Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
98579955
Commit
98579955
authored
Nov 06, 2002
by
gluh@gluh.(none)
Browse files
Options
Browse Files
Download
Plain Diff
Merge sgluhov@work.mysql.com:/home/bk/mysql-4.0
into gluh.(none):/home/gluh/mysql-4.0.bklast
parents
db169310
7bf903ea
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
77 additions
and
24 deletions
+77
-24
include/errmsg.h
include/errmsg.h
+1
-0
include/violite.h
include/violite.h
+1
-2
libmysql/errmsg.c
libmysql/errmsg.c
+6
-3
libmysql/libmysql.c
libmysql/libmysql.c
+8
-5
sql/mysqld.cc
sql/mysqld.cc
+12
-3
sql/sql_parse.cc
sql/sql_parse.cc
+7
-1
vio/viossl.c
vio/viossl.c
+36
-10
vio/viosslfactories.c
vio/viosslfactories.c
+6
-0
No files found.
include/errmsg.h
View file @
98579955
...
...
@@ -61,3 +61,4 @@ extern const char *client_errors[]; /* Error messages */
#define CR_PROBE_SLAVE_HOSTS 2023
#define CR_PROBE_SLAVE_CONNECT 2024
#define CR_PROBE_MASTER_CONNECT 2025
#define CR_SSL_CONNECTION_ERROR 2026
include/violite.h
View file @
98579955
...
...
@@ -174,7 +174,7 @@ struct st_VioSSLConnectorFd
SSL_METHOD
*
ssl_method_
;
};
void
sslaccept
(
struct
st_VioSSLAcceptorFd
*
,
Vio
*
,
long
timeout
);
int
sslaccept
(
struct
st_VioSSLAcceptorFd
*
,
Vio
*
,
long
timeout
);
int
sslconnect
(
struct
st_VioSSLConnectorFd
*
,
Vio
*
,
long
timeout
);
struct
st_VioSSLConnectorFd
...
...
@@ -231,7 +231,6 @@ struct st_vio
#ifdef HAVE_OPENSSL
SSL
*
ssl_
;
my_bool
open_
;
#endif
/* HAVE_OPENSSL */
#endif
/* HAVE_VIO */
};
...
...
libmysql/errmsg.c
View file @
98579955
...
...
@@ -49,7 +49,8 @@ const char *client_errors[]=
"Error on SHOW SLAVE STATUS:"
,
"Error on SHOW SLAVE HOSTS:"
,
"Error connecting to slave:"
,
"Error connecting to master:"
"Error connecting to master:"
,
"SSL connection error"
};
/* Start of code added by Roberto M. Serqueira - martinsc@uol.com.br - 05.24.2001 */
...
...
@@ -82,7 +83,8 @@ const char *client_errors[]=
"Error on SHOW SLAVE STATUS:"
,
"Error on SHOW SLAVE HOSTS:"
,
"Error connecting to slave:"
,
"Error connecting to master:"
"Error connecting to master:"
,
"SSL connection error"
};
#else
/* ENGLISH */
...
...
@@ -113,7 +115,8 @@ const char *client_errors[]=
"Error on SHOW SLAVE STATUS:"
,
"Error on SHOW SLAVE HOSTS:"
,
"Error connecting to slave:"
,
"Error connecting to master:"
"Error connecting to master:"
,
"SSL connection error"
};
#endif
...
...
libmysql/libmysql.c
View file @
98579955
...
...
@@ -1872,15 +1872,18 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
options
->
ssl_capath
,
options
->
ssl_cipher
)))
{
/* TODO: Change to SSL error */
net
->
last_errno
=
CR_SERVER_LOST
;
net
->
last_errno
=
CR_SSL_CONNECTION_ERROR
;
strmov
(
net
->
last_error
,
ER
(
net
->
last_errno
));
goto
error
;
}
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
/* TODO: Add proper error checking here, with return error message */
sslconnect
((
struct
st_VioSSLConnectorFd
*
)(
mysql
->
connector_fd
),
mysql
->
net
.
vio
,
(
long
)
(
mysql
->
options
.
connect_timeout
));
if
(
sslconnect
((
struct
st_VioSSLConnectorFd
*
)(
mysql
->
connector_fd
),
mysql
->
net
.
vio
,
(
long
)
(
mysql
->
options
.
connect_timeout
)))
{
net
->
last_errno
=
CR_SSL_CONNECTION_ERROR
;
strmov
(
net
->
last_error
,
ER
(
net
->
last_errno
));
goto
error
;
}
DBUG_PRINT
(
"info"
,
(
"IO layer change done!"
));
}
#endif
/* HAVE_OPENSSL */
...
...
sql/mysqld.cc
View file @
98579955
...
...
@@ -339,7 +339,7 @@ volatile ulong cached_thread_count=0;
my_string
master_user
=
(
char
*
)
"test"
,
master_password
=
0
,
master_host
=
0
,
master_info_file
=
(
char
*
)
"master.info"
,
relay_log_info_file
=
(
char
*
)
"relay-log.info"
,
master_ssl_key
=
0
,
master_ssl_cert
=
0
;
master_ssl_key
=
0
,
master_ssl_cert
=
0
,
master_ssl_capath
=
0
,
master_ssl_cipher
=
0
;
my_string
report_user
=
0
,
report_password
=
0
,
report_host
=
0
;
const
char
*
localhost
=
LOCAL_HOST
;
...
...
@@ -2819,8 +2819,9 @@ enum options {
OPT_MASTER_PASSWORD
,
OPT_MASTER_PORT
,
OPT_MASTER_INFO_FILE
,
OPT_MASTER_CONNECT_RETRY
,
OPT_MASTER_RETRY_COUNT
,
OPT_MASTER_SSL
,
OPT_MASTER_SSL_KEY
,
OPT_MASTER_SSL_CERT
,
OPT_MASTER_SSL
,
OPT_MASTER_SSL_KEY
,
OPT_MASTER_SSL_CERT
,
OPT_MASTER_SSL_CAPATH
,
OPT_MASTER_SSL_CIPHER
,
OPT_SQL_BIN_UPDATE_SAME
,
OPT_REPLICATE_DO_DB
,
OPT_REPLICATE_IGNORE_DB
,
OPT_LOG_SLAVE_UPDATES
,
OPT_BINLOG_DO_DB
,
OPT_BINLOG_IGNORE_DB
,
...
...
@@ -3129,6 +3130,14 @@ struct my_option my_long_options[] =
"Master SSL certificate file name. Only applies if you have enabled master-ssl."
,
(
gptr
*
)
&
master_ssl_cert
,
(
gptr
*
)
&
master_ssl_cert
,
0
,
GET_STR
,
OPT_ARG
,
0
,
0
,
0
,
0
,
0
,
0
},
{
"master-ssl-capath"
,
OPT_MASTER_SSL_CAPATH
,
"Master SSL CA path. Only applies if you have enabled master-ssl."
,
(
gptr
*
)
&
master_ssl_capath
,
(
gptr
*
)
&
master_ssl_capath
,
0
,
GET_STR
,
OPT_ARG
,
0
,
0
,
0
,
0
,
0
,
0
},
{
"master-ssl-cipher"
,
OPT_MASTER_SSL_CIPHER
,
"Master SSL cipher. Only applies if you have enabled master-ssl."
,
(
gptr
*
)
&
master_ssl_cipher
,
(
gptr
*
)
&
master_ssl_capath
,
0
,
GET_STR
,
OPT_ARG
,
0
,
0
,
0
,
0
,
0
,
0
},
{
"myisam-recover"
,
OPT_MYISAM_RECOVER
,
"Syntax: myisam-recover[=option[,option...]], where option can be DEFAULT, BACKUP or FORCE."
,
(
gptr
*
)
&
myisam_recover_options_str
,
(
gptr
*
)
&
myisam_recover_options_str
,
0
,
...
...
sql/sql_parse.cc
View file @
98579955
...
...
@@ -554,7 +554,13 @@ check_connections(THD *thd)
{
/* Do the SSL layering. */
DBUG_PRINT
(
"info"
,
(
"IO layer change in progress..."
));
sslaccept
(
ssl_acceptor_fd
,
net
->
vio
,
thd
->
variables
.
net_wait_timeout
);
if
(
sslaccept
(
ssl_acceptor_fd
,
net
->
vio
,
thd
->
variables
.
net_wait_timeout
))
{
DBUG_PRINT
(
"error"
,
(
"Failed to read user information (pkt_len= %lu)"
,
pkt_len
));
inc_host_errors
(
&
thd
->
remote
.
sin_addr
);
return
(
ER_HANDSHAKE_ERROR
);
}
DBUG_PRINT
(
"info"
,
(
"Reading user information over SSL layer"
));
if
((
pkt_len
=
my_net_read
(
net
))
==
packet_error
||
pkt_len
<
NORMAL_HANDSHAKE_SIZE
)
...
...
vio/viossl.c
View file @
98579955
...
...
@@ -249,35 +249,48 @@ void vio_ssl_in_addr(Vio *vio, struct in_addr *in)
/*
TODO: Add documentation
and error handling
TODO: Add documentation
*/
void
sslaccept
(
struct
st_VioSSLAcceptorFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
int
sslaccept
(
struct
st_VioSSLAcceptorFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
{
char
*
str
;
char
buf
[
1024
];
X509
*
client_cert
;
my_bool
unused
;
my_bool
net_blocking
;
enum
enum_vio_type
old_type
;
DBUG_ENTER
(
"sslaccept"
);
DBUG_PRINT
(
"enter"
,
(
"sd=%d ptr=%p"
,
vio
->
sd
,
ptr
));
old_type
=
vio
->
type
;
net_blocking
=
vio_is_blocking
(
vio
);
vio_blocking
(
vio
,
1
,
&
unused
);
/* Must be called before reset */
vio_reset
(
vio
,
VIO_TYPE_SSL
,
vio
->
sd
,
0
,
FALSE
);
vio
->
ssl_
=
0
;
vio
->
open_
=
FALSE
;
if
(
!
(
vio
->
ssl_
=
SSL_new
(
ptr
->
ssl_context_
)))
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
();
DBUG_VOID_RETURN
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
DBUG_PRINT
(
"info"
,
(
"ssl_=%p timeout=%ld"
,
vio
->
ssl_
,
timeout
));
SSL_clear
(
vio
->
ssl_
);
SSL_SESSION_set_timeout
(
SSL_get_session
(
vio
->
ssl_
),
timeout
);
SSL_set_fd
(
vio
->
ssl_
,
vio
->
sd
);
SSL_set_accept_state
(
vio
->
ssl_
);
SSL_do_handshake
(
vio
->
ssl_
);
vio
->
open_
=
TRUE
;
if
(
SSL_do_handshake
(
vio
->
ssl_
)
<
1
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_do_handshake failure"
));
report_errors
();
SSL_free
(
vio
->
ssl_
);
vio
->
ssl_
=
0
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
#ifndef DBUF_OFF
DBUG_PRINT
(
"info"
,(
"SSL_get_cipher_name() = '%s'"
,
SSL_get_cipher_name
(
vio
->
ssl_
)));
...
...
@@ -309,7 +322,7 @@ void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
}
#endif
DBUG_
VOID_RETURN
;
DBUG_
RETURN
(
0
)
;
}
...
...
@@ -318,17 +331,22 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
char
*
str
;
X509
*
server_cert
;
my_bool
unused
;
my_bool
net_blocking
;
enum
enum_vio_type
old_type
;
DBUG_ENTER
(
"sslconnect"
);
DBUG_PRINT
(
"enter"
,
(
"sd=%d ptr=%p ctx: %p"
,
vio
->
sd
,
ptr
,
ptr
->
ssl_context_
));
old_type
=
vio
->
type
;
net_blocking
=
vio_is_blocking
(
vio
);
vio_blocking
(
vio
,
1
,
&
unused
);
/* Must be called before reset */
vio_reset
(
vio
,
VIO_TYPE_SSL
,
vio
->
sd
,
0
,
FALSE
);
vio
->
ssl_
=
0
;
vio
->
open_
=
FALSE
;
if
(
!
(
vio
->
ssl_
=
SSL_new
(
ptr
->
ssl_context_
)))
{
DBUG_PRINT
(
"error"
,
(
"SSL_new failure"
));
report_errors
();
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
DBUG_PRINT
(
"info"
,
(
"ssl_=%p timeout=%ld"
,
vio
->
ssl_
,
timeout
));
...
...
@@ -336,8 +354,16 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
SSL_SESSION_set_timeout
(
SSL_get_session
(
vio
->
ssl_
),
timeout
);
SSL_set_fd
(
vio
->
ssl_
,
vio
->
sd
);
SSL_set_connect_state
(
vio
->
ssl_
);
SSL_do_handshake
(
vio
->
ssl_
);
vio
->
open_
=
TRUE
;
if
(
SSL_do_handshake
(
vio
->
ssl_
)
<
1
)
{
DBUG_PRINT
(
"error"
,
(
"SSL_do_handshake failure"
));
report_errors
();
SSL_free
(
vio
->
ssl_
);
vio
->
ssl_
=
0
;
vio_reset
(
vio
,
old_type
,
vio
->
sd
,
0
,
FALSE
);
vio_blocking
(
vio
,
net_blocking
,
&
unused
);
DBUG_RETURN
(
1
);
}
#ifndef DBUG_OFF
DBUG_PRINT
(
"info"
,(
"SSL_get_cipher_name() = '%s'"
,
SSL_get_cipher_name
(
vio
->
ssl_
)));
...
...
vio/viosslfactories.c
View file @
98579955
...
...
@@ -93,7 +93,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
{
DBUG_PRINT
(
"error"
,(
"unable to get certificate from '%s'
\n
"
,
cert_file
));
/* FIX stderr */
fprintf
(
stderr
,
"Error when connection to server using SSL:"
);
ERR_print_errors_fp
(
stderr
);
fprintf
(
stderr
,
"Unable to get certificate from '%s'
\n
"
,
cert_file
);
fflush
(
stderr
);
DBUG_RETURN
(
0
);
}
if
(
key_file
==
NULL
)
...
...
@@ -103,7 +106,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
{
DBUG_PRINT
(
"error"
,
(
"unable to get private key from '%s'
\n
"
,
key_file
));
/* FIX stderr */
fprintf
(
stderr
,
"Error when connection to server using SSL:"
);
ERR_print_errors_fp
(
stderr
);
fprintf
(
stderr
,
"Unable to get private key from '%s'
\n
"
,
cert_file
);
fflush
(
stderr
);
DBUG_RETURN
(
0
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment