Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
e1b79597
Commit
e1b79597
authored
May 26, 2011
by
Tatjana Azundris Nuernberg
Browse files
Options
Browse Files
Download
Plain Diff
auto-merge Bug#11745920
parents
add86aad
cf80c6cb
Changes
11
Show whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
69 additions
and
45 deletions
+69
-45
include/violite.h
include/violite.h
+3
-3
libmysql/errmsg.c
libmysql/errmsg.c
+1
-1
mysql-test/r/openssl_1.result
mysql-test/r/openssl_1.result
+7
-7
sql-common/client.c
sql-common/client.c
+24
-11
sql/sql_acl.cc
sql/sql_acl.cc
+2
-2
vio/test-ssl.c
vio/test-ssl.c
+6
-3
vio/test-sslclient.c
vio/test-sslclient.c
+6
-2
vio/test-sslserver.c
vio/test-sslserver.c
+2
-1
vio/viossl.c
vio/viossl.c
+9
-8
vio/viosslfactories.c
vio/viosslfactories.c
+3
-4
vio/viotest-ssl.c
vio/viotest-ssl.c
+6
-3
No files found.
include/violite.h
View file @
e1b79597
...
@@ -134,13 +134,13 @@ struct st_VioSSLFd
...
@@ -134,13 +134,13 @@ struct st_VioSSLFd
SSL_CTX
*
ssl_context
;
SSL_CTX
*
ssl_context
;
};
};
int
sslaccept
(
struct
st_VioSSLFd
*
,
Vio
*
,
long
timeout
);
int
sslaccept
(
struct
st_VioSSLFd
*
,
Vio
*
,
long
timeout
,
unsigned
long
*
errptr
);
int
sslconnect
(
struct
st_VioSSLFd
*
,
Vio
*
,
long
timeout
);
int
sslconnect
(
struct
st_VioSSLFd
*
,
Vio
*
,
long
timeout
,
unsigned
long
*
errptr
);
struct
st_VioSSLFd
struct
st_VioSSLFd
*
new_VioSSLConnectorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
*
new_VioSSLConnectorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
);
const
char
*
cipher
,
enum
enum_ssl_init_error
*
error
);
struct
st_VioSSLFd
struct
st_VioSSLFd
*
new_VioSSLAcceptorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
*
new_VioSSLAcceptorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
ca_file
,
const
char
*
ca_path
,
...
...
libmysql/errmsg.c
View file @
e1b79597
...
@@ -51,7 +51,7 @@ const char *client_errors[]=
...
@@ -51,7 +51,7 @@ const char *client_errors[]=
"Error on SHOW SLAVE HOSTS:"
,
"Error on SHOW SLAVE HOSTS:"
,
"Error connecting to slave:"
,
"Error connecting to slave:"
,
"Error connecting to master:"
,
"Error connecting to master:"
,
"SSL connection error"
,
"SSL connection error
: %-.100s
"
,
"Malformed packet"
,
"Malformed packet"
,
"This client library is licensed only for use with MySQL servers having '%s' license"
,
"This client library is licensed only for use with MySQL servers having '%s' license"
,
"Invalid use of null pointer"
,
"Invalid use of null pointer"
,
...
...
mysql-test/r/openssl_1.result
View file @
e1b79597
...
@@ -44,13 +44,13 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1
...
@@ -44,13 +44,13 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1
drop user ssl_user1@localhost, ssl_user2@localhost,
drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1;
drop table t1;
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
: ASN: bad other signature confirmation
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
: ASN: bad other signature confirmation
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
: ASN: bad other signature confirmation
SSL error: Unable to get private key from ''
SSL error: Unable to get private key from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
: Unable to get private key
SSL error: Unable to get certificate from ''
SSL error: Unable to get certificate from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
: Unable to get certificate
SHOW STATUS LIKE 'Ssl_cipher';
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
Ssl_cipher DHE-RSA-AES256-SHA
...
@@ -83,7 +83,7 @@ Ssl_cipher AES128-SHA
...
@@ -83,7 +83,7 @@ Ssl_cipher AES128-SHA
SHOW STATUS LIKE 'Ssl_cipher';
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Variable_name Value
Ssl_cipher AES128-SHA
Ssl_cipher AES128-SHA
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
: SSL_CTX_new failed
CREATE TABLE t1(a int);
CREATE TABLE t1(a int);
INSERT INTO t1 VALUES (1), (2);
INSERT INTO t1 VALUES (1), (2);
...
@@ -189,7 +189,7 @@ UNLOCK TABLES;
...
@@ -189,7 +189,7 @@ UNLOCK TABLES;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
SSL error: Unable to get private key from 'MYSQL_TEST_DIR/std_data/client-cert.pem'
SSL error: Unable to get private key from 'MYSQL_TEST_DIR/std_data/client-cert.pem'
mysqldump: Got error: 2026: SSL connection error when trying to connect
mysqldump: Got error: 2026: SSL connection error
: Unable to get private key
when trying to connect
DROP TABLE t1;
DROP TABLE t1;
Variable_name Value
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
Ssl_cipher DHE-RSA-AES256-SHA
...
...
sql-common/client.c
View file @
e1b79597
...
@@ -1840,6 +1840,8 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
...
@@ -1840,6 +1840,8 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
ssl_verify_server_cert()
ssl_verify_server_cert()
vio pointer to a SSL connected vio
vio pointer to a SSL connected vio
server_hostname name of the server that we connected to
server_hostname name of the server that we connected to
errptr if we fail, we'll return (a pointer to a string
describing) the reason here
RETURN VALUES
RETURN VALUES
0 Success
0 Success
...
@@ -1849,7 +1851,7 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
...
@@ -1849,7 +1851,7 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
static
int
ssl_verify_server_cert
(
Vio
*
vio
,
const
char
*
server_hostname
)
static
int
ssl_verify_server_cert
(
Vio
*
vio
,
const
char
*
server_hostname
,
const
char
**
errptr
)
{
{
SSL
*
ssl
;
SSL
*
ssl
;
X509
*
server_cert
;
X509
*
server_cert
;
...
@@ -1860,19 +1862,19 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
...
@@ -1860,19 +1862,19 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
if
(
!
(
ssl
=
(
SSL
*
)
vio
->
ssl_arg
))
if
(
!
(
ssl
=
(
SSL
*
)
vio
->
ssl_arg
))
{
{
DBUG_PRINT
(
"error"
,
(
"No SSL pointer found"
))
;
*
errptr
=
"No SSL pointer found"
;
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
}
}
if
(
!
server_hostname
)
if
(
!
server_hostname
)
{
{
DBUG_PRINT
(
"error"
,
(
"No server hostname supplied"
))
;
*
errptr
=
"No server hostname supplied"
;
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
}
}
if
(
!
(
server_cert
=
SSL_get_peer_certificate
(
ssl
)))
if
(
!
(
server_cert
=
SSL_get_peer_certificate
(
ssl
)))
{
{
DBUG_PRINT
(
"error"
,
(
"Could not get server certificate"
))
;
*
errptr
=
"Could not get server certificate"
;
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
}
}
...
@@ -1901,7 +1903,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
...
@@ -1901,7 +1903,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
DBUG_RETURN
(
0
);
DBUG_RETURN
(
0
);
}
}
}
}
DBUG_PRINT
(
"error"
,
(
"SSL certificate validation failure"
))
;
*
errptr
=
"SSL certificate validation failure"
;
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
}
}
...
@@ -2507,6 +2509,9 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
...
@@ -2507,6 +2509,9 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
/* Do the SSL layering. */
/* Do the SSL layering. */
struct
st_mysql_options
*
options
=
&
mysql
->
options
;
struct
st_mysql_options
*
options
=
&
mysql
->
options
;
struct
st_VioSSLFd
*
ssl_fd
;
struct
st_VioSSLFd
*
ssl_fd
;
enum
enum_ssl_init_error
ssl_init_error
;
const
char
*
cert_error
;
unsigned
long
ssl_error
;
/*
/*
Send mysql->client_flag, max_packet_size - unencrypted otherwise
Send mysql->client_flag, max_packet_size - unencrypted otherwise
...
@@ -2526,9 +2531,11 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
...
@@ -2526,9 +2531,11 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
options
->
ssl_cert
,
options
->
ssl_cert
,
options
->
ssl_ca
,
options
->
ssl_ca
,
options
->
ssl_capath
,
options
->
ssl_capath
,
options
->
ssl_cipher
)))
options
->
ssl_cipher
,
&
ssl_init_error
)))
{
{
set_mysql_error
(
mysql
,
CR_SSL_CONNECTION_ERROR
,
unknown_sqlstate
);
set_mysql_extended_error
(
mysql
,
CR_SSL_CONNECTION_ERROR
,
unknown_sqlstate
,
ER
(
CR_SSL_CONNECTION_ERROR
),
sslGetErrString
(
ssl_init_error
));
goto
error
;
goto
error
;
}
}
mysql
->
connector_fd
=
(
unsigned
char
*
)
ssl_fd
;
mysql
->
connector_fd
=
(
unsigned
char
*
)
ssl_fd
;
...
@@ -2536,18 +2543,24 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
...
@@ -2536,18 +2543,24 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
/* Connect to the server */
/* Connect to the server */
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
if
(
sslconnect
(
ssl_fd
,
net
->
vio
,
if
(
sslconnect
(
ssl_fd
,
net
->
vio
,
(
long
)
(
mysql
->
options
.
connect_timeout
)))
(
long
)
(
mysql
->
options
.
connect_timeout
),
&
ssl_error
))
{
{
set_mysql_error
(
mysql
,
CR_SSL_CONNECTION_ERROR
,
unknown_sqlstate
);
char
buf
[
512
];
ERR_error_string_n
(
ssl_error
,
buf
,
512
);
buf
[
511
]
=
0
;
set_mysql_extended_error
(
mysql
,
CR_SSL_CONNECTION_ERROR
,
unknown_sqlstate
,
ER
(
CR_SSL_CONNECTION_ERROR
),
buf
);
goto
error
;
goto
error
;
}
}
DBUG_PRINT
(
"info"
,
(
"IO layer change done!"
));
DBUG_PRINT
(
"info"
,
(
"IO layer change done!"
));
/* Verify server cert */
/* Verify server cert */
if
((
mysql
->
client_flag
&
CLIENT_SSL_VERIFY_SERVER_CERT
)
&&
if
((
mysql
->
client_flag
&
CLIENT_SSL_VERIFY_SERVER_CERT
)
&&
ssl_verify_server_cert
(
net
->
vio
,
mysql
->
host
))
ssl_verify_server_cert
(
net
->
vio
,
mysql
->
host
,
&
cert_error
))
{
{
set_mysql_error
(
mysql
,
CR_SSL_CONNECTION_ERROR
,
unknown_sqlstate
);
set_mysql_extended_error
(
mysql
,
CR_SSL_CONNECTION_ERROR
,
unknown_sqlstate
,
ER
(
CR_SSL_CONNECTION_ERROR
),
cert_error
);
goto
error
;
goto
error
;
}
}
}
}
...
...
sql/sql_acl.cc
View file @
e1b79597
...
@@ -8527,14 +8527,14 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
...
@@ -8527,14 +8527,14 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
DBUG_PRINT
(
"info"
,
(
"client capabilities: %lu"
,
mpvio
->
client_capabilities
));
DBUG_PRINT
(
"info"
,
(
"client capabilities: %lu"
,
mpvio
->
client_capabilities
));
if
(
mpvio
->
client_capabilities
&
CLIENT_SSL
)
if
(
mpvio
->
client_capabilities
&
CLIENT_SSL
)
{
{
char
error_string
[
1024
]
__attribute__
((
unused
))
;
unsigned
long
errptr
;
/* Do the SSL layering. */
/* Do the SSL layering. */
if
(
!
ssl_acceptor_fd
)
if
(
!
ssl_acceptor_fd
)
return
packet_error
;
return
packet_error
;
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
if
(
sslaccept
(
ssl_acceptor_fd
,
net
->
vio
,
net
->
read_timeout
))
if
(
sslaccept
(
ssl_acceptor_fd
,
net
->
vio
,
net
->
read_timeout
,
&
errptr
))
{
{
DBUG_PRINT
(
"error"
,
(
"Failed to accept new SSL connection"
));
DBUG_PRINT
(
"error"
,
(
"Failed to accept new SSL connection"
));
return
packet_error
;
return
packet_error
;
...
...
vio/test-ssl.c
View file @
e1b79597
...
@@ -59,6 +59,9 @@ main(int argc, char** argv)
...
@@ -59,6 +59,9 @@ main(int argc, char** argv)
struct
st_VioSSLFd
*
ssl_acceptor
=
0
;
struct
st_VioSSLFd
*
ssl_acceptor
=
0
;
struct
st_VioSSLFd
*
ssl_connector
=
0
;
struct
st_VioSSLFd
*
ssl_connector
=
0
;
Vio
*
client_vio
=
0
,
*
server_vio
=
0
;
Vio
*
client_vio
=
0
,
*
server_vio
=
0
;
enum
enum_ssl_init_error
ssl_init_error
;
unsigned
long
ssl_error
;
MY_INIT
(
argv
[
0
]);
MY_INIT
(
argv
[
0
]);
DBUG_PROCESS
(
argv
[
0
]);
DBUG_PROCESS
(
argv
[
0
]);
DBUG_PUSH
(
default_dbug_option
);
DBUG_PUSH
(
default_dbug_option
);
...
@@ -91,16 +94,16 @@ main(int argc, char** argv)
...
@@ -91,16 +94,16 @@ main(int argc, char** argv)
ssl_acceptor
=
new_VioSSLAcceptorFd
(
server_key
,
server_cert
,
ca_file
,
ssl_acceptor
=
new_VioSSLAcceptorFd
(
server_key
,
server_cert
,
ca_file
,
ca_path
,
cipher
);
ca_path
,
cipher
);
ssl_connector
=
new_VioSSLConnectorFd
(
client_key
,
client_cert
,
ca_file
,
ssl_connector
=
new_VioSSLConnectorFd
(
client_key
,
client_cert
,
ca_file
,
ca_path
,
cipher
);
ca_path
,
cipher
,
&
ssl_init_error
);
client_vio
=
(
struct
st_vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
client_vio
=
(
struct
st_vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
client_vio
->
sd
=
sv
[
0
];
client_vio
->
sd
=
sv
[
0
];
client_vio
->
vioblocking
(
client_vio
,
0
,
&
unused
);
client_vio
->
vioblocking
(
client_vio
,
0
,
&
unused
);
sslconnect
(
ssl_connector
,
client_vio
,
60L
);
sslconnect
(
ssl_connector
,
client_vio
,
60L
,
&
ssl_error
);
server_vio
=
(
struct
st_vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
server_vio
=
(
struct
st_vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
server_vio
->
sd
=
sv
[
1
];
server_vio
->
sd
=
sv
[
1
];
server_vio
->
vioblocking
(
client_vio
,
0
,
&
unused
);
server_vio
->
vioblocking
(
client_vio
,
0
,
&
unused
);
sslaccept
(
ssl_acceptor
,
server_vio
,
60L
);
sslaccept
(
ssl_acceptor
,
server_vio
,
60L
,
&
ssl_error
);
printf
(
"Socketpair: %d , %d
\n
"
,
client_vio
->
sd
,
server_vio
->
sd
);
printf
(
"Socketpair: %d , %d
\n
"
,
client_vio
->
sd
,
server_vio
->
sd
);
...
...
vio/test-sslclient.c
View file @
e1b79597
...
@@ -50,6 +50,9 @@ main( int argc __attribute__((unused)),
...
@@ -50,6 +50,9 @@ main( int argc __attribute__((unused)),
Vio
*
client_vio
=
0
;
Vio
*
client_vio
=
0
;
int
err
;
int
err
;
char
xbuf
[
100
]
=
"Ohohhhhoh1234"
;
char
xbuf
[
100
]
=
"Ohohhhhoh1234"
;
enum
enum_ssl_init_error
ssl_init_error
;
unsigned
long
ssl_error
;
MY_INIT
(
argv
[
0
]);
MY_INIT
(
argv
[
0
]);
DBUG_PROCESS
(
argv
[
0
]);
DBUG_PROCESS
(
argv
[
0
]);
DBUG_PUSH
(
default_dbug_option
);
DBUG_PUSH
(
default_dbug_option
);
...
@@ -60,7 +63,8 @@ main( int argc __attribute__((unused)),
...
@@ -60,7 +63,8 @@ main( int argc __attribute__((unused)),
if
(
ca_path
!=
0
)
if
(
ca_path
!=
0
)
printf
(
"CApath : %s
\n
"
,
ca_path
);
printf
(
"CApath : %s
\n
"
,
ca_path
);
ssl_connector
=
new_VioSSLConnectorFd
(
client_key
,
client_cert
,
ca_file
,
ca_path
,
cipher
);
ssl_connector
=
new_VioSSLConnectorFd
(
client_key
,
client_cert
,
ca_file
,
ca_path
,
cipher
,
&
ssl_init_error
);
if
(
!
ssl_connector
)
{
if
(
!
ssl_connector
)
{
fatal_error
(
"client:new_VioSSLConnectorFd failed"
);
fatal_error
(
"client:new_VioSSLConnectorFd failed"
);
}
}
...
@@ -81,7 +85,7 @@ main( int argc __attribute__((unused)),
...
@@ -81,7 +85,7 @@ main( int argc __attribute__((unused)),
/* ----------------------------------------------- */
/* ----------------------------------------------- */
/* Now we have TCP conncetion. Start SSL negotiation. */
/* Now we have TCP conncetion. Start SSL negotiation. */
read
(
client_vio
->
sd
,
xbuf
,
sizeof
(
xbuf
));
read
(
client_vio
->
sd
,
xbuf
,
sizeof
(
xbuf
));
sslconnect
(
ssl_connector
,
client_vio
,
60L
);
sslconnect
(
ssl_connector
,
client_vio
,
60L
,
&
ssl_error
);
err
=
vio_read
(
client_vio
,
xbuf
,
sizeof
(
xbuf
));
err
=
vio_read
(
client_vio
,
xbuf
,
sizeof
(
xbuf
));
if
(
err
<=
0
)
{
if
(
err
<=
0
)
{
my_free
(
ssl_connector
);
my_free
(
ssl_connector
);
...
...
vio/test-sslserver.c
View file @
e1b79597
...
@@ -52,6 +52,7 @@ do_ssl_stuff( TH_ARGS* args)
...
@@ -52,6 +52,7 @@ do_ssl_stuff( TH_ARGS* args)
const
char
*
s
=
"Huhuhuhuuu"
;
const
char
*
s
=
"Huhuhuhuuu"
;
Vio
*
server_vio
;
Vio
*
server_vio
;
int
err
;
int
err
;
unsigned
long
ssl_error
;
DBUG_ENTER
(
"do_ssl_stuff"
);
DBUG_ENTER
(
"do_ssl_stuff"
);
server_vio
=
vio_new
(
args
->
sd
,
VIO_TYPE_TCPIP
,
TRUE
);
server_vio
=
vio_new
(
args
->
sd
,
VIO_TYPE_TCPIP
,
TRUE
);
...
@@ -60,7 +61,7 @@ do_ssl_stuff( TH_ARGS* args)
...
@@ -60,7 +61,7 @@ do_ssl_stuff( TH_ARGS* args)
/* TCP connection is ready. Do server side SSL. */
/* TCP connection is ready. Do server side SSL. */
err
=
write
(
server_vio
->
sd
,(
uchar
*
)
s
,
strlen
(
s
));
err
=
write
(
server_vio
->
sd
,(
uchar
*
)
s
,
strlen
(
s
));
sslaccept
(
args
->
ssl_acceptor
,
server_vio
,
60L
);
sslaccept
(
args
->
ssl_acceptor
,
server_vio
,
60L
,
&
ssl_error
);
err
=
server_vio
->
write
(
server_vio
,(
uchar
*
)
s
,
strlen
(
s
));
err
=
server_vio
->
write
(
server_vio
,(
uchar
*
)
s
,
strlen
(
s
));
DBUG_VOID_RETURN
;
DBUG_VOID_RETURN
;
}
}
...
...
vio/viossl.c
View file @
e1b79597
...
@@ -144,8 +144,9 @@ void vio_ssl_delete(Vio *vio)
...
@@ -144,8 +144,9 @@ void vio_ssl_delete(Vio *vio)
static
int
ssl_do
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
,
static
int
ssl_do
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
,
int
(
*
connect_accept_func
)(
SSL
*
))
int
(
*
connect_accept_func
)(
SSL
*
)
,
unsigned
long
*
errptr
)
{
{
int
r
;
SSL
*
ssl
;
SSL
*
ssl
;
my_bool
unused
;
my_bool
unused
;
my_bool
was_blocking
;
my_bool
was_blocking
;
...
@@ -160,7 +161,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
...
@@ -160,7 +161,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
if
(
!
(
ssl
=
SSL_new
(
ptr
->
ssl_context
)))
if
(
!
(
ssl
=
SSL_new
(
ptr
->
ssl_context
)))
{
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
(
ssl
);
*
errptr
=
ERR_get_error
(
);
vio_blocking
(
vio
,
was_blocking
,
&
unused
);
vio_blocking
(
vio
,
was_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
}
}
...
@@ -169,10 +170,10 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
...
@@ -169,10 +170,10 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
SSL_SESSION_set_timeout
(
SSL_get_session
(
ssl
),
timeout
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
ssl
),
timeout
);
SSL_set_fd
(
ssl
,
vio
->
sd
);
SSL_set_fd
(
ssl
,
vio
->
sd
);
if
(
connect_accept_func
(
ssl
)
<
1
)
if
(
(
r
=
connect_accept_func
(
ssl
)
)
<
1
)
{
{
DBUG_PRINT
(
"error"
,
(
"SSL_connect/accept failure"
));
DBUG_PRINT
(
"error"
,
(
"SSL_connect/accept failure"
));
report_errors
(
ssl
);
*
errptr
=
SSL_get_error
(
ssl
,
r
);
SSL_free
(
ssl
);
SSL_free
(
ssl
);
vio_blocking
(
vio
,
was_blocking
,
&
unused
);
vio_blocking
(
vio
,
was_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
...
@@ -220,17 +221,17 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
...
@@ -220,17 +221,17 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
}
}
int
sslaccept
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
int
sslaccept
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
,
unsigned
long
*
errptr
)
{
{
DBUG_ENTER
(
"sslaccept"
);
DBUG_ENTER
(
"sslaccept"
);
DBUG_RETURN
(
ssl_do
(
ptr
,
vio
,
timeout
,
SSL_accept
));
DBUG_RETURN
(
ssl_do
(
ptr
,
vio
,
timeout
,
SSL_accept
,
errptr
));
}
}
int
sslconnect
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
int
sslconnect
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
,
unsigned
long
*
errptr
)
{
{
DBUG_ENTER
(
"sslconnect"
);
DBUG_ENTER
(
"sslconnect"
);
DBUG_RETURN
(
ssl_do
(
ptr
,
vio
,
timeout
,
SSL_connect
));
DBUG_RETURN
(
ssl_do
(
ptr
,
vio
,
timeout
,
SSL_connect
,
errptr
));
}
}
...
...
vio/viosslfactories.c
View file @
e1b79597
...
@@ -165,7 +165,7 @@ static struct st_VioSSLFd *
...
@@ -165,7 +165,7 @@ static struct st_VioSSLFd *
new_VioSSLFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
new_VioSSLFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
,
SSL_METHOD
*
method
,
const
char
*
cipher
,
SSL_METHOD
*
method
,
enum
enum_ssl_init_error
*
error
)
enum
enum_ssl_init_error
*
error
)
{
{
DH
*
dh
;
DH
*
dh
;
struct
st_VioSSLFd
*
ssl_fd
;
struct
st_VioSSLFd
*
ssl_fd
;
...
@@ -249,11 +249,10 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
...
@@ -249,11 +249,10 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
struct
st_VioSSLFd
*
struct
st_VioSSLFd
*
new_VioSSLConnectorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
new_VioSSLConnectorFd
(
const
char
*
key_file
,
const
char
*
cert_file
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
ca_file
,
const
char
*
ca_path
,
const
char
*
cipher
)
const
char
*
cipher
,
enum
enum_ssl_init_error
*
error
)
{
{
struct
st_VioSSLFd
*
ssl_fd
;
struct
st_VioSSLFd
*
ssl_fd
;
int
verify
=
SSL_VERIFY_PEER
;
int
verify
=
SSL_VERIFY_PEER
;
enum
enum_ssl_init_error
dummy
;
/*
/*
Turn off verification of servers certificate if both
Turn off verification of servers certificate if both
...
@@ -263,7 +262,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
...
@@ -263,7 +262,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
verify
=
SSL_VERIFY_NONE
;
verify
=
SSL_VERIFY_NONE
;
if
(
!
(
ssl_fd
=
new_VioSSLFd
(
key_file
,
cert_file
,
ca_file
,
if
(
!
(
ssl_fd
=
new_VioSSLFd
(
key_file
,
cert_file
,
ca_file
,
ca_path
,
cipher
,
TLSv1_client_method
(),
&
dummy
)))
ca_path
,
cipher
,
TLSv1_client_method
(),
error
)))
{
{
return
0
;
return
0
;
}
}
...
...
vio/viotest-ssl.c
View file @
e1b79597
...
@@ -60,6 +60,9 @@ int main(int argc, char **argv)
...
@@ -60,6 +60,9 @@ int main(int argc, char **argv)
struct
st_VioSSLConnectorFd
*
ssl_connector
=
0
;
struct
st_VioSSLConnectorFd
*
ssl_connector
=
0
;
Vio
*
client_vio
=
0
;
Vio
*
client_vio
=
0
;
Vio
*
server_vio
=
0
;
Vio
*
server_vio
=
0
;
enum
enum_ssl_init_error
ssl_init_error
;
unsigned
long
ssl_error
;
MY_INIT
(
argv
[
0
]);
MY_INIT
(
argv
[
0
]);
DBUG_PROCESS
(
argv
[
0
]);
DBUG_PROCESS
(
argv
[
0
]);
DBUG_PUSH
(
default_dbug_option
);
DBUG_PUSH
(
default_dbug_option
);
...
@@ -92,14 +95,14 @@ int main(int argc, char **argv)
...
@@ -92,14 +95,14 @@ int main(int argc, char **argv)
ssl_acceptor
=
new_VioSSLAcceptorFd
(
server_key
,
server_cert
,
ca_file
,
ssl_acceptor
=
new_VioSSLAcceptorFd
(
server_key
,
server_cert
,
ca_file
,
ca_path
);
ca_path
);
ssl_connector
=
new_VioSSLConnectorFd
(
client_key
,
client_cert
,
ca_file
,
ssl_connector
=
new_VioSSLConnectorFd
(
client_key
,
client_cert
,
ca_file
,
ca_path
);
ca_path
,
&
ssl_init_error
);
client_vio
=
(
Vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
client_vio
=
(
Vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
client_vio
->
sd
=
sv
[
0
];
client_vio
->
sd
=
sv
[
0
];
sslconnect
(
ssl_connector
,
client_vio
);
sslconnect
(
ssl_connector
,
client_vio
,
&
ssl_error
);
server_vio
=
(
Vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
server_vio
=
(
Vio
*
)
my_malloc
(
sizeof
(
struct
st_vio
),
MYF
(
0
));
server_vio
->
sd
=
sv
[
1
];
server_vio
->
sd
=
sv
[
1
];
sslaccept
(
ssl_acceptor
,
server_vio
);
sslaccept
(
ssl_acceptor
,
server_vio
,
&
ssl_error
);
printf
(
"Socketpair: %d , %d
\n
"
,
client_vio
->
sd
,
server_vio
->
sd
);
printf
(
"Socketpair: %d , %d
\n
"
,
client_vio
->
sd
,
server_vio
->
sd
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment