Commit 5394708e authored by unknown's avatar unknown

Merge pilot.blaudden:/home/msvensson/mysql/mysql-5.0-maint

into  pilot.blaudden:/home/msvensson/mysql/mysql-5.1-maint


sql/mysqld.cc:
  Auto merged
vio/viosslfactories.c:
  Auto merged
mysql-test/r/openssl_1.result:
  Manual merge
mysql-test/t/openssl_1.test:
  Manual merge
parents 6848d4f1 2d07a11d
...@@ -51,6 +51,9 @@ SSL error: Unable to get private key from '' ...@@ -51,6 +51,9 @@ SSL error: Unable to get private key from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error mysqltest: Could not open connection 'default': 2026 SSL connection error
SSL error: Unable to get certificate from '' SSL error: Unable to get certificate from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error mysqltest: Could not open connection 'default': 2026 SSL connection error
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
Variable_name Value Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA Ssl_cipher DHE-RSA-AES256-SHA
End of 5.0 tests End of 5.0 tests
...@@ -75,3 +78,10 @@ SSL_CALLBACK_CACHE_HITS 0.0000000 ...@@ -75,3 +78,10 @@ SSL_CALLBACK_CACHE_HITS 0.0000000
DROP TABLE thread_status; DROP TABLE thread_status;
SET GLOBAL event_scheduler=0; SET GLOBAL event_scheduler=0;
End of 5.1 tests End of 5.1 tests
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
Ssl_cipher AES128-SHA
mysqltest: Could not open connection 'default': 2026 SSL connection error
...@@ -96,6 +96,14 @@ drop table t1; ...@@ -96,6 +96,14 @@ drop table t1;
--error 1 --error 1
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# BUG#21611 Slave can't connect when master-ssl-cipher specified
# - Apparently selecting a cipher doesn't work at all
# - Usa a cipher that both yaSSL and OpenSSL supports
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# #
# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
# #
...@@ -142,3 +150,24 @@ SELECT variable_name, variable_value FROM thread_status; ...@@ -142,3 +150,24 @@ SELECT variable_name, variable_value FROM thread_status;
DROP TABLE thread_status; DROP TABLE thread_status;
SET GLOBAL event_scheduler=0; SET GLOBAL event_scheduler=0;
--echo End of 5.1 tests --echo End of 5.1 tests
#
# Test to connect using a list of ciphers
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using a specifi cipher
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
# Test to connect using an unknown cipher
#
--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
--error 1
--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
...@@ -3160,6 +3160,7 @@ static void init_ssl() ...@@ -3160,6 +3160,7 @@ static void init_ssl()
DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd)); DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
if (!ssl_acceptor_fd) if (!ssl_acceptor_fd)
{ {
sql_print_warning("Failed to setup SSL");
opt_use_ssl = 0; opt_use_ssl = 0;
have_ssl= SHOW_OPTION_DISABLED; have_ssl= SHOW_OPTION_DISABLED;
} }
......
...@@ -257,8 +257,13 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -257,8 +257,13 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_RETURN(0); DBUG_RETURN(0);
} }
/* Set the ciphers that can be used */ /*
if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher)) Set the ciphers that can be used
NOTE: SSL_CTX_set_cipher_list will return 0 if
none of the provided ciphers could be selected
*/
if (cipher &&
SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0)
{ {
DBUG_PRINT("error", ("failed to set ciphers to use")); DBUG_PRINT("error", ("failed to set ciphers to use"));
report_errors(); report_errors();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment