Merge 192.168.0.10:mysql/yassL-import/my50-yassL-import

into pilot.mysql.com:/home/msvensson/mysql/mysql-5.0-maint

Merge 192.168.0.10:mysql/yassL-import/my50-yassL-import
into pilot.mysql.com:/home/msvensson/mysql/mysql-5.0-maint
5885fba4 · msvensson@pilot.mysql.com · b6bd53aa · 6fc734a7 · 5885fba4 · 5885fba4
Commit 5885fba4 authored Feb 06, 2007 by msvensson@pilot.mysql.com
4 changed files
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -732,9 +732,21 @@ void CertDecoder::GetName(NameType nt)
            source_.advance(strLen);
        }
        else {
-            // skip
+            bool email = false;
+            if (joint[0] == 0x2a && joint[1] == 0x86)  // email id hdr
+                email = true;
+
            source_.advance(oidSz + 1);
            word32 length = GetLength(source_);
+
+            if (email) {
+                memcpy(&ptr[idx], "/emailAddress=", 14);
+                idx += 14;
+
+                memcpy(&ptr[idx], source_.get_current(), length);
+                idx += length;
+            }
+
            source_.advance(length);
        }
    }

--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -3,8 +3,8 @@ create table t1(f1 int);
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
 connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);

--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -10,8 +10,8 @@ insert into t1 values (5);

 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;


--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -84,10 +84,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
  {
    if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
    {
-      DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file));
-      fprintf(stderr,"SSL error: ");
-      ERR_print_errors_fp(stderr);
-      fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
+      DBUG_PRINT("error",("unable to get certificate from '%s'", cert_file));
+      DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
+      fprintf(stderr, "SSL error: Unable to get certificate from '%s'\n",
+              cert_file);
      fflush(stderr);
      DBUG_RETURN(1);
    }
@@ -97,10 +97,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)

    if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0)
    {
-      DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file));
-      fprintf(stderr,"SSL error: ");
-      ERR_print_errors_fp(stderr);
-      fprintf(stderr,"Unable to get private key from '%s'\n", key_file);
+      DBUG_PRINT("error", ("unable to get private key from '%s'", key_file));
+      DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
+      fprintf(stderr, "SSL error: Unable to get private key from '%s'\n",
+              key_file);
      fflush(stderr);
      DBUG_RETURN(1);
    }
@@ -112,7 +112,12 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
    if (!SSL_CTX_check_private_key(ctx))
    {
      DBUG_PRINT("error",
-		 ("Private key does not match the certificate public key\n"));
+		 ("Private key does not match the certificate public key"));
+      DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
+      fprintf(stderr,
+              "SSL error: "
+              "Private key does not match the certificate public key\n");
+      fflush(stderr);
      DBUG_RETURN(1);
    }
  }