Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
522a3220
Commit
522a3220
authored
Aug 27, 2003
by
unknown
Browse files
Options
Browse Files
Download
Plain Diff
Merge bk-internal.mysql.com:/home/bk/mysql-4.0
into narttu.mysql.fi:/my/mysql-4.0
parents
d1be872e
59806e10
Changes
22
Hide whitespace changes
Inline
Side-by-side
Showing
22 changed files
with
261 additions
and
263 deletions
+261
-263
.bzrignore
.bzrignore
+2
-0
client/mysql.cc
client/mysql.cc
+4
-3
include/violite.h
include/violite.h
+41
-103
libmysql/Makefile.am
libmysql/Makefile.am
+1
-1
libmysql/Makefile.shared
libmysql/Makefile.shared
+2
-1
libmysqld/lib_vio.c
libmysqld/lib_vio.c
+5
-0
mysql-test/include/have_openssl_2.inc
mysql-test/include/have_openssl_2.inc
+0
-4
mysql-test/r/have_openssl_2.require
mysql-test/r/have_openssl_2.require
+0
-2
mysql-test/t/openssl_2.test
mysql-test/t/openssl_2.test
+0
-5
mysys/my_getopt.c
mysys/my_getopt.c
+1
-2
sql/item_cmpfunc.cc
sql/item_cmpfunc.cc
+3
-0
sql/item_func.cc
sql/item_func.cc
+5
-0
sql/mini_client.cc
sql/mini_client.cc
+1
-1
sql/mysqld.cc
sql/mysqld.cc
+13
-0
sql/net_serv.cc
sql/net_serv.cc
+3
-0
sql/sql_acl.cc
sql/sql_acl.cc
+10
-7
sql/sql_show.cc
sql/sql_show.cc
+31
-30
vio/vio.c
vio/vio.c
+3
-7
vio/vio_priv.h
vio/vio_priv.h
+54
-0
vio/viosocket.c
vio/viosocket.c
+12
-13
vio/viossl.c
vio/viossl.c
+41
-48
vio/viosslfactories.c
vio/viosslfactories.c
+29
-36
No files found.
.bzrignore
View file @
522a3220
...
...
@@ -536,3 +536,5 @@ Docs/internals.pdf
Docs/internals.txt
Docs/internals_toc.html
scripts/make_win_src_distribution
libmysql/vio_priv.h
libmysql_r/vio_priv.h
client/mysql.cc
View file @
522a3220
...
...
@@ -708,6 +708,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
break
;
case
'W'
:
#ifdef __WIN__
my_free
(
opt_mysql_unix_port
,
MYF
(
MY_ALLOW_ZERO_PTR
));
opt_mysql_unix_port
=
my_strdup
(
MYSQL_NAMEDPIPE
,
MYF
(
0
));
#endif
break
;
...
...
@@ -2329,10 +2330,10 @@ com_status(String *buffer __attribute__((unused)),
(
void
)
mysql_fetch_row
(
result
);
// Read eof
}
#ifdef HAVE_OPENSSL
if
(
mysql
.
net
.
vio
&&
mysql
.
net
.
vio
->
ssl_
&&
SSL_get_cipher
(
mysql
.
net
.
vio
->
ssl_
))
if
(
mysql
.
net
.
vio
&&
mysql
.
net
.
vio
->
ssl_
arg
&&
SSL_get_cipher
(
(
SSL
*
)
mysql
.
net
.
vio
->
ssl_arg
))
tee_fprintf
(
stdout
,
"SSL:
\t\t\t
Cipher in use is %s
\n
"
,
SSL_get_cipher
(
mysql
.
net
.
vio
->
ssl_
));
SSL_get_cipher
(
(
SSL
*
)
mysql
.
net
.
vio
->
ssl_arg
));
else
#endif
/* HAVE_OPENSSL */
tee_puts
(
"SSL:
\t\t\t
Not in use"
,
stdout
);
...
...
include/violite.h
View file @
522a3220
...
...
@@ -43,6 +43,7 @@ Vio* vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost);
Vio
*
vio_new_win32pipe
(
HANDLE
hPipe
);
#endif
void
vio_delete
(
Vio
*
vio
);
int
vio_close
(
Vio
*
vio
);
#ifdef EMBEDDED_LIBRARY
void
vio_reset
(
Vio
*
vio
);
...
...
@@ -51,146 +52,85 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
my_socket
sd
,
HANDLE
hPipe
,
my_bool
localhost
);
#endif
/*
* vio_read and vio_write should have the same semantics
* as read(2) and write(2).
*/
int
vio_read
(
Vio
*
vio
,
gptr
buf
,
int
size
);
int
vio_write
(
Vio
*
vio
,
const
gptr
buf
,
int
size
);
/*
* Whenever the socket is set to blocking mode or not.
*/
int
vio_blocking
(
Vio
*
vio
,
my_bool
onoff
,
my_bool
*
old_mode
);
my_bool
vio_is_blocking
(
Vio
*
vio
);
/*
* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible.
*/
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible */
int
vio_fastsend
(
Vio
*
vio
);
/*
* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible.
*/
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible */
int
vio_keepalive
(
Vio
*
vio
,
my_bool
onoff
);
/*
* Whenever we should retry the last read/write operation.
*/
/* Whenever we should retry the last read/write operation. */
my_bool
vio_should_retry
(
Vio
*
vio
);
/*
* When the workday is over...
*/
int
vio_close
(
Vio
*
vio
);
/*
* Short text description of the socket for those, who are curious..
*/
/* Short text description of the socket for those, who are curious.. */
const
char
*
vio_description
(
Vio
*
vio
);
/* Return the type of the connection */
enum
enum_vio_type
vio_type
(
Vio
*
vio
);
/* Return last error number */
int
vio_errno
(
Vio
*
vio
);
/* Get socket number */
my_socket
vio_fd
(
Vio
*
vio
);
/*
* Remote peer's address and name in text form.
*/
/* Remote peer's address and name in text form */
my_bool
vio_peer_addr
(
Vio
*
vio
,
char
*
buf
,
uint16
*
port
);
/* Remotes in_addr */
void
vio_in_addr
(
Vio
*
vio
,
struct
in_addr
*
in
);
my_bool
vio_poll_read
(
Vio
*
vio
,
uint
timeout
);
#ifdef __cplusplus
}
#endif
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio)
#define vio_errno(vio) (vio)->vioerrno(vio)
#define vio_read(vio, buf, size) (vio)->read(vio,buf,size)
#define vio_write(vio, buf, size) (vio)->write(vio, buf, size)
#define vio_blocking(vio, set_blocking_mode, old_mode)\
(vio)->vioblocking(vio, set_blocking_mode, old_mode)
#define vio_is_blocking(vio) (vio)->is_blocking(vio)
#define vio_fastsend(vio) (vio)->fastsend(vio)
#define vio_keepalive(vio, set_keep_alive) (vio)->viokeepalive(vio, set_keep_alive)
#define vio_should_retry(vio) (vio)->should_retry(vio)
#define vio_close(vio) ((vio)->vioclose)(vio)
#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt)
#define vio_in_addr(vio, in) (vio)->in_addr(vio, in)
#endif
/* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
void
vio_timeout
(
Vio
*
vio
,
uint
timeout
);
#ifdef HAVE_OPENSSL
#define HEADER_DES_LOCL_H dummy_something
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "my_net.h"
/* needed because of struct in_addr */
#ifdef __cplusplus
extern
"C"
{
#endif
/* __cplusplus */
void
vio_ssl_delete
(
Vio
*
vio
);
int
vio_ssl_read
(
Vio
*
vio
,
gptr
buf
,
int
size
);
int
vio_ssl_write
(
Vio
*
vio
,
const
gptr
buf
,
int
size
);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int
vio_ssl_fastsend
(
Vio
*
vio
);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int
vio_ssl_keepalive
(
Vio
*
vio
,
my_bool
onoff
);
/* Whenever we should retry the last read/write operation. */
my_bool
vio_ssl_should_retry
(
Vio
*
vio
);
/* When the workday is over... */
int
vio_ssl_close
(
Vio
*
vio
);
/* Return last error number */
int
vio_ssl_errno
(
Vio
*
vio
);
my_bool
vio_ssl_peer_addr
(
Vio
*
vio
,
char
*
buf
,
uint16
*
port
);
void
vio_ssl_in_addr
(
Vio
*
vio
,
struct
in_addr
*
in
);
int
vio_ssl_blocking
(
Vio
*
vio
,
my_bool
set_blocking_mode
,
my_bool
*
old_mode
);
/* Single copy for server */
enum
vio_ssl_acceptorfd_state
{
state_connect
=
1
,
state_accept
=
2
};
struct
st_VioSSLAcceptorFd
{
SSL_CTX
*
ssl_context_
;
SSL_METHOD
*
ssl_method_
;
struct
st_VioSSLAcceptorFd
*
session_id_context_
;
SSL_CTX
*
ssl_context
;
SSL_METHOD
*
ssl_method
;
struct
st_VioSSLAcceptorFd
*
session_id_context
;
};
/* One copy for client */
struct
st_VioSSLConnectorFd
{
SSL_CTX
*
ssl_context_
;
SSL_CTX
*
ssl_context
;
/* function pointers which are only once for SSL client */
SSL_METHOD
*
ssl_method_
;
SSL_METHOD
*
ssl_method
;
};
int
sslaccept
(
struct
st_VioSSLAcceptorFd
*
,
Vio
*
,
long
timeout
);
int
sslconnect
(
struct
st_VioSSLConnectorFd
*
,
Vio
*
,
long
timeout
);
int
sslaccept
(
struct
st_VioSSLAcceptorFd
*
,
Vio
*
,
long
timeout
);
int
sslconnect
(
struct
st_VioSSLConnectorFd
*
,
Vio
*
,
long
timeout
);
struct
st_VioSSLConnectorFd
*
new_VioSSLConnectorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
);
*
new_VioSSLConnectorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
);
struct
st_VioSSLAcceptorFd
*
new_VioSSLAcceptorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
);
Vio
*
new_VioSSL
(
struct
st_VioSSLAcceptorFd
*
fd
,
Vio
*
sd
,
int
state
);
*
new_VioSSLAcceptorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
);
Vio
*
new_VioSSL
(
struct
st_VioSSLAcceptorFd
*
fd
,
Vio
*
sd
,
int
state
);
#endif
#ifdef __cplusplus
}
#endif
#endif
/* HAVE_OPENSSL */
#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
#define vio_delete(vio) (vio)->viodelete(vio)
#define vio_errno(vio) (vio)->vioerrno(vio)
#define vio_read(vio, buf, size) (vio)->read(vio,buf,size)
#define vio_write(vio, buf, size) (vio)->write(vio, buf, size)
#define vio_blocking(vio, set_blocking_mode, old_mode)\
(vio)->vioblocking(vio, set_blocking_mode, old_mode)
#define vio_is_blocking(vio) (vio)->is_blocking(vio)
#define vio_fastsend(vio) (vio)->fastsend(vio)
#define vio_keepalive(vio, set_keep_alive) (vio)->viokeepalive(vio, set_keep_alive)
#define vio_should_retry(vio) (vio)->should_retry(vio)
#define vio_close(vio) ((vio)->vioclose)(vio)
#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt)
#define vio_in_addr(vio, in) (vio)->in_addr(vio, in)
#define vio_timeout(vio, seconds) (vio)->timeout(vio, seconds)
#endif
/* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
/* This enumerator is used in parser - should be always visible */
enum
SSL_type
...
...
@@ -228,10 +168,8 @@ struct st_vio
void
(
*
in_addr
)(
Vio
*
,
struct
in_addr
*
);
my_bool
(
*
should_retry
)(
Vio
*
);
int
(
*
vioclose
)(
Vio
*
);
#ifdef HAVE_OPENSSL
SSL
*
ssl_
;
#endif
/* HAVE_OPENSSL */
void
(
*
timeout
)(
Vio
*
,
unsigned
int
timeout
);
void
*
ssl_arg
;
#endif
/* HAVE_VIO */
};
#endif
/* EMBEDDED_LIBRARY */
...
...
libmysql/Makefile.am
View file @
522a3220
...
...
@@ -41,7 +41,7 @@ link_sources:
rm
-f
$(srcdir)
/
$$
f
;
\
@LN_CP_F@
$(srcdir)
/../strings/
$$
f
$(srcdir)
/
$$
f
;
\
done
;
\
for
f
in
$$
vs
;
do
\
for
f
in
$$
vs
$(vioheaders)
;
do
\
rm
-f
$(srcdir)
/
$$
f
;
\
@LN_CP_F@
$(srcdir)
/../vio/
$$
f
$(srcdir)
/
$$
f
;
\
done
;
\
...
...
libmysql/Makefile.shared
View file @
522a3220
...
...
@@ -46,6 +46,7 @@ mystringsextra= strto.c
mystringsgen
=
ctype_autoconf.c
dbugobjects
=
dbug.lo
# IT IS IN SAFEMALLOC.C sanity.lo
mysysheaders
=
mysys_priv.h my_static.h
vioheaders
=
vio_priv.h
mysysobjects1
=
my_init.lo my_static.lo my_malloc.lo my_realloc.lo
\
my_create.lo my_delete.lo mf_tempfile.lo my_open.lo
\
mf_casecnv.lo my_read.lo my_write.lo errors.lo
\
...
...
@@ -86,7 +87,7 @@ clean-local:
`
echo
$(mysysobjects)
|
sed
"s;
\.
lo;.c;g"
`
\
`
echo
$(vio_objects)
|
sed
"s;
\.
lo;.c;g"
`
\
$(CHARSET_SRCS)
$(CHARSET_OBJS)
\
$(mystringsextra)
$(mystringsgen)
$(mysysheaders)
\
$(mystringsextra)
$(mystringsgen)
$(mysysheaders)
$(vioheaders)
\
ctype_extra_sources.c net.c ../linked_client_sources
ctype_extra_sources.c
:
conf_to_src
...
...
libmysqld/lib_vio.c
View file @
522a3220
...
...
@@ -218,4 +218,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
return
0
;
}
void
vio_timeout
(
Vio
*
vio
__attribute__
((
unused
)),
uint
timeout
__attribute__
((
unused
)))
{
}
#endif
/* HAVE_VIO */
mysql-test/include/have_openssl_2.inc
deleted
100644 → 0
View file @
d1be872e
--
require
r
/
have_openssl_2
.
require
disable_query_log
;
SHOW
STATUS
LIKE
"SSL_get_cipher"
;
enable_query_log
;
mysql-test/r/have_openssl_2.require
deleted
100644 → 0
View file @
d1be872e
Variable_name Value
jkhjkhfs
mysql-test/t/openssl_2.test
deleted
100644 → 0
View file @
d1be872e
# We want to test everything with SSL turned on.
--
source
include
/
have_openssl_2
.
inc
SHOW
STATUS
LIKE
'SSL%'
;
mysys/my_getopt.c
View file @
522a3220
...
...
@@ -464,8 +464,7 @@ static int setval(const struct my_option *opts, char *argument,
break
;
case
GET_STR_ALLOC
:
if
((
*
((
char
**
)
result_pos
)))
my_free
((
*
(
char
**
)
result_pos
),
MYF
(
MY_WME
|
MY_FAE
));
my_free
((
*
(
char
**
)
result_pos
),
MYF
(
MY_WME
|
MY_FAE
));
if
(
!
(
*
((
char
**
)
result_pos
)
=
my_strdup
(
argument
,
MYF
(
MY_WME
))))
return
EXIT_OUT_OF_MEMORY
;
break
;
...
...
sql/item_cmpfunc.cc
View file @
522a3220
...
...
@@ -1177,7 +1177,10 @@ Item_cond::fix_fields(THD *thd,TABLE_LIST *tables)
{
List_iterator
<
Item
>
li
(
list
);
Item
*
item
;
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char
buff
[
sizeof
(
char
*
)];
// Max local vars in function
#endif
not_null_tables_cache
=
used_tables_cache
=
0
;
const_item_cache
=
0
;
/*
...
...
sql/item_func.cc
View file @
522a3220
...
...
@@ -59,7 +59,10 @@ bool
Item_func
::
fix_fields
(
THD
*
thd
,
TABLE_LIST
*
tables
)
{
Item
**
arg
,
**
arg_end
;
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char
buff
[
STACK_BUFF_ALLOC
];
// Max argument in function
#endif
binary
=
0
;
used_tables_cache
=
not_null_tables_cache
=
0
;
const_item_cache
=
1
;
...
...
@@ -1159,7 +1162,9 @@ bool
udf_handler
::
fix_fields
(
THD
*
thd
,
TABLE_LIST
*
tables
,
Item_result_field
*
func
,
uint
arg_count
,
Item
**
arguments
)
{
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char
buff
[
STACK_BUFF_ALLOC
];
// Max argument in function
#endif
DBUG_ENTER
(
"Item_udf_func::fix_fields"
);
if
(
thd
)
...
...
sql/mini_client.cc
View file @
522a3220
...
...
@@ -843,7 +843,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
}
/* Do the SSL layering. */
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
DBUG_PRINT
(
"info"
,
(
"IO context %p"
,((
struct
st_VioSSLConnectorFd
*
)
mysql
->
connector_fd
)
->
ssl_context
_
));
DBUG_PRINT
(
"info"
,
(
"IO context %p"
,((
struct
st_VioSSLConnectorFd
*
)
mysql
->
connector_fd
)
->
ssl_context
));
sslconnect
((
struct
st_VioSSLConnectorFd
*
)(
mysql
->
connector_fd
),
mysql
->
net
.
vio
,
(
long
)(
mysql
->
options
.
connect_timeout
));
DBUG_PRINT
(
"info"
,
(
"IO layer change done!"
));
}
...
...
sql/mysqld.cc
View file @
522a3220
...
...
@@ -1136,7 +1136,14 @@ static void server_init(void)
IPaddr
.
sin_family
=
AF_INET
;
IPaddr
.
sin_addr
.
s_addr
=
my_bind_addr
;
IPaddr
.
sin_port
=
(
unsigned
short
)
htons
((
unsigned
short
)
mysql_port
);
#ifndef __WIN__
/*
We should not use SO_REUSEADDR on windows as this would enable a
user to open two mysqld servers with the same TCP/IP port.
*/
(
void
)
setsockopt
(
ip_sock
,
SOL_SOCKET
,
SO_REUSEADDR
,(
char
*
)
&
arg
,
sizeof
(
arg
));
#endif
if
(
bind
(
ip_sock
,
my_reinterpret_cast
(
struct
sockaddr
*
)
(
&
IPaddr
),
sizeof
(
IPaddr
))
<
0
)
{
...
...
@@ -3011,6 +3018,12 @@ extern "C" pthread_handler_decl(handle_connections_sockets,
}
if
(
sock
==
unix_sock
)
thd
->
host
=
(
char
*
)
localhost
;
#ifdef __WIN__
/* Set default wait_timeout */
ulong
wait_timeout
=
global_system_variables
.
net_wait_timeout
*
1000
;
(
void
)
setsockopt
(
new_sock
,
SOL_SOCKET
,
SO_RCVTIMEO
,
(
char
*
)
&
wait_timeout
,
sizeof
(
wait_timeout
));
#endif
create_new_thread
(
thd
);
}
...
...
sql/net_serv.cc
View file @
522a3220
...
...
@@ -434,6 +434,7 @@ net_real_write(NET *net,const char *packet,ulong len)
thr_alarm
(
&
alarmed
,(
uint
)
net
->
write_timeout
,
&
alarm_buff
);
#else
alarmed
=
0
;
vio_timeout
(
net
->
vio
,
net
->
write_timeout
);
#endif
/* NO_ALARM */
pos
=
(
char
*
)
packet
;
end
=
pos
+
len
;
...
...
@@ -623,6 +624,8 @@ my_real_read(NET *net, ulong *complen)
#ifndef NO_ALARM
if
(
net_blocking
)
thr_alarm
(
&
alarmed
,
net
->
read_timeout
,
&
alarm_buff
);
#else
vio_timeout
(
net
->
vio
,
net
->
read_timeout
);
#endif
/* NO_ALARM */
pos
=
net
->
buff
+
net
->
where_b
;
/* net->packet -4 */
...
...
sql/sql_acl.cc
View file @
522a3220
...
...
@@ -531,6 +531,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
(
my_bool
)
old_ver
)))
{
Vio
*
vio
=
thd
->
net
.
vio
;
#ifdef HAVE_OPENSSL
SSL
*
ssl
=
(
SSL
*
)
vio
->
ssl_arg
;
#endif
/*
In this point we know that user is allowed to connect
from given host by given username/password pair. Now
...
...
@@ -553,8 +556,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
we should reject connection.
*/
if
(
vio_type
(
vio
)
==
VIO_TYPE_SSL
&&
SSL_get_verify_result
(
vio
->
ssl_
)
==
X509_V_OK
&&
SSL_get_peer_certificate
(
vio
->
ssl_
))
SSL_get_verify_result
(
ssl
)
==
X509_V_OK
&&
SSL_get_peer_certificate
(
ssl
))
user_access
=
acl_user
->
access
;
break
;
case
SSL_TYPE_SPECIFIED
:
/* Client should have specified attrib */
...
...
@@ -563,28 +566,28 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
we should reject connection.
*/
if
(
vio_type
(
vio
)
==
VIO_TYPE_SSL
&&
SSL_get_verify_result
(
vio
->
ssl_
)
==
X509_V_OK
)
SSL_get_verify_result
(
ssl
)
==
X509_V_OK
)
{
if
(
acl_user
->
ssl_cipher
)
{
DBUG_PRINT
(
"info"
,(
"comparing ciphers: '%s' and '%s'"
,
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)));
if
(
!
strcmp
(
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
)))
SSL_get_cipher
(
ssl
)));
if
(
!
strcmp
(
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
ssl
)))
user_access
=
acl_user
->
access
;
else
{
if
(
global_system_variables
.
log_warnings
)
sql_print_error
(
"X509 ciphers mismatch: should be '%s' but is '%s'"
,
acl_user
->
ssl_cipher
,
SSL_get_cipher
(
vio
->
ssl_
));
SSL_get_cipher
(
ssl
));
user_access
=
NO_ACCESS
;
break
;
}
}
/* Prepare certificate (if exists) */
DBUG_PRINT
(
"info"
,(
"checkpoint 1"
));
X509
*
cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
X509
*
cert
=
SSL_get_peer_certificate
(
ssl
);
DBUG_PRINT
(
"info"
,(
"checkpoint 2"
));
/* If X509 issuer is speified, we check it... */
if
(
acl_user
->
x509_issuer
)
...
...
sql/sql_show.cc
View file @
522a3220
...
...
@@ -1274,77 +1274,77 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
case
SHOW_SSL_CTX_SESS_ACCEPT
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_accept
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_accept
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_ACCEPT_GOOD
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_accept_good
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_accept_good
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_CONNECT_GOOD
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_connect_good
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_connect_good
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_accept_renegotiate
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_accept_renegotiate
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_connect_renegotiate
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_connect_renegotiate
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_CB_HITS
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_cb_hits
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_cb_hits
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_HITS
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_hits
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_hits
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_CACHE_FULL
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_cache_full
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_cache_full
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_MISSES
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_misses
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_misses
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_TIMEOUTS
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_timeouts
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_timeouts
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_NUMBER
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_number
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_number
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_CONNECT
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_connect
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_connect
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_SESS_GET_CACHE_SIZE
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_sess_get_cache_size
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_sess_get_cache_size
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_GET_VERIFY_MODE
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_get_verify_mode
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_get_verify_mode
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_GET_VERIFY_DEPTH
:
net_store_data
(
&
packet2
,(
uint32
)
(
!
ssl_acceptor_fd
?
0
:
SSL_CTX_get_verify_depth
(
ssl_acceptor_fd
->
ssl_context
_
)));
SSL_CTX_get_verify_depth
(
ssl_acceptor_fd
->
ssl_context
)));
break
;
case
SHOW_SSL_CTX_GET_SESSION_CACHE_MODE
:
if
(
!
ssl_acceptor_fd
)
...
...
@@ -1352,7 +1352,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
net_store_data
(
&
packet2
,
"NONE"
);
break
;
}
switch
(
SSL_CTX_get_session_cache_mode
(
ssl_acceptor_fd
->
ssl_context
_
))
switch
(
SSL_CTX_get_session_cache_mode
(
ssl_acceptor_fd
->
ssl_context
))
{
case
SSL_SESS_CACHE_OFF
:
net_store_data
(
&
packet2
,
"OFF"
);
...
...
@@ -1379,37 +1379,38 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
break
;
/* First group - functions relying on SSL */
case
SHOW_SSL_GET_VERSION
:
net_store_data
(
&
packet2
,
thd
->
net
.
vio
->
ssl_
?
SSL_get_version
(
thd
->
net
.
vio
->
ssl_
)
:
""
);
net_store_data
(
&
packet2
,
thd
->
net
.
vio
->
ssl_
arg
?
SSL_get_version
(
(
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
)
:
""
);
break
;
case
SHOW_SSL_SESSION_REUSED
:
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
?
SSL_session_reused
(
thd
->
net
.
vio
->
ssl_
)
:
0
));
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
arg
?
SSL_session_reused
(
(
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
)
:
0
));
break
;
case
SHOW_SSL_GET_DEFAULT_TIMEOUT
:
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
?
SSL_get_default_timeout
(
thd
->
net
.
vio
->
ssl_
)
:
0
));
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_arg
?
SSL_get_default_timeout
((
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
)
:
0
));
break
;
case
SHOW_SSL_GET_VERIFY_MODE
:
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
?
SSL_get_verify_mode
(
thd
->
net
.
vio
->
ssl_
)
:
0
));
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
arg
?
SSL_get_verify_mode
(
(
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
)
:
0
));
break
;
case
SHOW_SSL_GET_VERIFY_DEPTH
:
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
?
SSL_get_verify_depth
(
thd
->
net
.
vio
->
ssl_
)
:
0
));
net_store_data
(
&
packet2
,(
uint32
)
(
thd
->
net
.
vio
->
ssl_
arg
?
SSL_get_verify_depth
(
(
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
)
:
0
));
break
;
case
SHOW_SSL_GET_CIPHER
:
net_store_data
(
&
packet2
,
thd
->
net
.
vio
->
ssl_
?
SSL_get_cipher
(
thd
->
net
.
vio
->
ssl_
)
:
""
);
net_store_data
(
&
packet2
,
thd
->
net
.
vio
->
ssl_
arg
?
SSL_get_cipher
(
(
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
)
:
""
);
break
;
case
SHOW_SSL_GET_CIPHER_LIST
:
if
(
thd
->
net
.
vio
->
ssl_
)
if
(
thd
->
net
.
vio
->
ssl_
arg
)
{
char
buf
[
1024
],
*
pos
;
pos
=
buf
;
for
(
int
i
=
0
;
i
++
;)
{
const
char
*
p
=
SSL_get_cipher_list
(
thd
->
net
.
vio
->
ssl_
,
i
);
const
char
*
p
=
SSL_get_cipher_list
(
(
SSL
*
)
thd
->
net
.
vio
->
ssl_arg
,
i
);
if
(
p
==
NULL
)
break
;
pos
=
strmov
(
pos
,
p
);
...
...
vio/vio.c
View file @
522a3220
...
...
@@ -21,13 +21,7 @@
the file descriptior.
*/
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <my_sys.h>
#include <m_string.h>
#include <violite.h>
#include <errno.h>
#include "vio_priv.h"
/*
* Helper to fill most of the Vio* with defaults.
...
...
@@ -61,6 +55,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
vio
->
in_addr
=
vio_ssl_in_addr
;
vio
->
vioblocking
=
vio_ssl_blocking
;
vio
->
is_blocking
=
vio_is_blocking
;
vio
->
timeout
=
vio_ssl_timeout
;
}
else
/* default is VIO_TYPE_TCPIP */
#endif
/* HAVE_OPENSSL */
...
...
@@ -77,6 +72,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
vio
->
in_addr
=
vio_in_addr
;
vio
->
vioblocking
=
vio_blocking
;
vio
->
is_blocking
=
vio_is_blocking
;
vio
->
timeout
=
vio_timeout
;
}
#endif
/* HAVE_VIO */
DBUG_VOID_RETURN
;
...
...
vio/vio_priv.h
0 → 100644
View file @
522a3220
/* Copyright (C) 2003 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/* Structures and functions private to the vio package */
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <my_sys.h>
#include <m_string.h>
#include <violite.h>
#ifdef HAVE_OPENSSL
#include "my_net.h"
/* needed because of struct in_addr */
void
vio_ssl_delete
(
Vio
*
vio
);
int
vio_ssl_read
(
Vio
*
vio
,
gptr
buf
,
int
size
);
int
vio_ssl_write
(
Vio
*
vio
,
const
gptr
buf
,
int
size
);
void
vio_ssl_timeout
(
Vio
*
vio
,
uint
timeout
);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int
vio_ssl_fastsend
(
Vio
*
vio
);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int
vio_ssl_keepalive
(
Vio
*
vio
,
my_bool
onoff
);
/* Whenever we should retry the last read/write operation. */
my_bool
vio_ssl_should_retry
(
Vio
*
vio
);
/* When the workday is over... */
int
vio_ssl_close
(
Vio
*
vio
);
/* Return last error number */
int
vio_ssl_errno
(
Vio
*
vio
);
my_bool
vio_ssl_peer_addr
(
Vio
*
vio
,
char
*
buf
,
uint16
*
port
);
void
vio_ssl_in_addr
(
Vio
*
vio
,
struct
in_addr
*
in
);
int
vio_ssl_blocking
(
Vio
*
vio
,
my_bool
set_blocking_mode
,
my_bool
*
old_mode
);
/* Single copy for server */
enum
vio_ssl_acceptorfd_state
{
state_connect
=
1
,
state_accept
=
2
};
#endif
/* HAVE_OPENSSL */
vio/viosocket.c
View file @
522a3220
...
...
@@ -21,19 +21,7 @@
the file descriptior.
*/
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <errno.h>
#include <my_sys.h>
#include <violite.h>
#include <my_net.h>
#include <m_string.h>
#ifndef __WIN__
#define HANDLE void *
#endif
#include "vio_priv.h"
void
vio_delete
(
Vio
*
vio
)
{
...
...
@@ -334,3 +322,14 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
DBUG_RETURN
(
fds
.
revents
&
POLLIN
?
0
:
1
);
#endif
}
void
vio_timeout
(
Vio
*
vio
__attribute__
((
unused
)),
uint
timeout
__attribute__
((
unused
)))
{
#ifdef __WIN__
ulong
wait_timeout
=
(
ulong
)
timeout
*
1000
;
(
void
)
setsockopt
(
vio
->
sd
,
SOL_SOCKET
,
SO_RCVTIMEO
,
(
char
*
)
&
wait_timeout
,
sizeof
(
wait_timeout
));
#endif
/* __WIN__ */
}
vio/viossl.c
View file @
522a3220
...
...
@@ -21,23 +21,10 @@
the file descriptior.
*/
#include
<my_global.h>
#include
"vio_priv.h"
#ifdef HAVE_OPENSSL
#include <mysql_com.h>
#include <errno.h>
#include <assert.h>
#include <violite.h>
#include <my_sys.h>
#include <my_net.h>
#include <m_string.h>
#ifndef __WIN__
#define HANDLE void *
#endif
static
void
report_errors
()
{
...
...
@@ -88,11 +75,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
int
r
;
DBUG_ENTER
(
"vio_ssl_read"
);
DBUG_PRINT
(
"enter"
,
(
"sd=%d, buf=%p, size=%d, ssl_=%p"
,
vio
->
sd
,
buf
,
size
,
vio
->
ssl_
));
vio
->
sd
,
buf
,
size
,
vio
->
ssl_
arg
));
if
((
r
=
SSL_read
(
vio
->
ssl_
,
buf
,
size
))
<
0
)
if
((
r
=
SSL_read
(
(
SSL
*
)
vio
->
ssl_arg
,
buf
,
size
))
<
0
)
{
int
err
=
SSL_get_error
(
vio
->
ssl_
,
r
);
int
err
=
SSL_get_error
(
(
SSL
*
)
vio
->
ssl_arg
,
r
);
DBUG_PRINT
(
"error"
,(
"SSL_read(): %d SSL_get_error(): %d"
,
r
,
err
));
report_errors
();
}
...
...
@@ -107,7 +94,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
DBUG_ENTER
(
"vio_ssl_write"
);
DBUG_PRINT
(
"enter"
,
(
"sd=%d, buf=%p, size=%d"
,
vio
->
sd
,
buf
,
size
));
if
((
r
=
SSL_write
(
vio
->
ssl_
,
buf
,
size
))
<
0
)
if
((
r
=
SSL_write
(
(
SSL
*
)
vio
->
ssl_arg
,
buf
,
size
))
<
0
)
report_errors
();
DBUG_PRINT
(
"exit"
,
(
"%d"
,
r
));
DBUG_RETURN
(
r
);
...
...
@@ -171,11 +158,11 @@ int vio_ssl_close(Vio * vio)
int
r
;
DBUG_ENTER
(
"vio_ssl_close"
);
r
=
0
;
if
(
vio
->
ssl_
)
if
(
(
SSL
*
)
vio
->
ssl_arg
)
{
r
=
SSL_shutdown
(
vio
->
ssl_
);
SSL_free
(
vio
->
ssl_
);
vio
->
ssl_
=
0
;
r
=
SSL_shutdown
(
(
SSL
*
)
vio
->
ssl_arg
);
SSL_free
(
(
SSL
*
)
vio
->
ssl_arg
);
vio
->
ssl_
arg
=
0
;
}
if
(
vio
->
sd
>=
0
)
{
...
...
@@ -273,8 +260,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
net_blocking
=
vio_is_blocking
(
vio
);
vio_blocking
(
vio
,
1
,
&
unused
);
/* Must be called before reset */
vio_reset
(
vio
,
VIO_TYPE_SSL
,
vio
->
sd
,
0
,
FALSE
);
vio
->
ssl_
=
0
;
if
(
!
(
vio
->
ssl_
=
SSL_new
(
ptr
->
ssl_context_
)))
vio
->
ssl_
arg
=
0
;
if
(
!
(
vio
->
ssl_
arg
=
(
void
*
)
SSL_new
(
ptr
->
ssl_context
)))
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
();
...
...
@@ -282,25 +269,25 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
DBUG_PRINT
(
"info"
,
(
"ssl_=%p timeout=%ld"
,
vio
->
ssl_
,
timeout
));
SSL_clear
(
vio
->
ssl_
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
vio
->
ssl_
),
timeout
);
SSL_set_fd
(
vio
->
ssl_
,
vio
->
sd
);
SSL_set_accept_state
(
vio
->
ssl_
);
if
(
SSL_do_handshake
(
vio
->
ssl_
)
<
1
)
DBUG_PRINT
(
"info"
,
(
"ssl_=%p timeout=%ld"
,
(
SSL
*
)
vio
->
ssl_arg
,
timeout
));
SSL_clear
(
(
SSL
*
)
vio
->
ssl_arg
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
(
SSL
*
)
vio
->
ssl_arg
),
timeout
);
SSL_set_fd
(
(
SSL
*
)
vio
->
ssl_arg
,
vio
->
sd
);
SSL_set_accept_state
(
(
SSL
*
)
vio
->
ssl_arg
);
if
(
SSL_do_handshake
(
(
SSL
*
)
vio
->
ssl_arg
)
<
1
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_do_handshake failure"
));
report_errors
();
SSL_free
(
vio
->
ssl_
);
vio
->
ssl_
=
0
;
SSL_free
(
(
SSL
*
)
vio
->
ssl_arg
);
vio
->
ssl_
arg
=
0
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
#ifndef DBUF_OFF
DBUG_PRINT
(
"info"
,(
"SSL_get_cipher_name() = '%s'"
,
SSL_get_cipher_name
(
vio
->
ssl_
)));
client_cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
,
SSL_get_cipher_name
(
(
SSL
*
)
vio
->
ssl_arg
)));
client_cert
=
SSL_get_peer_certificate
(
(
SSL
*
)
vio
->
ssl_arg
);
if
(
client_cert
!=
NULL
)
{
DBUG_PRINT
(
"info"
,(
"Client certificate:"
));
...
...
@@ -317,7 +304,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
else
DBUG_PRINT
(
"info"
,(
"Client does not have certificate."
));
str
=
SSL_get_shared_ciphers
(
vio
->
ssl_
,
buf
,
sizeof
(
buf
));
str
=
SSL_get_shared_ciphers
(
(
SSL
*
)
vio
->
ssl_arg
,
buf
,
sizeof
(
buf
));
if
(
str
)
{
DBUG_PRINT
(
"info"
,(
"SSL_get_shared_ciphers() returned '%s'"
,
str
));
...
...
@@ -340,14 +327,14 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
my_bool
net_blocking
;
enum
enum_vio_type
old_type
;
DBUG_ENTER
(
"sslconnect"
);
DBUG_PRINT
(
"enter"
,
(
"sd=%d ptr=%p ctx: %p"
,
vio
->
sd
,
ptr
,
ptr
->
ssl_context
_
));
DBUG_PRINT
(
"enter"
,
(
"sd=%d ptr=%p ctx: %p"
,
vio
->
sd
,
ptr
,
ptr
->
ssl_context
));
old_type
=
vio
->
type
;
net_blocking
=
vio_is_blocking
(
vio
);
vio_blocking
(
vio
,
1
,
&
unused
);
/* Must be called before reset */
vio_reset
(
vio
,
VIO_TYPE_SSL
,
vio
->
sd
,
0
,
FALSE
);
vio
->
ssl_
=
0
;
if
(
!
(
vio
->
ssl_
=
SSL_new
(
ptr
->
ssl_context_
)))
vio
->
ssl_
arg
=
0
;
if
(
!
(
vio
->
ssl_
arg
=
SSL_new
(
ptr
->
ssl_context
)))
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
();
...
...
@@ -355,25 +342,25 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
DBUG_PRINT
(
"info"
,
(
"ssl_=%p timeout=%ld"
,
vio
->
ssl_
,
timeout
));
SSL_clear
(
vio
->
ssl_
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
vio
->
ssl_
),
timeout
);
SSL_set_fd
(
vio
->
ssl_
,
vio
->
sd
);
SSL_set_connect_state
(
vio
->
ssl_
);
if
(
SSL_do_handshake
(
vio
->
ssl_
)
<
1
)
DBUG_PRINT
(
"info"
,
(
"ssl_=%p timeout=%ld"
,
(
SSL
*
)
vio
->
ssl_arg
,
timeout
));
SSL_clear
(
(
SSL
*
)
vio
->
ssl_arg
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
(
SSL
*
)
vio
->
ssl_arg
),
timeout
);
SSL_set_fd
(
(
SSL
*
)
vio
->
ssl_arg
,
vio
->
sd
);
SSL_set_connect_state
(
(
SSL
*
)
vio
->
ssl_arg
);
if
(
SSL_do_handshake
(
(
SSL
*
)
vio
->
ssl_arg
)
<
1
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_do_handshake failure"
));
report_errors
();
SSL_free
(
vio
->
ssl_
);
vio
->
ssl_
=
0
;
SSL_free
(
(
SSL
*
)
vio
->
ssl_arg
);
vio
->
ssl_
arg
=
0
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
#ifndef DBUG_OFF
DBUG_PRINT
(
"info"
,(
"SSL_get_cipher_name() = '%s'"
,
SSL_get_cipher_name
(
vio
->
ssl_
)));
server_cert
=
SSL_get_peer_certificate
(
vio
->
ssl_
);
,
SSL_get_cipher_name
(
(
SSL
*
)
vio
->
ssl_arg
)));
server_cert
=
SSL_get_peer_certificate
(
(
SSL
*
)
vio
->
ssl_arg
);
if
(
server_cert
!=
NULL
)
{
DBUG_PRINT
(
"info"
,(
"Server certificate:"
));
...
...
@@ -407,4 +394,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)),
return
set_blocking_mode
?
0
:
1
;
}
void
vio_ssl_timeout
(
Vio
*
vio
__attribute__
((
unused
)),
uint
timeout
__attribute__
((
unused
)))
{
/* Not yet implemented (non critical) */
}
#endif
/* HAVE_OPENSSL */
vio/viosslfactories.c
View file @
522a3220
...
...
@@ -14,15 +14,10 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#include
<my_global.h>
#include
"vio_priv.h"
#ifdef HAVE_OPENSSL
#include <mysql_com.h>
#include <my_sys.h>
#include <violite.h>
static
bool
ssl_algorithms_added
=
FALSE
;
static
bool
ssl_error_strings_loaded
=
FALSE
;
static
int
verify_depth
=
0
;
...
...
@@ -203,8 +198,8 @@ new_VioSSLConnectorFd(const char* key_file,
my_malloc
(
sizeof
(
struct
st_VioSSLConnectorFd
),
MYF
(
0
)))))
DBUG_RETURN
(
0
);
ptr
->
ssl_context
_
=
0
;
ptr
->
ssl_method
_
=
0
;
ptr
->
ssl_context
=
0
;
ptr
->
ssl_method
=
0
;
/* FIXME: constants! */
if
(
!
ssl_algorithms_added
)
...
...
@@ -219,10 +214,10 @@ new_VioSSLConnectorFd(const char* key_file,
ssl_error_strings_loaded
=
TRUE
;
SSL_load_error_strings
();
}
ptr
->
ssl_method
_
=
TLSv1_client_method
();
ptr
->
ssl_context
_
=
SSL_CTX_new
(
ptr
->
ssl_method_
);
DBUG_PRINT
(
"info"
,
(
"ssl_context
_: %p"
,
ptr
->
ssl_context_
));
if
(
ptr
->
ssl_context
_
==
0
)
ptr
->
ssl_method
=
TLSv1_client_method
();
ptr
->
ssl_context
=
SSL_CTX_new
(
ptr
->
ssl_method
);
DBUG_PRINT
(
"info"
,
(
"ssl_context
: %p"
,
ptr
->
ssl_context
));
if
(
ptr
->
ssl_context
==
0
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_CTX_new failed"
));
report_errors
();
...
...
@@ -234,20 +229,20 @@ new_VioSSLConnectorFd(const char* key_file,
*/
if
(
cipher
)
{
result
=
SSL_CTX_set_cipher_list
(
ptr
->
ssl_context
_
,
cipher
);
result
=
SSL_CTX_set_cipher_list
(
ptr
->
ssl_context
,
cipher
);
DBUG_PRINT
(
"info"
,(
"SSL_set_cipher_list() returned %d"
,
result
));
}
SSL_CTX_set_verify
(
ptr
->
ssl_context
_
,
verify
,
vio_verify_callback
);
if
(
vio_set_cert_stuff
(
ptr
->
ssl_context
_
,
cert_file
,
key_file
)
==
-
1
)
SSL_CTX_set_verify
(
ptr
->
ssl_context
,
verify
,
vio_verify_callback
);
if
(
vio_set_cert_stuff
(
ptr
->
ssl_context
,
cert_file
,
key_file
)
==
-
1
)
{
DBUG_PRINT
(
"error"
,
(
"vio_set_cert_stuff failed"
));
report_errors
();
goto
ctor_failure
;
}
if
(
SSL_CTX_load_verify_locations
(
ptr
->
ssl_context
_
,
ca_file
,
ca_path
)
==
0
)
if
(
SSL_CTX_load_verify_locations
(
ptr
->
ssl_context
,
ca_file
,
ca_path
)
==
0
)
{
DBUG_PRINT
(
"warning"
,
(
"SSL_CTX_load_verify_locations failed"
));
if
(
SSL_CTX_set_default_verify_paths
(
ptr
->
ssl_context
_
)
==
0
)
if
(
SSL_CTX_set_default_verify_paths
(
ptr
->
ssl_context
)
==
0
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_CTX_set_default_verify_paths failed"
));
report_errors
();
...
...
@@ -257,7 +252,7 @@ new_VioSSLConnectorFd(const char* key_file,
/* DH stuff */
dh
=
get_dh512
();
SSL_CTX_set_tmp_dh
(
ptr
->
ssl_context
_
,
dh
);
SSL_CTX_set_tmp_dh
(
ptr
->
ssl_context
,
dh
);
DH_free
(
dh
);
DBUG_RETURN
(
ptr
);
...
...
@@ -292,10 +287,10 @@ new_VioSSLAcceptorFd(const char *key_file,
ptr
=
((
struct
st_VioSSLAcceptorFd
*
)
my_malloc
(
sizeof
(
struct
st_VioSSLAcceptorFd
),
MYF
(
0
)));
ptr
->
ssl_context
_
=
0
;
ptr
->
ssl_method
_
=
0
;
ptr
->
ssl_context
=
0
;
ptr
->
ssl_method
=
0
;
/* FIXME: constants! */
ptr
->
session_id_context
_
=
ptr
;
ptr
->
session_id_context
=
ptr
;
if
(
!
ssl_algorithms_added
)
{
...
...
@@ -310,9 +305,9 @@ new_VioSSLAcceptorFd(const char *key_file,
ssl_error_strings_loaded
=
TRUE
;
SSL_load_error_strings
();
}
ptr
->
ssl_method
_
=
TLSv1_server_method
();
ptr
->
ssl_context
_
=
SSL_CTX_new
(
ptr
->
ssl_method_
);
if
(
ptr
->
ssl_context
_
==
0
)
ptr
->
ssl_method
=
TLSv1_server_method
();
ptr
->
ssl_context
=
SSL_CTX_new
(
ptr
->
ssl_method
);
if
(
ptr
->
ssl_context
==
0
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_CTX_new failed"
));
report_errors
();
...
...
@@ -320,31 +315,31 @@ new_VioSSLAcceptorFd(const char *key_file,
}
if
(
cipher
)
{
result
=
SSL_CTX_set_cipher_list
(
ptr
->
ssl_context
_
,
cipher
);
result
=
SSL_CTX_set_cipher_list
(
ptr
->
ssl_context
,
cipher
);
DBUG_PRINT
(
"info"
,(
"SSL_set_cipher_list() returned %d"
,
result
));
}
/* SSL_CTX_set_quiet_shutdown(ctx,1); */
SSL_CTX_sess_set_cache_size
(
ptr
->
ssl_context
_
,
128
);
SSL_CTX_sess_set_cache_size
(
ptr
->
ssl_context
,
128
);
/* DH? */
SSL_CTX_set_verify
(
ptr
->
ssl_context
_
,
verify
,
vio_verify_callback
);
SSL_CTX_set_session_id_context
(
ptr
->
ssl_context
_
,
(
const
uchar
*
)
&
(
ptr
->
session_id_context
_
),
sizeof
(
ptr
->
session_id_context
_
));
SSL_CTX_set_verify
(
ptr
->
ssl_context
,
verify
,
vio_verify_callback
);
SSL_CTX_set_session_id_context
(
ptr
->
ssl_context
,
(
const
uchar
*
)
&
(
ptr
->
session_id_context
),
sizeof
(
ptr
->
session_id_context
));
/*
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
*/
if
(
vio_set_cert_stuff
(
ptr
->
ssl_context
_
,
cert_file
,
key_file
)
==
-
1
)
if
(
vio_set_cert_stuff
(
ptr
->
ssl_context
,
cert_file
,
key_file
)
==
-
1
)
{
DBUG_PRINT
(
"error"
,
(
"vio_set_cert_stuff failed"
));
report_errors
();
goto
ctor_failure
;
}
if
(
SSL_CTX_load_verify_locations
(
ptr
->
ssl_context
_
,
ca_file
,
ca_path
)
==
0
)
if
(
SSL_CTX_load_verify_locations
(
ptr
->
ssl_context
,
ca_file
,
ca_path
)
==
0
)
{
DBUG_PRINT
(
"warning"
,
(
"SSL_CTX_load_verify_locations failed"
));
if
(
SSL_CTX_set_default_verify_paths
(
ptr
->
ssl_context
_
)
==
0
)
if
(
SSL_CTX_set_default_verify_paths
(
ptr
->
ssl_context
)
==
0
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_CTX_set_default_verify_paths failed"
));
report_errors
();
...
...
@@ -353,7 +348,7 @@ new_VioSSLAcceptorFd(const char *key_file,
}
/* DH stuff */
dh
=
get_dh512
();
SSL_CTX_set_tmp_dh
(
ptr
->
ssl_context
_
,
dh
);
SSL_CTX_set_tmp_dh
(
ptr
->
ssl_context
,
dh
);
DH_free
(
dh
);
DBUG_RETURN
(
ptr
);
...
...
@@ -362,6 +357,4 @@ new_VioSSLAcceptorFd(const char *key_file,
my_free
((
gptr
)
ptr
,
MYF
(
0
));
DBUG_RETURN
(
0
);
}
#endif
/* HAVE_OPENSSL */
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment