Commit 62538891 authored by gluh@gluh.mysql.r18.ru's avatar gluh@gluh.mysql.r18.ru

Merge sgluhov@bk-internal.mysql.com:/home/bk/mysql-4.0

into gluh.mysql.r18.ru:/home/gluh/mysql-4.0.last
parents 2c9a1687 00314bfd
......@@ -15,6 +15,7 @@ bell@sanja.is.com.ua
bk@admin.bk
davida@isil.mysql.com
gluh@gluh.(none)
gluh@gluh.mysql.r18.ru
greg@mysql.com
guilhem@mysql.com
gweir@work.mysql.com
......
......@@ -91,7 +91,9 @@
enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD,
OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC};
OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC,
OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH,
OPT_SSL_CIPHER};
static int record = 0, opt_sleep=0;
static char *db = 0, *pass=0;
......@@ -123,6 +125,8 @@ static int block_stack[BLOCK_STACK_DEPTH];
static int block_ok_stack[BLOCK_STACK_DEPTH];
static uint global_expected_errno[MAX_EXPECTED_ERRORS], global_expected_errors;
#include "sslopt-vars.h"
DYNAMIC_ARRAY q_lines;
typedef struct
......@@ -1435,6 +1439,11 @@ int do_connect(struct st_query* q)
mysql_options(&next_con->mysql,MYSQL_OPT_COMPRESS,NullS);
mysql_options(&next_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);
#ifdef HAVE_OPENSSL
if (opt_use_ssl)
mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
#endif
if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR)
con_sock=fn_format(buff, con_sock, TMPDIR, "",0);
if (!con_db[0])
......@@ -1833,6 +1842,7 @@ static struct my_option my_long_options[] =
{"socket", 'S', "Socket file to use for connection.",
(gptr*) &unix_sock, (gptr*) &unix_sock, 0, GET_STR, REQUIRED_ARG, 0, 0, 0,
0, 0, 0},
#include "sslopt-longopts.h"
{"test-file", 'x', "Read test from/in this file (default stdin).",
0, 0, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"tmpdir", 't', "Temporary directory where sockets are put",
......@@ -1907,6 +1917,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
else
tty_password= 1;
break;
#include <sslopt-case.h>
case 't':
strnmov(TMPDIR, argument, sizeof(TMPDIR));
break;
......@@ -2354,6 +2365,11 @@ int main(int argc, char** argv)
if (opt_compress)
mysql_options(&cur_con->mysql,MYSQL_OPT_COMPRESS,NullS);
mysql_options(&cur_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);
#ifdef HAVE_OPENSSL
if (opt_use_ssl)
mysql_ssl_set(&cur_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
#endif
cur_con->name = my_strdup("default", MYF(MY_WME));
if (!cur_con->name)
......
-- require r/have_openssl_1.require
disable_query_log;
show variables like "have_openssl";
SHOW STATUS LIKE 'Ssl_cipher';
enable_query_log;
......@@ -207,6 +207,7 @@ CHARACTER_SET=latin1
DBUSER=""
START_WAIT_TIMEOUT=10
STOP_WAIT_TIMEOUT=10
MYSQL_TEST_SSL_OPTS=""
while test $# -gt 0; do
case "$1" in
......@@ -237,7 +238,10 @@ while test $# -gt 0; do
EXTRA_SLAVE_MYSQLD_OPT="$EXTRA_SLAVE_MYSQLD_OPT \
--ssl-ca=$BASEDIR/SSL/cacert.pem \
--ssl-cert=$BASEDIR/SSL/server-cert.pem \
--ssl-key=$BASEDIR/SSL/server-key.pem" ;;
--ssl-key=$BASEDIR/SSL/server-key.pem"
MYSQL_TEST_SSL_OPTS="--ssl-ca=$BASEDIR/SSL/cacert.pem \
--ssl-cert=$BASEDIR/SSL/client-cert.pem \
--ssl-key=$BASEDIR/SSL/client-key.pem" ;;
--no-manager | --skip-manager) USE_MANAGER=0 ;;
--manager)
USE_MANAGER=1
......@@ -490,7 +494,7 @@ fi
MYSQL_TEST_ARGS="--no-defaults --socket=$MASTER_MYSOCK --database=$DB \
--user=$DBUSER --password=$DBPASSWD --silent -v --skip-safemalloc \
--tmpdir=$MYSQL_TMP_DIR --port=$MASTER_MYPORT"
--tmpdir=$MYSQL_TMP_DIR --port=$MASTER_MYPORT $MYSQL_TEST_SSL_OPTS"
MYSQL_TEST_BIN=$MYSQL_TEST
MYSQL_TEST="$MYSQL_TEST $MYSQL_TEST_ARGS"
GDB_CLIENT_INIT=$MYSQL_TMP_DIR/gdbinit.client
......
Variable_name Value
have_openssl YES
Ssl_cipher EDH-RSA-DES-CBC3-SHA
SHOW STATUS LIKE 'SSL%';
Variable_name Value
drop table if exists t1;
create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
grant select on test.* to ssl_user3@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com" ISSUER "/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com";
flush privileges;
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user1@localhost' to database 'test'
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user2@localhost' to database 'test'
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user3@localhost' to database 'test'
select * from t1;
f1
5
delete from t1;
Access denied for user: 'ssl_user4@localhost' to database 'test'
delete from mysql.user where user='ssl_user%';
delete from mysql.db where user='ssl_user%';
flush privileges;
drop table t1;
# We test openssl. Result set is optimized to be compiled with --with-openssl but
# SSL is swithced off in some reason
-- source include/have_openssl_2.inc
# We test openssl. Result set is optimized to be compiled with --with-openssl.
# Use mysql-test-run with --with-openssl option.
-- source include/have_openssl_1.inc
SHOW STATUS LIKE 'SSL%';
drop table if exists t1;
create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
grant select on test.* to ssl_user3@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "/C=RU/L=orenburg/O=MySQL AB/OU=client/CN=walrus/Email=walrus@mysql.com" ISSUER "/C=RU/ST=Some-State/L=Orenburg/O=MySQL AB/CN=Walrus/Email=walrus@mysql.com";
flush privileges;
connect (con1,localhost,ssl_user1,,);
connect (con2,localhost,ssl_user2,,);
connect (con3,localhost,ssl_user3,,);
connect (con4,localhost,ssl_user4,,);
connection con1;
select * from t1;
--error 1044;
delete from t1;
connection con2;
select * from t1;
--error 1044;
delete from t1;
connection con3;
select * from t1;
--error 1044;
delete from t1;
connection con4;
select * from t1;
--error 1044;
delete from t1;
connection default;
delete from mysql.user where user='ssl_user%';
delete from mysql.db where user='ssl_user%';
flush privileges;
drop table t1;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment