Merge bk-internal.mysql.com:/home/bk/mysql-4.0

into narttu.mysql.fi:/my/mysql-4.0

.bzrignore

@@ -536,3 +536,5 @@ Docs/internals.pdf
 Docs/internals.txt
 Docs/internals_toc.html
 scripts/make_win_src_distribution
+libmysql/vio_priv.h
+libmysql_r/vio_priv.h

client/mysql.cc

@@ -708,6 +708,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
     break;
   case 'W':
 #ifdef __WIN__
+    my_free(opt_mysql_unix_port, MYF(MY_ALLOW_ZERO_PTR));
     opt_mysql_unix_port= my_strdup(MYSQL_NAMEDPIPE, MYF(0));
 #endif
     break;
@@ -2329,10 +2330,10 @@ com_status(String *buffer __attribute__((unused)),
       (void) mysql_fetch_row(result);		// Read eof
     }
 #ifdef HAVE_OPENSSL
-    if (mysql.net.vio && mysql.net.vio->ssl_ &&
-	SSL_get_cipher(mysql.net.vio->ssl_))
+    if (mysql.net.vio && mysql.net.vio->ssl_arg &&
+	SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg))
       tee_fprintf(stdout, "SSL:\t\t\tCipher in use is %s\n",
-		  SSL_get_cipher(mysql.net.vio->ssl_));
+		  SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg));
     else
 #endif /* HAVE_OPENSSL */
       tee_puts("SSL:\t\t\tNot in use", stdout);

include/violite.h

@@ -43,6 +43,7 @@ Vio*	vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost);
 Vio*	vio_new_win32pipe(HANDLE hPipe);
 #endif
 void	vio_delete(Vio* vio);
+int	vio_close(Vio* vio);
 
 #ifdef EMBEDDED_LIBRARY
 void vio_reset(Vio *vio);
@@ -51,146 +52,85 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
 	       my_socket sd, HANDLE hPipe, my_bool localhost);
 #endif
 
-/*
- * vio_read and vio_write should have the same semantics
- * as read(2) and write(2).
- */
 int	vio_read(Vio *vio, gptr	buf, int size);
 int	vio_write(Vio *vio, const gptr buf, int size);
-/*
- * Whenever the socket is set to blocking mode or not.
- */
 int	vio_blocking(Vio *vio, my_bool onoff, my_bool *old_mode);
 my_bool	vio_is_blocking(Vio *vio);
-/*
- * setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible.
- */
+/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible */
 int	vio_fastsend(Vio *vio);
-/*
- * setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible.
- */
+/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible */
 int	vio_keepalive(Vio *vio, my_bool	onoff);
-/*
- * Whenever we should retry the last read/write operation.
- */
+/* Whenever we should retry the last read/write operation. */
 my_bool	vio_should_retry(Vio *vio);
-/*
- * When the workday is over...
- */
-int	vio_close(Vio* vio);
-/*
- * Short text description of the socket for those, who are curious..
- */
+/* Short text description of the socket for those, who are curious.. */
 const char* vio_description(Vio *vio);
-
 /* Return the type of the connection */
 enum enum_vio_type vio_type(Vio* vio);
-
 /* Return last error number */
 int vio_errno(Vio*vio);
-
 /* Get socket number */
 my_socket vio_fd(Vio*vio);
-
-/*
- * Remote peer's address and name in text form.
- */
+/* Remote peer's address and name in text form */
 my_bool vio_peer_addr(Vio* vio, char *buf, uint16 *port);
-
 /* Remotes in_addr */
-
 void vio_in_addr(Vio *vio, struct in_addr *in);
-
 my_bool vio_poll_read(Vio *vio,uint timeout);
-
-#ifdef	__cplusplus
-}
-#endif
-
-#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
-#define vio_delete(vio) 			(vio)->viodelete(vio)
-#define vio_errno(vio)	 			(vio)->vioerrno(vio)
-#define vio_read(vio, buf, size) 		(vio)->read(vio,buf,size)
-#define vio_write(vio, buf, size) 		(vio)->write(vio, buf, size)
-#define vio_blocking(vio, set_blocking_mode, old_mode)\
- 	(vio)->vioblocking(vio, set_blocking_mode, old_mode)
-#define vio_is_blocking(vio) 			(vio)->is_blocking(vio)
-#define vio_fastsend(vio)			(vio)->fastsend(vio)
-#define vio_keepalive(vio, set_keep_alive)	(vio)->viokeepalive(vio, set_keep_alive)
-#define vio_should_retry(vio) 			(vio)->should_retry(vio)
-#define vio_close(vio)				((vio)->vioclose)(vio)
-#define vio_peer_addr(vio, buf, prt)		(vio)->peer_addr(vio, buf, prt)
-#define vio_in_addr(vio, in)			(vio)->in_addr(vio, in)
-#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
+void vio_timeout(Vio *vio,uint timeout);
 
 #ifdef HAVE_OPENSSL
 #define HEADER_DES_LOCL_H dummy_something
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include "my_net.h"			/* needed because of struct in_addr */
-
-#ifdef	__cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-void	vio_ssl_delete(Vio* vio);
-
-int	vio_ssl_read(Vio* vio,gptr buf,	int size);
-int	vio_ssl_write(Vio* vio,const gptr buf,int size);
-
-/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
-  int vio_ssl_fastsend(Vio* vio);
-/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
-int vio_ssl_keepalive(Vio* vio, my_bool onoff);
-/* Whenever we should retry the last read/write operation. */
-my_bool vio_ssl_should_retry(Vio* vio);
-/* When the workday is over... */
-int vio_ssl_close(Vio* vio);
-/* Return last error number */
-int vio_ssl_errno(Vio *vio);
-my_bool vio_ssl_peer_addr(Vio* vio, char *buf, uint16 *port);
-void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
-int vio_ssl_blocking(Vio * vio, my_bool set_blocking_mode, my_bool *old_mode);
-
-/* Single copy for server */
-enum vio_ssl_acceptorfd_state
-{
-  state_connect       = 1,
-  state_accept        = 2
-};
 
 struct st_VioSSLAcceptorFd 
 {
-  SSL_CTX* ssl_context_;
-  SSL_METHOD* ssl_method_;
-  struct st_VioSSLAcceptorFd* session_id_context_;
+  SSL_CTX *ssl_context;
+  SSL_METHOD *ssl_method;
+  struct st_VioSSLAcceptorFd *session_id_context;
 };
 
 /* One copy for client */
 struct st_VioSSLConnectorFd
 {
-  SSL_CTX* ssl_context_;
+  SSL_CTX *ssl_context;
   /* function pointers which are only once for SSL client */ 
-  SSL_METHOD* ssl_method_;
+  SSL_METHOD *ssl_method;
 };
 
-int sslaccept(struct st_VioSSLAcceptorFd*, Vio*, long timeout);
-int sslconnect(struct st_VioSSLConnectorFd*, Vio*, long timeout);
+int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout);
+int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout);
 
 struct st_VioSSLConnectorFd
-*new_VioSSLConnectorFd(const char* key_file, const char* cert_file,
-		       const char* ca_file,  const char* ca_path,
-		       const char* cipher);
+*new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
+		       const char *ca_file,  const char *ca_path,
+		       const char *cipher);
 struct st_VioSSLAcceptorFd
-*new_VioSSLAcceptorFd(const char* key_file, const char* cert_file,
-		      const char* ca_file,const char* ca_path,
-		      const char* cipher);
-Vio* new_VioSSL(struct st_VioSSLAcceptorFd* fd, Vio* sd,int state);
+*new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
+		      const char *ca_file,const char *ca_path,
+		      const char *cipher);
+Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state);
+#endif
 
 #ifdef	__cplusplus
 }
 #endif
-#endif /* HAVE_OPENSSL */
+
+#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO)
+#define vio_delete(vio) 			(vio)->viodelete(vio)
+#define vio_errno(vio)	 			(vio)->vioerrno(vio)
+#define vio_read(vio, buf, size) 		(vio)->read(vio,buf,size)
+#define vio_write(vio, buf, size) 		(vio)->write(vio, buf, size)
+#define vio_blocking(vio, set_blocking_mode, old_mode)\
+ 	(vio)->vioblocking(vio, set_blocking_mode, old_mode)
+#define vio_is_blocking(vio) 			(vio)->is_blocking(vio)
+#define vio_fastsend(vio)			(vio)->fastsend(vio)
+#define vio_keepalive(vio, set_keep_alive)	(vio)->viokeepalive(vio, set_keep_alive)
+#define vio_should_retry(vio) 			(vio)->should_retry(vio)
+#define vio_close(vio)				((vio)->vioclose)(vio)
+#define vio_peer_addr(vio, buf, prt)		(vio)->peer_addr(vio, buf, prt)
+#define vio_in_addr(vio, in)			(vio)->in_addr(vio, in)
+#define vio_timeout(vio, seconds)			(vio)->timeout(vio, seconds)
+#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
 
 /* This enumerator is used in parser - should be always visible */
 enum SSL_type
@@ -228,10 +168,8 @@ struct st_vio
   void    (*in_addr)(Vio*, struct in_addr*);
   my_bool (*should_retry)(Vio*);
   int     (*vioclose)(Vio*);
-
-#ifdef HAVE_OPENSSL
-  SSL* ssl_;
-#endif /* HAVE_OPENSSL */
+  void	  (*timeout)(Vio*, unsigned int timeout);
+  void	  *ssl_arg;
 #endif /* HAVE_VIO */
 };
 #endif /* EMBEDDED_LIBRARY */

libmysql/Makefile.am

@@ -41,7 +41,7 @@ link_sources:
 	    rm -f $(srcdir)/$$f; \
 	    @LN_CP_F@ $(srcdir)/../strings/$$f $(srcdir)/$$f; \
 	  done; \
-	  for f in $$vs; do \
+	  for f in $$vs $(vioheaders); do \
 	    rm -f $(srcdir)/$$f; \
 	    @LN_CP_F@ $(srcdir)/../vio/$$f $(srcdir)/$$f; \
 	  done; \

libmysql/Makefile.shared

@@ -46,6 +46,7 @@ mystringsextra= 	strto.c
 mystringsgen=	 	ctype_autoconf.c
 dbugobjects =		dbug.lo # IT IS IN SAFEMALLOC.C sanity.lo
 mysysheaders =		mysys_priv.h my_static.h
+vioheaders =		vio_priv.h
 mysysobjects1 =		my_init.lo my_static.lo my_malloc.lo my_realloc.lo \
 			my_create.lo my_delete.lo mf_tempfile.lo my_open.lo \
 			mf_casecnv.lo my_read.lo my_write.lo errors.lo \
@@ -86,7 +87,7 @@ clean-local:
 	      `echo $(mysysobjects) | sed "s;\.lo;.c;g"` \
 	      `echo $(vio_objects) | sed "s;\.lo;.c;g"` \
 	       $(CHARSET_SRCS) $(CHARSET_OBJS) \
-	       $(mystringsextra) $(mystringsgen) $(mysysheaders) \
+	       $(mystringsextra) $(mystringsgen) $(mysysheaders) $(vioheaders)\
 	       ctype_extra_sources.c net.c ../linked_client_sources
 
 ctype_extra_sources.c: conf_to_src

libmysqld/lib_vio.c

@@ -218,4 +218,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
   return 0;
 }
 
+
+void vio_timeout(Vio *vio __attribute__((unused)),
+		 uint timeout __attribute__((unused)))
+{
+}
 #endif /* HAVE_VIO */

mysql-test/include/have_openssl_2.inc

--- require r/have_openssl_2.require
-disable_query_log;
-SHOW STATUS LIKE "SSL_get_cipher";
-enable_query_log;

mysql-test/r/have_openssl_2.require

-Variable_name	Value
-jkhjkhfs

mysql-test/t/openssl_2.test

-# We want to test everything with SSL turned on. 
--- source include/have_openssl_2.inc 
-
-SHOW STATUS LIKE 'SSL%';
-

mysys/my_getopt.c

@@ -464,8 +464,7 @@ static int setval(const struct my_option *opts, char *argument,
       break;
     case GET_STR_ALLOC:
       if ((*((char**) result_pos)))
-	my_free((*(char**) result_pos),
-		MYF(MY_WME | MY_FAE));
+	my_free((*(char**) result_pos), MYF(MY_WME | MY_FAE));
       if (!(*((char**) result_pos)= my_strdup(argument, MYF(MY_WME))))
 	return EXIT_OUT_OF_MEMORY;
       break;

sql/item_cmpfunc.cc

@@ -1177,7 +1177,10 @@ Item_cond::fix_fields(THD *thd,TABLE_LIST *tables)
 {
   List_iterator<Item> li(list);
   Item *item;
+#ifndef EMBEDDED_LIBRARY			// Avoid compiler warning
   char buff[sizeof(char*)];			// Max local vars in function
+#endif
+
   not_null_tables_cache= used_tables_cache= 0;
   const_item_cache= 0;
   /*

sql/item_func.cc

@@ -59,7 +59,10 @@ bool
 Item_func::fix_fields(THD *thd,TABLE_LIST *tables)
 {
   Item **arg,**arg_end;
+#ifndef EMBEDDED_LIBRARY			// Avoid compiler warning
   char buff[STACK_BUFF_ALLOC];			// Max argument in function
+#endif
+
   binary=0;
   used_tables_cache= not_null_tables_cache= 0;
   const_item_cache=1;
@@ -1159,7 +1162,9 @@ bool
 udf_handler::fix_fields(THD *thd,TABLE_LIST *tables,Item_result_field *func,
 			uint arg_count, Item **arguments)
 {
+#ifndef EMBEDDED_LIBRARY			// Avoid compiler warning
   char buff[STACK_BUFF_ALLOC];			// Max argument in function
+#endif
   DBUG_ENTER("Item_udf_func::fix_fields");
 
   if (thd)

sql/mini_client.cc

@@ -843,7 +843,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
     }
     /* Do the SSL layering. */
     DBUG_PRINT("info", ("IO layer change in progress..."));
-    DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_));
+    DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context));
     sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio, (long)(mysql->options.connect_timeout));
     DBUG_PRINT("info", ("IO layer change done!"));
   }

sql/mysqld.cc

@@ -1136,7 +1136,14 @@ static void server_init(void)
     IPaddr.sin_family = AF_INET;
     IPaddr.sin_addr.s_addr = my_bind_addr;
     IPaddr.sin_port = (unsigned short) htons((unsigned short) mysql_port);
+
+#ifndef __WIN__
+    /*
+      We should not use SO_REUSEADDR on windows as this would enable a
+      user to open two mysqld servers with the same TCP/IP port.
+    */
     (void) setsockopt(ip_sock,SOL_SOCKET,SO_REUSEADDR,(char*)&arg,sizeof(arg));
+#endif
     if (bind(ip_sock, my_reinterpret_cast(struct sockaddr *) (&IPaddr),
 	     sizeof(IPaddr)) < 0)
     {
@@ -3011,6 +3018,12 @@ extern "C" pthread_handler_decl(handle_connections_sockets,
     }
     if (sock == unix_sock)
       thd->host=(char*) localhost;
+#ifdef __WIN__
+    /* Set default wait_timeout */
+    ulong wait_timeout= global_system_variables.net_wait_timeout * 1000;
+    (void) setsockopt(new_sock, SOL_SOCKET, SO_RCVTIMEO, (char*)&wait_timeout,
+                    sizeof(wait_timeout));
+#endif
     create_new_thread(thd);
   }
 

sql/net_serv.cc

@@ -434,6 +434,7 @@ net_real_write(NET *net,const char *packet,ulong len)
     thr_alarm(&alarmed,(uint) net->write_timeout,&alarm_buff);
 #else
   alarmed=0;
+  vio_timeout(net->vio, net->write_timeout);
 #endif /* NO_ALARM */
 
   pos=(char*) packet; end=pos+len;
@@ -623,6 +624,8 @@ my_real_read(NET *net, ulong *complen)
 #ifndef NO_ALARM
   if (net_blocking)
     thr_alarm(&alarmed,net->read_timeout,&alarm_buff);
+#else
+  vio_timeout(net->vio, net->read_timeout);
 #endif /* NO_ALARM */
 
     pos = net->buff + net->where_b;		/* net->packet -4 */

sql/sql_acl.cc

@@ -531,6 +531,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 			     (my_bool) old_ver)))
 	{
 	  Vio *vio=thd->net.vio;
+#ifdef HAVE_OPENSSL
+	  SSL *ssl= (SSL*) vio->ssl_arg;
+#endif
 	  /*
 	    In this point we know that user is allowed to connect
 	    from given host by given username/password pair. Now
@@ -553,8 +556,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      we should reject connection.
 	    */
 	    if (vio_type(vio) == VIO_TYPE_SSL && 
-	        SSL_get_verify_result(vio->ssl_) == X509_V_OK &&
-	        SSL_get_peer_certificate(vio->ssl_))
+	        SSL_get_verify_result(ssl) == X509_V_OK &&
+	        SSL_get_peer_certificate(ssl))
 	      user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
@@ -563,28 +566,28 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      we should reject connection.
 	    */
 	    if (vio_type(vio) == VIO_TYPE_SSL && 
-	        SSL_get_verify_result(vio->ssl_) == X509_V_OK)
+	        SSL_get_verify_result(ssl) == X509_V_OK)
 	    {
 	      if (acl_user->ssl_cipher)
 	      {
 		DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
 				   acl_user->ssl_cipher,
-				   SSL_get_cipher(vio->ssl_)));
-		if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
+				   SSL_get_cipher(ssl)));
+		if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(ssl)))
 		  user_access=acl_user->access;
 		else
 		{
 		  if (global_system_variables.log_warnings)
 		    sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'",
 				    acl_user->ssl_cipher,
-				    SSL_get_cipher(vio->ssl_));
+				    SSL_get_cipher(ssl));
 		  user_access=NO_ACCESS;
 		  break;
 		}
 	      }
 	      /* Prepare certificate (if exists) */
 	      DBUG_PRINT("info",("checkpoint 1"));
-	      X509* cert=SSL_get_peer_certificate(vio->ssl_);
+	      X509* cert=SSL_get_peer_certificate(ssl);
 	      DBUG_PRINT("info",("checkpoint 2"));
 	      /* If X509 issuer is speified, we check it... */
 	      if (acl_user->x509_issuer)

sql/sql_show.cc

@@ -1274,77 +1274,77 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
       case SHOW_SSL_CTX_SESS_ACCEPT:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_ACCEPT_GOOD:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_CONNECT_GOOD:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_CB_HITS:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_HITS:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_CACHE_FULL:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_MISSES:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_TIMEOUTS:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_NUMBER:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_CONNECT:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_SESS_GET_CACHE_SIZE:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_GET_VERIFY_MODE:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_GET_VERIFY_DEPTH:
 	net_store_data(&packet2,(uint32) 
 		       (!ssl_acceptor_fd ? 0 :
-			SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context_)));
+			SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context)));
         break;
       case SHOW_SSL_CTX_GET_SESSION_CACHE_MODE:
 	if (!ssl_acceptor_fd)
@@ -1352,7 +1352,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
 	  net_store_data(&packet2,"NONE" );
 	  break;
 	}
-	switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context_))
+	switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context))
 	{
           case SSL_SESS_CACHE_OFF:
             net_store_data(&packet2,"OFF" );
@@ -1379,37 +1379,38 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
         break;
 	/* First group - functions relying on SSL */
       case SHOW_SSL_GET_VERSION:
-	net_store_data(&packet2, thd->net.vio->ssl_ ? 
-			SSL_get_version(thd->net.vio->ssl_) : "");
+	net_store_data(&packet2, thd->net.vio->ssl_arg ? 
+			SSL_get_version((SSL*) thd->net.vio->ssl_arg) : "");
         break;
       case SHOW_SSL_SESSION_REUSED:
-	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? 
-			SSL_session_reused(thd->net.vio->ssl_) : 0));
+	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ? 
+			SSL_session_reused((SSL*) thd->net.vio->ssl_arg) : 0));
         break;
       case SHOW_SSL_GET_DEFAULT_TIMEOUT:
-	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
-			SSL_get_default_timeout(thd->net.vio->ssl_):0));
+	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
+			SSL_get_default_timeout((SSL*) thd->net.vio->ssl_arg) :
+					  0));
         break;
       case SHOW_SSL_GET_VERIFY_MODE:
-	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
-			SSL_get_verify_mode(thd->net.vio->ssl_):0));
+	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
+			SSL_get_verify_mode((SSL*) thd->net.vio->ssl_arg):0));
         break;
       case SHOW_SSL_GET_VERIFY_DEPTH:
-	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ?
-			SSL_get_verify_depth(thd->net.vio->ssl_):0));
+	net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
+			SSL_get_verify_depth((SSL*) thd->net.vio->ssl_arg):0));
         break;
       case SHOW_SSL_GET_CIPHER:
-	net_store_data(&packet2, thd->net.vio->ssl_ ?
-		       SSL_get_cipher(thd->net.vio->ssl_) : "");
+	net_store_data(&packet2, thd->net.vio->ssl_arg ?
+		       SSL_get_cipher((SSL*) thd->net.vio->ssl_arg) : "");
 	break;
       case SHOW_SSL_GET_CIPHER_LIST:
-	if (thd->net.vio->ssl_)
+	if (thd->net.vio->ssl_arg)
 	{
 	  char buf[1024], *pos;
 	  pos=buf;
 	  for (int i=0 ; i++ ;)
 	  {
-	    const char *p=SSL_get_cipher_list(thd->net.vio->ssl_,i);
+	    const char *p=SSL_get_cipher_list((SSL*) thd->net.vio->ssl_arg,i);
 	    if (p == NULL) 
 	      break;
 	    pos=strmov(pos, p);

vio/vio.c

@@ -21,13 +21,7 @@
   the file descriptior.
 */
 
-#define DONT_MAP_VIO
-#include <my_global.h>
-#include <mysql_com.h>
-#include <my_sys.h>
-#include <m_string.h>
-#include <violite.h>
-#include <errno.h>
+#include "vio_priv.h"
 
 /*
  * Helper to fill most of the Vio* with defaults.
@@ -61,6 +55,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
     vio->in_addr	=vio_ssl_in_addr;
     vio->vioblocking	=vio_ssl_blocking;
     vio->is_blocking	=vio_is_blocking;
+    vio->timeout	=vio_ssl_timeout;
   }
   else					/* default is VIO_TYPE_TCPIP */
 #endif /* HAVE_OPENSSL */
@@ -77,6 +72,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
     vio->in_addr	=vio_in_addr;
     vio->vioblocking	=vio_blocking;
     vio->is_blocking	=vio_is_blocking;
+    vio->timeout	=vio_timeout;
   }
 #endif /* HAVE_VIO */
   DBUG_VOID_RETURN;

vio/vio_priv.h

+/* Copyright (C) 2003 MySQL AB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
+
+/* Structures and functions private to the vio package */
+
+#define DONT_MAP_VIO
+#include <my_global.h>
+#include <mysql_com.h>
+#include <my_sys.h>
+#include <m_string.h>
+#include <violite.h>
+
+#ifdef HAVE_OPENSSL
+#include "my_net.h"			/* needed because of struct in_addr */
+
+void	vio_ssl_delete(Vio* vio);
+int	vio_ssl_read(Vio *vio,gptr buf,	int size);
+int	vio_ssl_write(Vio *vio,const gptr buf,int size);
+void	vio_ssl_timeout(Vio *vio, uint timeout);
+
+/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
+int vio_ssl_fastsend(Vio *vio);
+/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
+int vio_ssl_keepalive(Vio *vio, my_bool onoff);
+/* Whenever we should retry the last read/write operation. */
+my_bool vio_ssl_should_retry(Vio *vio);
+/* When the workday is over... */
+int vio_ssl_close(Vio *vio);
+/* Return last error number */
+int vio_ssl_errno(Vio *vio);
+my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port);
+void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
+int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);
+
+/* Single copy for server */
+enum vio_ssl_acceptorfd_state
+{
+  state_connect       = 1,
+  state_accept        = 2
+};
+#endif /* HAVE_OPENSSL */

vio/viosocket.c

@@ -21,19 +21,7 @@
   the file descriptior.
 */
 
-#define DONT_MAP_VIO
-#include <my_global.h>
-#include <mysql_com.h>
-
-#include <errno.h>
-#include <my_sys.h>
-#include <violite.h>
-#include <my_net.h>
-#include <m_string.h>
-
-#ifndef __WIN__
-#define HANDLE void *
-#endif
+#include "vio_priv.h"
 
 void vio_delete(Vio* vio)
 {
@@ -334,3 +322,14 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
   DBUG_RETURN(fds.revents & POLLIN ? 0 : 1);
 #endif
 }
+
+
+void vio_timeout(Vio *vio __attribute__((unused)),
+		 uint timeout __attribute__((unused)))
+{
+#ifdef __WIN__
+  ulong wait_timeout= (ulong) timeout * 1000;
+  (void) setsockopt(vio->sd, SOL_SOCKET, SO_RCVTIMEO, (char*) &wait_timeout,
+		    sizeof(wait_timeout));
+#endif /* __WIN__ */
+}

vio/viossl.c

@@ -21,23 +21,10 @@
   the file descriptior.
 */
 
-#include <my_global.h>
+#include "vio_priv.h"
 
 #ifdef HAVE_OPENSSL
 
-#include <mysql_com.h>
-
-#include <errno.h>
-#include <assert.h>
-#include <violite.h>
-#include <my_sys.h>
-#include <my_net.h>
-#include <m_string.h>
-
-#ifndef __WIN__
-#define HANDLE void *
-#endif
-
 static void
 report_errors()
 {
@@ -88,11 +75,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
   int r;
   DBUG_ENTER("vio_ssl_read");
   DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p",
-		       vio->sd, buf, size, vio->ssl_));
+		       vio->sd, buf, size, vio->ssl_arg));
 
-  if ((r= SSL_read(vio->ssl_, buf, size)) < 0)
+  if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0)
   {
-    int err= SSL_get_error(vio->ssl_, r);
+    int err= SSL_get_error((SSL*) vio->ssl_arg, r);
     DBUG_PRINT("error",("SSL_read(): %d  SSL_get_error(): %d", r, err));
     report_errors();
   }
@@ -107,7 +94,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
   DBUG_ENTER("vio_ssl_write");
   DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));
 
-  if ((r= SSL_write(vio->ssl_, buf, size)) < 0)
+  if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0)
     report_errors();
   DBUG_PRINT("exit", ("%d", r));
   DBUG_RETURN(r);
@@ -171,11 +158,11 @@ int vio_ssl_close(Vio * vio)
   int r;
   DBUG_ENTER("vio_ssl_close");
   r=0;
-  if (vio->ssl_)
+  if ((SSL*) vio->ssl_arg)
   {
-    r = SSL_shutdown(vio->ssl_);
-    SSL_free(vio->ssl_);
-    vio->ssl_= 0;
+    r = SSL_shutdown((SSL*) vio->ssl_arg);
+    SSL_free((SSL*) vio->ssl_arg);
+    vio->ssl_arg= 0;
   }
   if (vio->sd >= 0)
   {
@@ -273,8 +260,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
   net_blocking = vio_is_blocking(vio);
   vio_blocking(vio, 1, &unused);	/* Must be called before reset */
   vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
-  vio->ssl_=0;
-  if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
+  vio->ssl_arg= 0;
+  if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors();
@@ -282,25 +269,25 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
     vio_blocking(vio, net_blocking, &unused);
     DBUG_RETURN(1);
   }
-  DBUG_PRINT("info", ("ssl_=%p  timeout=%ld",vio->ssl_, timeout));
-  SSL_clear(vio->ssl_);
-  SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
-  SSL_set_fd(vio->ssl_,vio->sd);
-  SSL_set_accept_state(vio->ssl_);
-  if (SSL_do_handshake(vio->ssl_) < 1)
+  DBUG_PRINT("info", ("ssl_=%p  timeout=%ld",(SSL*) vio->ssl_arg, timeout));
+  SSL_clear((SSL*) vio->ssl_arg);
+  SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
+  SSL_set_fd((SSL*) vio->ssl_arg,vio->sd);
+  SSL_set_accept_state((SSL*) vio->ssl_arg);
+  if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors();
-    SSL_free(vio->ssl_);
-    vio->ssl_=0;
+    SSL_free((SSL*) vio->ssl_arg);
+    vio->ssl_arg= 0;
     vio_reset(vio, old_type,vio->sd,0,FALSE);
     vio_blocking(vio, net_blocking, &unused);
     DBUG_RETURN(1);
   }
 #ifndef DBUF_OFF
   DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
-		     ,SSL_get_cipher_name(vio->ssl_)));
-  client_cert = SSL_get_peer_certificate (vio->ssl_);
+		     ,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
+  client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
   if (client_cert != NULL)
   {
     DBUG_PRINT("info",("Client certificate:"));
@@ -317,7 +304,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
   else
     DBUG_PRINT("info",("Client does not have certificate."));
 
-  str=SSL_get_shared_ciphers(vio->ssl_, buf, sizeof(buf));
+  str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf));
   if (str)
   {
     DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str));
@@ -340,14 +327,14 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
   my_bool net_blocking;
   enum enum_vio_type old_type;  
   DBUG_ENTER("sslconnect");
-  DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_));
+  DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context));
 
   old_type= vio->type;
   net_blocking = vio_is_blocking(vio);
   vio_blocking(vio, 1, &unused);	/* Must be called before reset */
   vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
-  vio->ssl_=0;
-  if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
+  vio->ssl_arg= 0;
+  if (!(vio->ssl_arg = SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors();
@@ -355,25 +342,25 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
     vio_blocking(vio, net_blocking, &unused);    
     DBUG_RETURN(1);
   }
-  DBUG_PRINT("info", ("ssl_=%p  timeout=%ld",vio->ssl_, timeout));
-  SSL_clear(vio->ssl_);
-  SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
-  SSL_set_fd (vio->ssl_, vio->sd);
-  SSL_set_connect_state(vio->ssl_);
-  if (SSL_do_handshake(vio->ssl_) < 1)
+  DBUG_PRINT("info", ("ssl_=%p  timeout=%ld",(SSL*) vio->ssl_arg, timeout));
+  SSL_clear((SSL*) vio->ssl_arg);
+  SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
+  SSL_set_fd ((SSL*) vio->ssl_arg, vio->sd);
+  SSL_set_connect_state((SSL*) vio->ssl_arg);
+  if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors();
-    SSL_free(vio->ssl_);
-    vio->ssl_=0;
+    SSL_free((SSL*) vio->ssl_arg);
+    vio->ssl_arg= 0;
     vio_reset(vio, old_type,vio->sd,0,FALSE);
     vio_blocking(vio, net_blocking, &unused);
     DBUG_RETURN(1);
   }  
 #ifndef DBUG_OFF
   DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
-		     ,SSL_get_cipher_name(vio->ssl_)));
-  server_cert = SSL_get_peer_certificate (vio->ssl_);
+		     ,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
+  server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
   if (server_cert != NULL)
   {
     DBUG_PRINT("info",("Server certificate:"));
@@ -407,4 +394,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)),
   return set_blocking_mode ? 0 : 1;
 }
 
+
+void vio_ssl_timeout(Vio *vio __attribute__((unused)),
+		     uint timeout __attribute__((unused)))
+{
+  /* Not yet implemented (non critical) */
+}
 #endif /* HAVE_OPENSSL */

vio/viosslfactories.c

@@ -14,15 +14,10 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
 
-#include <my_global.h>
+#include "vio_priv.h"
 
 #ifdef HAVE_OPENSSL
 
-#include <mysql_com.h>
-#include <my_sys.h>
-#include <violite.h>
-
-
 static bool     ssl_algorithms_added    = FALSE;
 static bool     ssl_error_strings_loaded= FALSE;
 static int      verify_depth = 0;
@@ -203,8 +198,8 @@ new_VioSSLConnectorFd(const char* key_file,
 	     my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0)))))
     DBUG_RETURN(0);
 
-  ptr->ssl_context_= 0;
-  ptr->ssl_method_=  0;
+  ptr->ssl_context= 0;
+  ptr->ssl_method=  0;
   /* FIXME: constants! */
 
   if (!ssl_algorithms_added)
@@ -219,10 +214,10 @@ new_VioSSLConnectorFd(const char* key_file,
     ssl_error_strings_loaded = TRUE;
     SSL_load_error_strings();
   }
-  ptr->ssl_method_ = TLSv1_client_method();
-  ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
-  DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_));
-  if (ptr->ssl_context_ == 0)
+  ptr->ssl_method = TLSv1_client_method();
+  ptr->ssl_context = SSL_CTX_new(ptr->ssl_method);
+  DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context));
+  if (ptr->ssl_context == 0)
   {
     DBUG_PRINT("error", ("SSL_CTX_new failed"));
     report_errors();
@@ -234,20 +229,20 @@ new_VioSSLConnectorFd(const char* key_file,
    */
   if (cipher)
   {
-    result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher);
+    result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
     DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
   }
-  SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);
-  if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)
+  SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
+  if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
   {
     DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
     report_errors();
     goto ctor_failure;
   }
-  if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path) == 0)
+  if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0)
   {
     DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
-    if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_) == 0)
+    if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0)
     {
       DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
       report_errors();
@@ -257,7 +252,7 @@ new_VioSSLConnectorFd(const char* key_file,
 
   /* DH stuff */
   dh=get_dh512();
-  SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh);
+  SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
   DH_free(dh);
 
   DBUG_RETURN(ptr);
@@ -292,10 +287,10 @@ new_VioSSLAcceptorFd(const char *key_file,
 
   ptr= ((struct st_VioSSLAcceptorFd*)
 	my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)));
-  ptr->ssl_context_=0;
-  ptr->ssl_method_=0;
+  ptr->ssl_context=0;
+  ptr->ssl_method=0;
   /* FIXME: constants! */
-  ptr->session_id_context_ = ptr;
+  ptr->session_id_context= ptr;
 
   if (!ssl_algorithms_added)
   {
@@ -310,9 +305,9 @@ new_VioSSLAcceptorFd(const char *key_file,
     ssl_error_strings_loaded = TRUE;
     SSL_load_error_strings();
   }
-  ptr->ssl_method_=  TLSv1_server_method();
-  ptr->ssl_context_= SSL_CTX_new(ptr->ssl_method_);
-  if (ptr->ssl_context_ == 0)
+  ptr->ssl_method=  TLSv1_server_method();
+  ptr->ssl_context= SSL_CTX_new(ptr->ssl_method);
+  if (ptr->ssl_context == 0)
   {
     DBUG_PRINT("error", ("SSL_CTX_new failed"));
     report_errors();
@@ -320,31 +315,31 @@ new_VioSSLAcceptorFd(const char *key_file,
   }
   if (cipher)
   {
-    result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher);
+    result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
     DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
   }
   /* SSL_CTX_set_quiet_shutdown(ctx,1); */
-  SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128);
+  SSL_CTX_sess_set_cache_size(ptr->ssl_context,128);
 
   /* DH? */
-  SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);
-  SSL_CTX_set_session_id_context(ptr->ssl_context_,
-				 (const uchar*) &(ptr->session_id_context_),
-				 sizeof(ptr->session_id_context_));
+  SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
+  SSL_CTX_set_session_id_context(ptr->ssl_context,
+				 (const uchar*) &(ptr->session_id_context),
+				 sizeof(ptr->session_id_context));
 
   /*
     SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
   */
-  if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)
+  if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
   {
     DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
     report_errors();
     goto ctor_failure;
   }
-  if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path) == 0)
+  if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0)
   {
     DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
-    if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0)
+    if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0)
     {
       DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
       report_errors();
@@ -353,7 +348,7 @@ new_VioSSLAcceptorFd(const char *key_file,
   }
   /* DH stuff */
   dh=get_dh512();
-  SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh);
+  SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
   DH_free(dh);
   DBUG_RETURN(ptr);
 
@@ -362,6 +357,4 @@ new_VioSSLAcceptorFd(const char *key_file,
   my_free((gptr) ptr,MYF(0));
   DBUG_RETURN(0);
 }
-
-
 #endif /* HAVE_OPENSSL */