Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
b3e9211e
Commit
b3e9211e
authored
Feb 19, 2016
by
Ramil Kalimullin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WL#9072: Backport WL#8785 to 5.5
parent
d9c541cb
Changes
18
Hide whitespace changes
Inline
Side-by-side
Showing
18 changed files
with
265 additions
and
41 deletions
+265
-41
client/client_priv.h
client/client_priv.h
+35
-1
client/mysql.cc
client/mysql.cc
+8
-6
client/mysql_upgrade.c
client/mysql_upgrade.c
+6
-1
client/mysqladmin.cc
client/mysqladmin.cc
+4
-3
client/mysqlcheck.c
client/mysqlcheck.c
+5
-3
client/mysqldump.c
client/mysqldump.c
+5
-4
client/mysqlimport.c
client/mysqlimport.c
+4
-4
client/mysqlshow.c
client/mysqlshow.c
+5
-5
client/mysqlslap.c
client/mysqlslap.c
+4
-4
client/mysqltest.cc
client/mysqltest.cc
+7
-5
include/sslopt-case.h
include/sslopt-case.h
+14
-1
include/sslopt-longopts.h
include/sslopt-longopts.h
+4
-1
include/sslopt-vars.h
include/sslopt-vars.h
+9
-3
mysql-test/r/ssl_mode.result
mysql-test/r/ssl_mode.result
+44
-0
mysql-test/r/ssl_mode_no_ssl.result
mysql-test/r/ssl_mode_no_ssl.result
+22
-0
mysql-test/t/ssl_mode.test
mysql-test/t/ssl_mode.test
+47
-0
mysql-test/t/ssl_mode_no_ssl-master.opt
mysql-test/t/ssl_mode_no_ssl-master.opt
+1
-0
mysql-test/t/ssl_mode_no_ssl.test
mysql-test/t/ssl_mode_no_ssl.test
+41
-0
No files found.
client/client_priv.h
View file @
b3e9211e
/*
/*
Copyright (c) 2001, 201
2
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2001, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -88,6 +88,7 @@ enum options_client
...
@@ -88,6 +88,7 @@ enum options_client
OPT_DEFAULT_AUTH
,
OPT_DEFAULT_AUTH
,
OPT_DEFAULT_PLUGIN
,
OPT_DEFAULT_PLUGIN
,
OPT_ENABLE_CLEARTEXT_PLUGIN
,
OPT_ENABLE_CLEARTEXT_PLUGIN
,
OPT_SSL_MODE
,
OPT_MAX_CLIENT_OPTION
OPT_MAX_CLIENT_OPTION
};
};
...
@@ -111,3 +112,36 @@ enum options_client
...
@@ -111,3 +112,36 @@ enum options_client
*/
*/
#define PERFORMANCE_SCHEMA_DB_NAME "performance_schema"
#define PERFORMANCE_SCHEMA_DB_NAME "performance_schema"
/**
Wrapper for mysql_real_connect() that checks if SSL connection is establised.
The function calls mysql_real_connect() first, then if given ssl_required==TRUE
argument (i.e. --ssl-mode=REQUIRED option used) checks current SSL chiper to
ensure that SSL is used for current connection.
Otherwise it returns NULL and sets errno to CR_SSL_CONNECTION_ERROR.
All clients (except mysqlbinlog which disregards SSL options) use this function
instead of mysql_real_connect() to handle --ssl-mode=REQUIRED option.
*/
MYSQL
*
mysql_connect_ssl_check
(
MYSQL
*
mysql_arg
,
const
char
*
host
,
const
char
*
user
,
const
char
*
passwd
,
const
char
*
db
,
uint
port
,
const
char
*
unix_socket
,
ulong
client_flag
,
my_bool
ssl_required
__attribute__
((
unused
)))
{
MYSQL
*
mysql
=
mysql_real_connect
(
mysql_arg
,
host
,
user
,
passwd
,
db
,
port
,
unix_socket
,
client_flag
);
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
if
(
mysql
&&
/* connection established. */
ssl_required
&&
/* --ssl-mode=REQUIRED. */
!
mysql_get_ssl_cipher
(
mysql
))
/* non-SSL connection. */
{
NET
*
net
=
&
mysql
->
net
;
net
->
last_errno
=
CR_SSL_CONNECTION_ERROR
;
strmov
(
net
->
last_error
,
"--ssl-mode=REQUIRED option forbids non SSL connections"
);
strmov
(
net
->
sqlstate
,
"HY000"
);
return
NULL
;
}
#endif
return
mysql
;
}
client/mysql.cc
View file @
b3e9211e
/*
/*
Copyright (c) 2000, 201
4
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -1316,8 +1316,9 @@ sig_handler handle_sigint(int sig)
...
@@ -1316,8 +1316,9 @@ sig_handler handle_sigint(int sig)
}
}
kill_mysql
=
mysql_init
(
kill_mysql
);
kill_mysql
=
mysql_init
(
kill_mysql
);
if
(
!
mysql_real_connect
(
kill_mysql
,
current_host
,
current_user
,
opt_password
,
if
(
!
mysql_connect_ssl_check
(
kill_mysql
,
current_host
,
current_user
,
opt_password
,
""
,
opt_mysql_port
,
opt_mysql_unix_port
,
0
))
""
,
opt_mysql_port
,
opt_mysql_unix_port
,
0
,
opt_ssl_required
))
{
{
tee_fprintf
(
stdout
,
"Ctrl-C -- sorry, cannot connect to server to kill query, giving up ...
\n
"
);
tee_fprintf
(
stdout
,
"Ctrl-C -- sorry, cannot connect to server to kill query, giving up ...
\n
"
);
goto
err
;
goto
err
;
...
@@ -4457,9 +4458,10 @@ sql_real_connect(char *host,char *database,char *user,char *password,
...
@@ -4457,9 +4458,10 @@ sql_real_connect(char *host,char *database,char *user,char *password,
mysql_options
(
&
mysql
,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
,
mysql_options
(
&
mysql
,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
,
(
char
*
)
&
opt_enable_cleartext_plugin
);
(
char
*
)
&
opt_enable_cleartext_plugin
);
if
(
!
mysql_real_connect
(
&
mysql
,
host
,
user
,
password
,
if
(
!
mysql_connect_ssl_check
(
&
mysql
,
host
,
user
,
password
,
database
,
opt_mysql_port
,
opt_mysql_unix_port
,
database
,
opt_mysql_port
,
opt_mysql_unix_port
,
connect_flag
|
CLIENT_MULTI_STATEMENTS
))
connect_flag
|
CLIENT_MULTI_STATEMENTS
,
opt_ssl_required
))
{
{
if
(
!
silent
||
if
(
!
silent
||
(
mysql_errno
(
&
mysql
)
!=
CR_CONN_HOST_ERROR
&&
(
mysql_errno
(
&
mysql
)
!=
CR_CONN_HOST_ERROR
&&
...
...
client/mysql_upgrade.c
View file @
b3e9211e
/*
/*
Copyright (c) 2006, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2006, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -307,6 +307,7 @@ get_one_option(int optid, const struct my_option *opt,
...
@@ -307,6 +307,7 @@ get_one_option(int optid, const struct my_option *opt,
case
OPT_DEFAULT_AUTH
:
/* --default-auth */
case
OPT_DEFAULT_AUTH
:
/* --default-auth */
add_one_option
(
&
conn_args
,
opt
,
argument
);
add_one_option
(
&
conn_args
,
opt
,
argument
);
break
;
break
;
#include <sslopt-case.h>
}
}
if
(
add_option
)
if
(
add_option
)
...
@@ -386,6 +387,10 @@ static int run_tool(char *tool_path, DYNAMIC_STRING *ds_res, ...)
...
@@ -386,6 +387,10 @@ static int run_tool(char *tool_path, DYNAMIC_STRING *ds_res, ...)
va_end
(
args
);
va_end
(
args
);
/* If given --ssl-mode=REQUIRED propagate it to the tool. */
if
(
opt_ssl_required
)
dynstr_append
(
&
ds_cmdline
,
"--ssl-mode=REQUIRED"
);
#ifdef __WIN__
#ifdef __WIN__
dynstr_append
(
&
ds_cmdline
,
"
\"
"
);
dynstr_append
(
&
ds_cmdline
,
"
\"
"
);
#endif
#endif
...
...
client/mysqladmin.cc
View file @
b3e9211e
/*
/*
Copyright (c) 2000, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -518,8 +518,9 @@ static my_bool sql_connect(MYSQL *mysql, uint wait)
...
@@ -518,8 +518,9 @@ static my_bool sql_connect(MYSQL *mysql, uint wait)
for
(;;)
for
(;;)
{
{
if
(
mysql_real_connect
(
mysql
,
host
,
user
,
opt_password
,
NullS
,
tcp_port
,
if
(
mysql_connect_ssl_check
(
mysql
,
host
,
user
,
opt_password
,
NullS
,
unix_port
,
CLIENT_REMEMBER_OPTIONS
))
tcp_port
,
unix_port
,
CLIENT_REMEMBER_OPTIONS
,
opt_ssl_required
))
{
{
mysql
->
reconnect
=
1
;
mysql
->
reconnect
=
1
;
if
(
info
)
if
(
info
)
...
...
client/mysqlcheck.c
View file @
b3e9211e
/*
/*
Copyright (c) 2001, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2001, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -894,8 +894,10 @@ static int dbConnect(char *host, char *user, char *passwd)
...
@@ -894,8 +894,10 @@ static int dbConnect(char *host, char *user, char *passwd)
(
char
*
)
&
opt_enable_cleartext_plugin
);
(
char
*
)
&
opt_enable_cleartext_plugin
);
mysql_options
(
&
mysql_connection
,
MYSQL_SET_CHARSET_NAME
,
default_charset
);
mysql_options
(
&
mysql_connection
,
MYSQL_SET_CHARSET_NAME
,
default_charset
);
if
(
!
(
sock
=
mysql_real_connect
(
&
mysql_connection
,
host
,
user
,
passwd
,
if
(
!
(
sock
=
mysql_connect_ssl_check
(
&
mysql_connection
,
host
,
user
,
passwd
,
NULL
,
opt_mysql_port
,
opt_mysql_unix_port
,
0
)))
NULL
,
opt_mysql_port
,
opt_mysql_unix_port
,
0
,
opt_ssl_required
)))
{
{
DBerror
(
&
mysql_connection
,
"when trying to connect"
);
DBerror
(
&
mysql_connection
,
"when trying to connect"
);
return
1
;
return
1
;
...
...
client/mysqldump.c
View file @
b3e9211e
/*
/*
Copyright (c) 2000, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -1498,9 +1498,10 @@ static int connect_to_db(char *host, char *user,char *passwd)
...
@@ -1498,9 +1498,10 @@ static int connect_to_db(char *host, char *user,char *passwd)
mysql_options
(
&
mysql_connection
,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
,
mysql_options
(
&
mysql_connection
,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
,
(
char
*
)
&
opt_enable_cleartext_plugin
);
(
char
*
)
&
opt_enable_cleartext_plugin
);
if
(
!
(
mysql
=
mysql_real_connect
(
&
mysql_connection
,
host
,
user
,
passwd
,
if
(
!
(
mysql
=
mysql_connect_ssl_check
(
&
mysql_connection
,
host
,
user
,
NULL
,
opt_mysql_port
,
opt_mysql_unix_port
,
passwd
,
NULL
,
opt_mysql_port
,
0
)))
opt_mysql_unix_port
,
0
,
opt_ssl_required
)))
{
{
DB_error
(
&
mysql_connection
,
"when trying to connect"
);
DB_error
(
&
mysql_connection
,
"when trying to connect"
);
DBUG_RETURN
(
1
);
DBUG_RETURN
(
1
);
...
...
client/mysqlimport.c
View file @
b3e9211e
/*
/*
Copyright (c) 2000, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -449,9 +449,9 @@ static MYSQL *db_connect(char *host, char *database,
...
@@ -449,9 +449,9 @@ static MYSQL *db_connect(char *host, char *database,
(
char
*
)
&
opt_enable_cleartext_plugin
);
(
char
*
)
&
opt_enable_cleartext_plugin
);
mysql_options
(
mysql
,
MYSQL_SET_CHARSET_NAME
,
default_charset
);
mysql_options
(
mysql
,
MYSQL_SET_CHARSET_NAME
,
default_charset
);
if
(
!
(
mysql_
real_connect
(
mysql
,
host
,
user
,
passwd
,
if
(
!
(
mysql_
connect_ssl_check
(
mysql
,
host
,
user
,
passwd
,
database
,
database
,
opt_mysql_port
,
opt_mysql_unix_port
,
opt_mysql_port
,
opt_mysql_unix_port
,
0
)))
0
,
opt_ssl_required
)))
{
{
ignore_errors
=
0
;
/* NO RETURN FROM db_error */
ignore_errors
=
0
;
/* NO RETURN FROM db_error */
db_error
(
mysql
);
db_error
(
mysql
);
...
...
client/mysqlshow.c
View file @
b3e9211e
/*
/*
Copyright (c) 2000, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -139,10 +139,10 @@ int main(int argc, char **argv)
...
@@ -139,10 +139,10 @@ int main(int argc, char **argv)
mysql_options
(
&
mysql
,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
,
mysql_options
(
&
mysql
,
MYSQL_ENABLE_CLEARTEXT_PLUGIN
,
(
char
*
)
&
opt_enable_cleartext_plugin
);
(
char
*
)
&
opt_enable_cleartext_plugin
);
if
(
!
(
mysql_
real_connect
(
&
mysql
,
host
,
user
,
opt_password
,
if
(
!
(
mysql_
connect_ssl_check
(
&
mysql
,
host
,
user
,
opt_password
,
(
first_argument_uses_wildcards
)
?
""
:
(
first_argument_uses_wildcards
)
?
""
:
argv
[
0
],
opt_mysql_port
,
opt_mysql_unix_port
,
argv
[
0
],
opt_mysql_port
,
opt_mysql_unix_port
,
0
)))
0
,
opt_ssl_required
)))
{
{
fprintf
(
stderr
,
"%s: %s
\n
"
,
my_progname
,
mysql_error
(
&
mysql
));
fprintf
(
stderr
,
"%s: %s
\n
"
,
my_progname
,
mysql_error
(
&
mysql
));
exit
(
1
);
exit
(
1
);
...
...
client/mysqlslap.c
View file @
b3e9211e
/*
/*
Copyright (c) 2005, 201
5
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -355,9 +355,9 @@ int main(int argc, char **argv)
...
@@ -355,9 +355,9 @@ int main(int argc, char **argv)
(
char
*
)
&
opt_enable_cleartext_plugin
);
(
char
*
)
&
opt_enable_cleartext_plugin
);
if
(
!
opt_only_print
)
if
(
!
opt_only_print
)
{
{
if
(
!
(
mysql_
real_connect
(
&
mysql
,
host
,
user
,
opt_password
,
if
(
!
(
mysql_
connect_ssl_check
(
&
mysql
,
host
,
user
,
opt_password
,
NULL
,
opt_mysql
_port
,
NULL
,
opt_mysql_port
,
opt_mysql_unix
_port
,
opt_mysql_unix_port
,
connect_flags
)))
connect_flags
,
opt_ssl_required
)))
{
{
fprintf
(
stderr
,
"%s: Error when connecting to server: %s
\n
"
,
fprintf
(
stderr
,
"%s: Error when connecting to server: %s
\n
"
,
my_progname
,
mysql_error
(
&
mysql
));
my_progname
,
mysql_error
(
&
mysql
));
...
...
client/mysqltest.cc
View file @
b3e9211e
/* Copyright (c) 2000, 201
3
, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -5281,8 +5281,9 @@ void safe_connect(MYSQL* mysql, const char *name, const char *host,
...
@@ -5281,8 +5281,9 @@ void safe_connect(MYSQL* mysql, const char *name, const char *host,
verbose_msg
(
"Connecting to server %s:%d (socket %s) as '%s'"
verbose_msg
(
"Connecting to server %s:%d (socket %s) as '%s'"
", connection '%s', attempt %d ..."
,
", connection '%s', attempt %d ..."
,
host
,
port
,
sock
,
user
,
name
,
failed_attempts
);
host
,
port
,
sock
,
user
,
name
,
failed_attempts
);
while
(
!
mysql_real_connect
(
mysql
,
host
,
user
,
pass
,
db
,
port
,
sock
,
while
(
!
mysql_connect_ssl_check
(
mysql
,
host
,
user
,
pass
,
db
,
port
,
sock
,
CLIENT_MULTI_STATEMENTS
|
CLIENT_REMEMBER_OPTIONS
))
CLIENT_MULTI_STATEMENTS
|
CLIENT_REMEMBER_OPTIONS
,
opt_ssl_required
))
{
{
/*
/*
Connect failed
Connect failed
...
@@ -5382,8 +5383,9 @@ int connect_n_handle_errors(struct st_command *command,
...
@@ -5382,8 +5383,9 @@ int connect_n_handle_errors(struct st_command *command,
dynstr_append_mem
(
ds
,
";
\n
"
,
2
);
dynstr_append_mem
(
ds
,
";
\n
"
,
2
);
}
}
while
(
!
mysql_real_connect
(
con
,
host
,
user
,
pass
,
db
,
port
,
sock
?
sock
:
0
,
while
(
!
mysql_connect_ssl_check
(
con
,
host
,
user
,
pass
,
db
,
port
,
CLIENT_MULTI_STATEMENTS
))
sock
?
sock
:
0
,
CLIENT_MULTI_STATEMENTS
,
opt_ssl_required
))
{
{
/*
/*
If we have used up all our connections check whether this
If we have used up all our connections check whether this
...
...
include/sslopt-case.h
View file @
b3e9211e
#ifndef SSLOPT_CASE_INCLUDED
#ifndef SSLOPT_CASE_INCLUDED
#define SSLOPT_CASE_INCLUDED
#define SSLOPT_CASE_INCLUDED
/* Copyright (c) 2000, 201
0
, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -28,5 +28,18 @@
...
@@ -28,5 +28,18 @@
*/
*/
opt_use_ssl
=
1
;
opt_use_ssl
=
1
;
break
;
break
;
#ifdef MYSQL_CLIENT
case
OPT_SSL_MODE
:
if
(
my_strcasecmp
(
&
my_charset_latin1
,
argument
,
"required"
))
{
fprintf
(
stderr
,
"Unknown value to --ssl-mode: '%s'. Use --ssl-mode=REQUIRED
\n
"
,
argument
);
exit
(
1
);
}
else
opt_ssl_required
=
1
;
break
;
#endif
/* MYSQL_CLIENT */
#endif
#endif
#endif
/* SSLOPT_CASE_INCLUDED */
#endif
/* SSLOPT_CASE_INCLUDED */
include/sslopt-longopts.h
View file @
b3e9211e
#ifndef SSLOPT_LONGOPTS_INCLUDED
#ifndef SSLOPT_LONGOPTS_INCLUDED
#define SSLOPT_LONGOPTS_INCLUDED
#define SSLOPT_LONGOPTS_INCLUDED
/* Copyright (c) 2000, 201
0
, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -44,6 +44,9 @@
...
@@ -44,6 +44,9 @@
"when connecting. This option is disabled by default."
,
"when connecting. This option is disabled by default."
,
&
opt_ssl_verify_server_cert
,
&
opt_ssl_verify_server_cert
,
&
opt_ssl_verify_server_cert
,
&
opt_ssl_verify_server_cert
,
0
,
GET_BOOL
,
OPT_ARG
,
0
,
0
,
0
,
0
,
0
,
0
},
0
,
GET_BOOL
,
OPT_ARG
,
0
,
0
,
0
,
0
,
0
,
0
},
{
"ssl-mode"
,
OPT_SSL_MODE
,
"SSL connection mode."
,
0
,
0
,
0
,
GET_STR
,
REQUIRED_ARG
,
0
,
0
,
0
,
0
,
0
,
0
},
#endif
#endif
#endif
/* HAVE_OPENSSL */
#endif
/* HAVE_OPENSSL */
#endif
/* SSLOPT_LONGOPTS_INCLUDED */
#endif
/* SSLOPT_LONGOPTS_INCLUDED */
include/sslopt-vars.h
View file @
b3e9211e
#ifndef SSLOPT_VARS_INCLUDED
#ifndef SSLOPT_VARS_INCLUDED
#define SSLOPT_VARS_INCLUDED
#define SSLOPT_VARS_INCLUDED
/* Copyright (c) 2000, 201
0
, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 201
6
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -28,8 +28,14 @@ SSL_STATIC char *opt_ssl_capath = 0;
...
@@ -28,8 +28,14 @@ SSL_STATIC char *opt_ssl_capath = 0;
SSL_STATIC
char
*
opt_ssl_cert
=
0
;
SSL_STATIC
char
*
opt_ssl_cert
=
0
;
SSL_STATIC
char
*
opt_ssl_cipher
=
0
;
SSL_STATIC
char
*
opt_ssl_cipher
=
0
;
SSL_STATIC
char
*
opt_ssl_key
=
0
;
SSL_STATIC
char
*
opt_ssl_key
=
0
;
#ifdef MYSQL_CLIENT
#ifdef MYSQL_CLIENT
SSL_STATIC
my_bool
opt_ssl_verify_server_cert
=
0
;
SSL_STATIC
my_bool
opt_ssl_verify_server_cert
=
0
;
#endif
SSL_STATIC
my_bool
opt_ssl_required
=
0
;
#endif
#endif
/* MYSQL_CLIENT */
#else
/* HAVE_OPENSSL */
#define opt_ssl_required 0
#endif
/* HAVE_OPENSSL */
#endif
/* SSLOPT_VARS_INCLUDED */
#endif
/* SSLOPT_VARS_INCLUDED */
mysql-test/r/ssl_mode.result
0 → 100644
View file @
b3e9211e
# positive client tests
# mysql
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA
CREATE TABLE t1(a INT);
INSERT INTO t1 VALUES(0);
# mysqldump
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;
INSERT INTO `t1` VALUES (0);
# mysqladmin
mysqld is alive
# mysqlcheck
test.t1 OK
# mysqlimport
CREATE TABLE words(a VARCHAR(255));
test.words: Records: 70 Deleted: 0 Skipped: 0 Warnings: 0
DROP TABLE words;
# mysqlshow
Database: test
+--------+
| Tables |
+--------+
| t1 |
+--------+
# mysqlslap
# mysqltest
Output from mysqltest-x.inc
DROP TABLE t1;
# negative client tests
# mysql
Unknown value to --ssl-mode: ''. Use --ssl-mode=REQUIRED
Unknown value to --ssl-mode: 'DERIUQER'. Use --ssl-mode=REQUIRED
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
End of tests
mysql-test/r/ssl_mode_no_ssl.result
0 → 100644
View file @
b3e9211e
# negative client tests
# mysql
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
ERROR 2026 (HY000): --ssl-mode=REQUIRED option forbids non SSL connections
# mysqldump
mysqldump: Got error: 2026: --ssl-mode=REQUIRED option forbids non SSL connections when trying to connect
# mysqladmin
mysqladmin: error: '--ssl-mode=REQUIRED option forbids non SSL connections'
# mysqlcheck
mysqlcheck: Got error: 2026: --ssl-mode=REQUIRED option forbids non SSL connections when trying to connect
# mysqlimport
mysqlimport: Error: 2026 --ssl-mode=REQUIRED option forbids non SSL connections
# mysqlshow
mysqlshow: --ssl-mode=REQUIRED option forbids non SSL connections
# mysqlslap
mysqlslap: Error when connecting to server: --ssl-mode=REQUIRED option forbids non SSL connections
# mysqltest
mysqltest: Could not open connection 'default': 2026 --ssl-mode=REQUIRED option forbids non SSL connections
End of tests
mysql-test/t/ssl_mode.test
0 → 100644
View file @
b3e9211e
--
source
include
/
not_embedded
.
inc
--
source
include
/
have_ssl_communication
.
inc
--
echo
# positive client tests
--
echo
# mysql
--
exec
$MYSQL
test
--
ssl
-
mode
=
ReQuIrEd
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
-
e
"SHOW STATUS LIKE 'Ssl_cipher'"
2
>&
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
--
ssl
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
-
e
"SHOW STATUS LIKE 'Ssl_cipher'"
2
>&
1
CREATE
TABLE
t1
(
a
INT
);
INSERT
INTO
t1
VALUES
(
0
);
--
echo
# mysqldump
--
exec
$MYSQL_DUMP
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
--
compact
--
skip
-
comments
test
2
>&
1
--
echo
# mysqladmin
--
exec
$MYSQLADMIN
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
-
S
$MASTER_MYSOCK
-
P
$MASTER_MYPORT
-
u
root
--
password
=
ping
2
>&
1
--
echo
# mysqlcheck
--
exec
$MYSQL_CHECK
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
test
2
>&
1
--
echo
# mysqlimport
CREATE
TABLE
words
(
a
VARCHAR
(
255
));
--
exec
$MYSQL_IMPORT
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
test
$MYSQLTEST_VARDIR
/
std_data
/
words
.
dat
2
>&
1
DROP
TABLE
words
;
--
echo
# mysqlshow
--
exec
$MYSQL_SHOW
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
test
2
>&
1
--
echo
# mysqlslap
--
exec
$MYSQL_SLAP
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
--
create
-
schema
=
test
--
query
=
"select * from t1"
--
silent
2
>&
1
--
echo
# mysqltest
--
exec
$MYSQL_TEST
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
-
x
$MYSQL_TEST_DIR
/
include
/
mysqltest
-
x
.
inc
2
>&
1
DROP
TABLE
t1
;
--
echo
# negative client tests
--
echo
# mysql
--
error
5
--
exec
$MYSQL
test
--
ssl
-
mode
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
DERIUQER
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
--
ssl
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
--
skip
-
ssl
2
>&
1
--
echo
--
echo
End
of
tests
mysql-test/t/ssl_mode_no_ssl-master.opt
0 → 100644
View file @
b3e9211e
--skip-ssl
mysql-test/t/ssl_mode_no_ssl.test
0 → 100644
View file @
b3e9211e
--
source
include
/
not_embedded
.
inc
--
echo
# negative client tests
--
echo
# mysql
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
--
ssl
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
2
>&
1
--
error
1
--
exec
$MYSQL
test
--
ssl
-
mode
=
REQUIRED
--
ssl
--
ssl
-
cipher
=
DHE
-
RSA
-
AES256
-
SHA
2
>&
1
--
echo
# mysqldump
--
error
2
--
exec
$MYSQL_DUMP
--
ssl
-
mode
=
REQUIRED
test
2
>&
1
--
echo
# mysqladmin
--
replace_regex
/.*
mysqladmin
.*/
mysqladmin
:
/
--
error
1
--
exec
$MYSQLADMIN
--
ssl
-
mode
=
REQUIRED
-
S
$MASTER_MYSOCK
-
P
$MASTER_MYPORT
-
u
root
--
password
=
ping
2
>&
1
--
echo
# mysqlcheck
--
replace_regex
/.*
mysqlcheck
(
\
.
exe
)
*/
mysqlcheck
/
--
error
2
--
exec
$MYSQL_CHECK
--
ssl
-
mode
=
REQUIRED
test
2
>&
1
--
echo
# mysqlimport
--
replace_regex
/.*
mysqlimport
(
\
.
exe
)
*/
mysqlimport
/
--
error
1
--
exec
$MYSQL_IMPORT
--
ssl
-
mode
=
REQUIRED
test
$MYSQLTEST_VARDIR
/
tmp
/
t1
.
txt
2
>&
1
--
echo
# mysqlshow
--
replace_regex
/.*
mysqlshow
(
\
.
exe
)
*/
mysqlshow
/
--
error
1
--
exec
$MYSQL_SHOW
--
ssl
-
mode
=
REQUIRED
test
2
>&
1
--
echo
# mysqlslap
--
replace_regex
/.*
mysqlslap
(
\
.
exe
)
*/
mysqlslap
/
--
error
1
--
exec
$MYSQL_SLAP
--
ssl
-
mode
=
REQUIRED
2
>&
1
--
echo
# mysqltest
--
error
1
--
exec
$MYSQL_TEST
--
ssl
-
mode
=
REQUIRED
-
x
$MYSQL_TEST_DIR
/
include
/
mysqltest
-
x
.
inc
2
>&
1
--
echo
--
echo
End
of
tests
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment