fd
(
ssl
,
vio
->
sd
);
if
(
SSL_connect
(
ssl
)
<
1
)
/*
SSL_do_handshake will select between SSL_connect
or SSL_accept depending on server or client side
*/
if
(
SSL_do_handshake
(
ssl
)
<
1
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_
connect
failure"
));
DBUG_PRINT
(
"error"
,
(
"SSL_
do_handshake
failure"
));
report_errors
(
ssl
);
SSL_free
(
ssl
);
vio
->
ssl_arg
=
0
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
vio_blocking
(
vio
,
was_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
/*
Connection succeeded. Install new function handlers,
change type, set sd to the fd used when connecting
and set pointer to the SSL structure
*/
vio_reset
(
vio
,
VIO_TYPE_SSL
,
SSL_get_fd
(
ssl
),
0
,
0
);
vio
->
ssl_arg
=
(
void
*
)
ssl
;
#ifndef DBUG_OFF
{
X509
*
server_cert
;
DBUG_PRINT
(
"info"
,(
"cipher_name: '%s'"
,
SSL_get_cipher_name
(
ssl
)));
/* Print some info about the peer */
X509
*
cert
;
char
buf
[
512
];
DBUG_PRINT
(
"info"
,(
"SSL connection succeeded"
));
DBUG_PRINT
(
"info"
,(
"Using cipher: '%s'"
,
SSL_get_cipher_name
(
ssl
)));
if
((
server_
cert
=
SSL_get_peer_certificate
(
ssl
)))
if
((
cert
=
SSL_get_peer_certificate
(
ssl
)))
{
char
buf
[
256
];
DBUG_PRINT
(
"info"
,(
"Server certificate:"
));
X509_NAME_oneline
(
X509_get_subject_name
(
server_cert
),
buf
,
sizeof
(
buf
));
DBUG_PRINT
(
"info"
,(
"
\t
subject: %s"
,
buf
));
X509_NAME_oneline
(
X509_get_issuer_name
(
server_cert
),
buf
,
sizeof
(
buf
));
DBUG_PRINT
(
"info"
,(
"
\t
issuer: %s"
,
buf
));
X509_free
(
server_cert
);
DBUG_PRINT
(
"info"
,(
"Peer certificate:"
));
X509_NAME_oneline
(
X509_get_subject_name
(
cert
),
buf
,
sizeof
(
buf
));
DBUG_PRINT
(
"info"
,(
"
\t
subject: '%s'"
,
buf
));
X509_NAME_oneline
(
X509_get_issuer_name
(
cert
),
buf
,
sizeof
(
buf
));
DBUG_PRINT
(
"info"
,(
"
\t
issuer: '%s'"
,
buf
));
X509_free
(
cert
);
}
else
DBUG_PRINT
(
"info"
,(
"Server does not have certificate."
));
DBUG_PRINT
(
"info"
,(
"Peer does not have certificate."
));
if
(
SSL_get_shared_ciphers
(
ssl
,
buf
,
sizeof
(
buf
)))
{
DBUG_PRINT
(
"info"
,(
"shared_ciphers: '%s'"
,
buf
));
}
else
DBUG_PRINT
(
"info"
,(
"no shared ciphers!"
));
}
#endif
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment