Commit 484069cf authored by unknown's avatar unknown

Merge pilot.(none):/data/msvensson/mysql/bug28812/my50-bug28812

into  pilot.(none):/data/msvensson/mysql/mysql-5.0-maint

parents d54f42c1 b8c3ba1f
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
const char* SSLeay_version(int type); const char* SSLeay_version(int type);
#define SSLEAY_NUMBER_DEFINED
#define SSLEAY_VERSION 0x0900L #define SSLEAY_VERSION 0x0900L
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
......
/* des_old.h for openvn */
/* evp.h for openSSL */
#ifndef SSLEAY_NUMBER_DEFINED
#define SSLEAY_NUMBER_DEFINED
/* for OpenVPN */
#define SSLEAY_VERSION_NUMBER 0x0090700f
#endif /* SSLEAY_NUMBER_DEFINED */
/* hmac.h for openvpn */
/* objects.h for openvpn */
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
#define SSL_CTX_new yaSSL_CTX_new #define SSL_CTX_new yaSSL_CTX_new
#define SSL_new yaSSL_new #define SSL_new yaSSL_new
#define SSL_set_fd yaSSL_set_fd #define SSL_set_fd yaSSL_set_fd
#define SSL_get_fd yaSSL_get_fd
#define SSL_connect yaSSL_connect #define SSL_connect yaSSL_connect
#define SSL_write yaSSL_write #define SSL_write yaSSL_write
#define SSL_read yaSSL_read #define SSL_read yaSSL_read
...@@ -91,6 +92,8 @@ ...@@ -91,6 +92,8 @@
#define SSL_set_rfd yaSSL_set_rfd #define SSL_set_rfd yaSSL_set_rfd
#define SSL_set_wfd yaSSL_set_wfd #define SSL_set_wfd yaSSL_set_wfd
#define SSL_set_shutdown yaSSL_set_shutdown #define SSL_set_shutdown yaSSL_set_shutdown
#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown
#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown
#define SSL_want_read yaSSL_want_read #define SSL_want_read yaSSL_want_read
#define SSL_want_write yaSSL_want_write #define SSL_want_write yaSSL_want_write
#define SSL_pending yaSSL_pending #define SSL_pending yaSSL_pending
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
#include "rsa.h" #include "rsa.h"
#define YASSL_VERSION "1.6.5" #define YASSL_VERSION "1.7.2"
#if defined(__cplusplus) #if defined(__cplusplus)
...@@ -201,6 +201,7 @@ typedef int YASSL_SOCKET_T; ...@@ -201,6 +201,7 @@ typedef int YASSL_SOCKET_T;
SSL_CTX* SSL_CTX_new(SSL_METHOD*); SSL_CTX* SSL_CTX_new(SSL_METHOD*);
SSL* SSL_new(SSL_CTX*); SSL* SSL_new(SSL_CTX*);
int SSL_set_fd (SSL*, YASSL_SOCKET_T); int SSL_set_fd (SSL*, YASSL_SOCKET_T);
YASSL_SOCKET_T SSL_get_fd(const SSL*);
int SSL_connect(SSL*); int SSL_connect(SSL*);
int SSL_write(SSL*, const void*, int); int SSL_write(SSL*, const void*, int);
int SSL_read(SSL*, void*, int); int SSL_read(SSL*, void*, int);
......
...@@ -584,7 +584,7 @@ class SSL { ...@@ -584,7 +584,7 @@ class SSL {
Socket socket_; // socket wrapper Socket socket_; // socket wrapper
Buffers buffers_; // buffered handshakes and data Buffers buffers_; // buffered handshakes and data
Log log_; // logger Log log_; // logger
bool quietShutdown_; // shutdown without handshakes bool quietShutdown_;
// optimization variables // optimization variables
bool has_data_; // buffered data ready? bool has_data_; // buffered data ready?
......
...@@ -719,6 +719,10 @@ int DoProcessReply(SSL& ssl) ...@@ -719,6 +719,10 @@ int DoProcessReply(SSL& ssl)
// add new data // add new data
uint read = ssl.useSocket().receive(buffer.get_buffer() + buffSz, ready); uint read = ssl.useSocket().receive(buffer.get_buffer() + buffSz, ready);
if (read == static_cast<uint>(-1)) {
ssl.SetError(receive_error);
return 0;
}
buffer.add_size(read); buffer.add_size(read);
uint offset = 0; uint offset = 0;
const MessageFactory& mf = ssl.getFactory().getMessage(); const MessageFactory& mf = ssl.getFactory().getMessage();
......
...@@ -114,8 +114,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const ...@@ -114,8 +114,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
const byte* pos = buf; const byte* pos = buf;
const byte* end = pos + sz; const byte* end = pos + sz;
assert(socket_ != INVALID_SOCKET);
while (pos != end) { while (pos != end) {
int sent = ::send(socket_, reinterpret_cast<const char *>(pos), int sent = ::send(socket_, reinterpret_cast<const char *>(pos),
static_cast<int>(end - pos), flags); static_cast<int>(end - pos), flags);
...@@ -132,7 +130,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const ...@@ -132,7 +130,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
uint Socket::receive(byte* buf, unsigned int sz, int flags) uint Socket::receive(byte* buf, unsigned int sz, int flags)
{ {
assert(socket_ != INVALID_SOCKET);
wouldBlock_ = false; wouldBlock_ = false;
int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags); int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags);
...@@ -163,7 +160,6 @@ bool Socket::wait() ...@@ -163,7 +160,6 @@ bool Socket::wait()
void Socket::shutDown(int how) void Socket::shutDown(int how)
{ {
assert(socket_ != INVALID_SOCKET);
shutdown(socket_, how); shutdown(socket_, how);
} }
......
...@@ -239,6 +239,12 @@ int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd) ...@@ -239,6 +239,12 @@ int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd)
} }
YASSL_SOCKET_T SSL_get_fd(const SSL* ssl)
{
return ssl->getSocket().get_fd();
}
int SSL_connect(SSL* ssl) int SSL_connect(SSL* ssl)
{ {
if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ)) if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
......
...@@ -773,6 +773,7 @@ void SSL::SetError(YasslError ye) ...@@ -773,6 +773,7 @@ void SSL::SetError(YasslError ye)
// TODO: add string here // TODO: add string here
} }
// set the quiet shutdown mode (close_nofiy not sent or received on shutdown) // set the quiet shutdown mode (close_nofiy not sent or received on shutdown)
void SSL::SetQuietShutdown(bool mode) void SSL::SetQuietShutdown(bool mode)
{ {
......
...@@ -107,11 +107,12 @@ void HexDecoder::Decode() ...@@ -107,11 +107,12 @@ void HexDecoder::Decode()
// sanity checks // sanity checks
assert( b < sizeof(hexDecode)/sizeof(hexDecode[0]) ); assert( b < sizeof(hexDecode)/sizeof(hexDecode[0]) );
assert( b2 < sizeof(hexDecode)/sizeof(hexDecode[0]) ); assert( b2 < sizeof(hexDecode)/sizeof(hexDecode[0]) );
assert( b != bad && b2 != bad );
b = hexDecode[b]; b = hexDecode[b];
b2 = hexDecode[b2]; b2 = hexDecode[b2];
assert( b != bad && b2 != bad );
decoded_[i++] = (b << 4) | b2; decoded_[i++] = (b << 4) | b2;
bytes -= 2; bytes -= 2;
} }
...@@ -184,7 +185,7 @@ void Base64Decoder::Decode() ...@@ -184,7 +185,7 @@ void Base64Decoder::Decode()
{ {
word32 bytes = coded_.size(); word32 bytes = coded_.size();
word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz); word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz);
plainSz = ((plainSz * 3) / 4) + 3; plainSz = (plainSz * 3 + 3) / 4;
decoded_.New(plainSz); decoded_.New(plainSz);
word32 i = 0; word32 i = 0;
......
...@@ -26,6 +26,11 @@ extern "C" { ...@@ -26,6 +26,11 @@ extern "C" {
// locking handled internally by library // locking handled internally by library
char CRYPTO_lock() { return 0;} char CRYPTO_lock() { return 0;}
char CRYPTO_add_lock() { return 0;} char CRYPTO_add_lock() { return 0;}
// for openvpn, test are the signatures they use
char EVP_CIPHER_CTX_init() { return 0; }
char CRYPTO_mem_ctrl() { return 0; }
} // extern "C" } // extern "C"
......
...@@ -41,24 +41,39 @@ select * from t1; ...@@ -41,24 +41,39 @@ select * from t1;
# Do the same thing a number of times # Do the same thing a number of times
disable_query_log; disable_query_log;
disable_result_log;
let $i= 100; let $i= 100;
while ($i) while ($i)
{ {
start slave; start slave;
connection master; connection master;
insert into t1 values (NULL); insert into t1 values (NULL);
select * from t1; # Some variance
connection slave; connection slave;
select * from t1; # Some variance
stop slave; stop slave;
dec $i; dec $i;
} }
start slave; start slave;
enable_query_log; enable_query_log;
enable_result_log;
connection master; connection master;
insert into t1 values (NULL); insert into t1 values (NULL);
let $master_count= `select count(*) from t1`;
sync_slave_with_master; sync_slave_with_master;
--source include/wait_for_slave_to_start.inc --source include/wait_for_slave_to_start.inc
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
--replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 # --replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 #
query_vertical show slave status; query_vertical show slave status;
let $slave_count= `select count(*) from t1`;
if (`select $slave_count != $master_count`)
{
echo master and slave differed in number of rows;
echo master: $master_count;
echo slave: $slave_count;
}
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -172,78 +172,10 @@ void vio_ssl_delete(Vio *vio) ...@@ -172,78 +172,10 @@ void vio_ssl_delete(Vio *vio)
vio_delete(vio); vio_delete(vio);
} }
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{ {
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslaccept"); DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%lx, timeout: %ld", DBUG_RETURN(sslconnect(ptr, vio, timeout));
vio->sd, (long) ptr, timeout));
old_type= vio->type;
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl);
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
if (SSL_accept(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_accept failure"));
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
{
char buf[1024];
X509 *client_cert;
DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
if ((client_cert= SSL_get_peer_certificate (ssl)))
{
DBUG_PRINT("info",("Client certificate:"));
X509_NAME_oneline (X509_get_subject_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_NAME_oneline (X509_get_issuer_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (client_cert);
}
else
DBUG_PRINT("info",("Client does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
}
#endif
DBUG_RETURN(0);
} }
...@@ -251,57 +183,75 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) ...@@ -251,57 +183,75 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{ {
SSL *ssl; SSL *ssl;
my_bool unused; my_bool unused;
my_bool net_blocking; my_bool was_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslconnect"); DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%lx ctx: 0x%lx", DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx",
vio->sd, (long) ptr, (long) ptr->ssl_context)); (long) ptr, vio->sd, (long) ptr->ssl_context));
/* Set socket to blocking if not already set */
vio_blocking(vio, 1, &was_blocking);
old_type= vio->type;
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context))) if (!(ssl= SSL_new(ptr->ssl_context)))
{ {
DBUG_PRINT("error", ("SSL_new failure")); DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl); report_errors(ssl);
vio_reset(vio, old_type, vio->sd, 0, FALSE); vio_blocking(vio, was_blocking, &unused);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1); DBUG_RETURN(1);
} }
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout)); DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl); SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd); SSL_set_fd(ssl, vio->sd);
if (SSL_connect(ssl) < 1)
/*
SSL_do_handshake will select between SSL_connect
or SSL_accept depending on server or client side
*/
if (SSL_do_handshake(ssl) < 1)
{ {
DBUG_PRINT("error", ("SSL_connect failure")); DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors(ssl); report_errors(ssl);
SSL_free(ssl); SSL_free(ssl);
vio->ssl_arg= 0; vio_blocking(vio, was_blocking, &unused);
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1); DBUG_RETURN(1);
} }
/*
Connection succeeded. Install new function handlers,
change type, set sd to the fd used when connecting
and set pointer to the SSL structure
*/
vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), 0, 0);
vio->ssl_arg= (void*)ssl;
#ifndef DBUG_OFF #ifndef DBUG_OFF
{ {
X509 *server_cert; /* Print some info about the peer */
DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl))); X509 *cert;
char buf[512];
DBUG_PRINT("info",("SSL connection succeeded"));
DBUG_PRINT("info",("Using cipher: '%s'" , SSL_get_cipher_name(ssl)));
if ((server_cert= SSL_get_peer_certificate (ssl))) if ((cert= SSL_get_peer_certificate (ssl)))
{ {
char buf[256]; DBUG_PRINT("info",("Peer certificate:"));
DBUG_PRINT("info",("Server certificate:")); X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); DBUG_PRINT("info",("\t subject: '%s'", buf));
DBUG_PRINT("info",("\t subject: %s", buf)); X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf)); DBUG_PRINT("info",("\t issuer: '%s'", buf));
DBUG_PRINT("info",("\t issuer: %s", buf)); X509_free(cert);
X509_free (server_cert);
} }
else else
DBUG_PRINT("info",("Server does not have certificate.")); DBUG_PRINT("info",("Peer does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
} }
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment