Commit cae9149d authored by msvensson@pilot.(none)'s avatar msvensson@pilot.(none)

Merge pilot.(none):/data/msvensson/mysql/mysql-5.0-maint

into  pilot.(none):/data/msvensson/mysql/mysql-5.1-new-maint
parents bb4ce6d2 bce8ea54
......@@ -9,6 +9,7 @@
const char* SSLeay_version(int type);
#define SSLEAY_NUMBER_DEFINED
#define SSLEAY_VERSION 0x0900L
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
......
/* des_old.h for openvn */
/* evp.h for openSSL */
#ifndef SSLEAY_NUMBER_DEFINED
#define SSLEAY_NUMBER_DEFINED
/* for OpenVPN */
#define SSLEAY_VERSION_NUMBER 0x0090700f
#endif /* SSLEAY_NUMBER_DEFINED */
/* hmac.h for openvpn */
/* objects.h for openvpn */
......@@ -30,6 +30,7 @@
#define SSL_CTX_new yaSSL_CTX_new
#define SSL_new yaSSL_new
#define SSL_set_fd yaSSL_set_fd
#define SSL_get_fd yaSSL_get_fd
#define SSL_connect yaSSL_connect
#define SSL_write yaSSL_write
#define SSL_read yaSSL_read
......@@ -91,6 +92,8 @@
#define SSL_set_rfd yaSSL_set_rfd
#define SSL_set_wfd yaSSL_set_wfd
#define SSL_set_shutdown yaSSL_set_shutdown
#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown
#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown
#define SSL_want_read yaSSL_want_read
#define SSL_want_write yaSSL_want_write
#define SSL_pending yaSSL_pending
......
......@@ -34,7 +34,7 @@
#include "rsa.h"
#define YASSL_VERSION "1.6.5"
#define YASSL_VERSION "1.7.2"
#if defined(__cplusplus)
......@@ -201,6 +201,7 @@ typedef int YASSL_SOCKET_T;
SSL_CTX* SSL_CTX_new(SSL_METHOD*);
SSL* SSL_new(SSL_CTX*);
int SSL_set_fd (SSL*, YASSL_SOCKET_T);
YASSL_SOCKET_T SSL_get_fd(const SSL*);
int SSL_connect(SSL*);
int SSL_write(SSL*, const void*, int);
int SSL_read(SSL*, void*, int);
......
......@@ -584,7 +584,7 @@ class SSL {
Socket socket_; // socket wrapper
Buffers buffers_; // buffered handshakes and data
Log log_; // logger
bool quietShutdown_; // shutdown without handshakes
bool quietShutdown_;
// optimization variables
bool has_data_; // buffered data ready?
......
......@@ -719,6 +719,10 @@ int DoProcessReply(SSL& ssl)
// add new data
uint read = ssl.useSocket().receive(buffer.get_buffer() + buffSz, ready);
if (read == static_cast<uint>(-1)) {
ssl.SetError(receive_error);
return 0;
}
buffer.add_size(read);
uint offset = 0;
const MessageFactory& mf = ssl.getFactory().getMessage();
......
......@@ -114,8 +114,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
const byte* pos = buf;
const byte* end = pos + sz;
assert(socket_ != INVALID_SOCKET);
while (pos != end) {
int sent = ::send(socket_, reinterpret_cast<const char *>(pos),
static_cast<int>(end - pos), flags);
......@@ -132,7 +130,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
uint Socket::receive(byte* buf, unsigned int sz, int flags)
{
assert(socket_ != INVALID_SOCKET);
wouldBlock_ = false;
int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags);
......@@ -163,7 +160,6 @@ bool Socket::wait()
void Socket::shutDown(int how)
{
assert(socket_ != INVALID_SOCKET);
shutdown(socket_, how);
}
......
......@@ -239,6 +239,12 @@ int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd)
}
YASSL_SOCKET_T SSL_get_fd(const SSL* ssl)
{
return ssl->getSocket().get_fd();
}
int SSL_connect(SSL* ssl)
{
if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
......
......@@ -773,6 +773,7 @@ void SSL::SetError(YasslError ye)
// TODO: add string here
}
// set the quiet shutdown mode (close_nofiy not sent or received on shutdown)
void SSL::SetQuietShutdown(bool mode)
{
......
......@@ -107,11 +107,12 @@ void HexDecoder::Decode()
// sanity checks
assert( b < sizeof(hexDecode)/sizeof(hexDecode[0]) );
assert( b2 < sizeof(hexDecode)/sizeof(hexDecode[0]) );
assert( b != bad && b2 != bad );
b = hexDecode[b];
b2 = hexDecode[b2];
assert( b != bad && b2 != bad );
decoded_[i++] = (b << 4) | b2;
bytes -= 2;
}
......@@ -184,7 +185,7 @@ void Base64Decoder::Decode()
{
word32 bytes = coded_.size();
word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz);
plainSz = ((plainSz * 3) / 4) + 3;
plainSz = (plainSz * 3 + 3) / 4;
decoded_.New(plainSz);
word32 i = 0;
......
......@@ -26,6 +26,11 @@ extern "C" {
// locking handled internally by library
char CRYPTO_lock() { return 0;}
char CRYPTO_add_lock() { return 0;}
// for openvpn, test are the signatures they use
char EVP_CIPHER_CTX_init() { return 0; }
char CRYPTO_mem_ctrl() { return 0; }
} // extern "C"
......
......@@ -41,28 +41,43 @@ select * from t1;
# Do the same thing a number of times
disable_query_log;
disable_result_log;
let $i= 100;
while ($i)
{
start slave;
connection master;
insert into t1 values (NULL);
select * from t1; # Some variance
connection slave;
select * from t1; # Some variance
stop slave;
dec $i;
}
start slave;
enable_query_log;
enable_result_log;
connection master;
# INSERT one more record to make sure
# the sync has something to do
insert into t1 values (NULL);
let $master_count= `select count(*) from t1`;
sync_slave_with_master;
--source include/wait_for_slave_to_start.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
--replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 # 35 # 36 #
query_vertical show slave status;
let $slave_count= `select count(*) from t1`;
if (`select $slave_count != $master_count`)
{
echo master and slave differed in number of rows;
echo master: $master_count;
echo slave: $slave_count;
}
connection master;
drop user replssl@localhost;
drop table t1;
......
......@@ -172,78 +172,10 @@ void vio_ssl_delete(Vio *vio)
vio_delete(vio);
}
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%lx, timeout: %ld",
vio->sd, (long) ptr, timeout));
old_type= vio->type;
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl);
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
if (SSL_accept(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_accept failure"));
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
{
char buf[1024];
X509 *client_cert;
DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
if ((client_cert= SSL_get_peer_certificate (ssl)))
{
DBUG_PRINT("info",("Client certificate:"));
X509_NAME_oneline (X509_get_subject_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_NAME_oneline (X509_get_issuer_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (client_cert);
}
else
DBUG_PRINT("info",("Client does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
}
#endif
DBUG_RETURN(0);
DBUG_RETURN(sslconnect(ptr, vio, timeout));
}
......@@ -251,57 +183,75 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
my_bool was_blocking;
DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%lx ctx: 0x%lx",
vio->sd, (long) ptr, (long) ptr->ssl_context));
DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx",
(long) ptr, vio->sd, (long) ptr->ssl_context));
/* Set socket to blocking if not already set */
vio_blocking(vio, 1, &was_blocking);
old_type= vio->type;
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl);
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
vio_blocking(vio, was_blocking, &unused);
DBUG_RETURN(1);
}
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
if (SSL_connect(ssl) < 1)
/*
SSL_do_handshake will select between SSL_connect
or SSL_accept depending on server or client side
*/
if (SSL_do_handshake(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_connect failure"));
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
vio_blocking(vio, was_blocking, &unused);
DBUG_RETURN(1);
}
/*
Connection succeeded. Install new function handlers,
change type, set sd to the fd used when connecting
and set pointer to the SSL structure
*/
vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), 0, 0);
vio->ssl_arg= (void*)ssl;
#ifndef DBUG_OFF
{
X509 *server_cert;
DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl)));
/* Print some info about the peer */
X509 *cert;
char buf[512];
DBUG_PRINT("info",("SSL connection succeeded"));
DBUG_PRINT("info",("Using cipher: '%s'" , SSL_get_cipher_name(ssl)));
if ((server_cert= SSL_get_peer_certificate (ssl)))
if ((cert= SSL_get_peer_certificate (ssl)))
{
char buf[256];
DBUG_PRINT("info",("Server certificate:"));
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (server_cert);
DBUG_PRINT("info",("Peer certificate:"));
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: '%s'", buf));
X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: '%s'", buf));
X509_free(cert);
}
else
DBUG_PRINT("info",("Server does not have certificate."));
DBUG_PRINT("info",("Peer does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
}
#endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment