database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-07 02:42:49 +03:00
Code Activity

Fixes for SSL

Browse Source 
- fix for php bug 51647
  - added cert store
  - added certificates for testing
This commit is contained in:
Georg Richter
2012-12-01 14:02:34 +01:00
parent 3ea76613e3
commit 11f01e9fed
17 changed files with 254 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/my_secure.h → include/ma_secure.h
View File

@@ -19,8 +19,8 @@
Part of this code includes code from the PHP project which Part of this code includes code from the PHP project which
is freely available from http://www.php.net is freely available from http://www.php.net
*************************************************************************************/ *************************************************************************************/
#ifndef _my_secure_h_ #ifndef _ma_secure_h_
#define _my_secure_h_ #define _ma_secure_h_
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <mysql.h> #include <mysql.h>
@@ -40,4 +40,4 @@ int my_ssl_start(MYSQL *mysql);
void my_ssl_end(); void my_ssl_end();
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
#endif /* _my_secure_h_ */ #endif /* _ma_secure_h_ */

2
libmariadb/CMakeLists.txt
View File

@@ -94,7 +94,7 @@ my_loaddata.c
my_stmt_codec.c my_stmt_codec.c
client_plugin.c client_plugin.c
my_auth.c my_auth.c
my_secure.c ma_secure.c
libmariadb_exports.def libmariadb_exports.def
) )

2
libmariadb/errmsg.c
View File

@@ -106,7 +106,7 @@ const char *client_errors[]=
/* 2023 */ "", /* 2023 */ "",
/* 2024 */ "", /* 2024 */ "",
/* 2025 */ "", /* 2025 */ "",
/* 2026 */ "SSL connection error", /* 2026 */ "SSL connection error: %100s",
/* 2027 */ "received malformed packet", /* 2027 */ "received malformed packet",
/* 2028 */ "", /* 2028 */ "",
/* 2029 */ "", /* 2029 */ "",

2
libmariadb/libmariadb.c
View File

@@ -61,7 +61,7 @@
#include <sha1.h> #include <sha1.h>
#include <violite.h> #include <violite.h>
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <my_secure.h> #include <ma_secure.h>
#endif #endif
static my_bool mysql_client_init=0; static my_bool mysql_client_init=0;

52
libmariadb/my_secure.c → libmariadb/ma_secure.c
View File

@@ -21,7 +21,7 @@
#include <my_global.h> #include <my_global.h>
#include <my_sys.h> #include <my_sys.h>
#include <my_secure.h> #include <ma_secure.h>
#include <errmsg.h> #include <errmsg.h>
#include <violite.h> #include <violite.h>
@@ -53,11 +53,13 @@ static void my_SSL_error(MYSQL *mysql)
} }
if ((ssl_error_reason= ERR_reason_error_string(ssl_errno))) if ((ssl_error_reason= ERR_reason_error_string(ssl_errno)))
{ {
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, ssl_error_reason); my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR), ssl_error_reason);
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
my_snprintf(ssl_error, MAX_SSL_ERR_LEN, "SSL errno=%lu", ssl_errno, mysql->charset); my_snprintf(ssl_error, MAX_SSL_ERR_LEN, "SSL errno=%lu", ssl_errno, mysql->charset);
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, ssl_error); my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR), ssl_error);
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
@@ -226,8 +228,9 @@ static int my_ssl_set_certs(SSL *ssl)
/* set cert */ /* set cert */
if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0) if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0)
{ {
if ((SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) != 1) && if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) != 1)
(SSL_use_certificate_file(ssl, mysql->options.ssl_cert, SSL_FILETYPE_PEM) != 1)) goto error;
if (SSL_use_certificate_file(ssl, mysql->options.ssl_cert, SSL_FILETYPE_PEM) != 1)
goto error; goto error;
have_cert= 1; have_cert= 1;
} }
@@ -250,6 +253,26 @@ static int my_ssl_set_certs(SSL *ssl)
if (SSL_CTX_set_default_verify_paths(SSL_context) == 0) if (SSL_CTX_set_default_verify_paths(SSL_context) == 0)
goto error; goto error;
} }
if (mysql->options.ssl_ca || mysql->options.ssl_capath)
{
X509_STORE *certstore;
if ((certstore= SSL_CTX_get_cert_store(SSL_context)))
{
if (X509_STORE_load_locations(certstore, mysql->options.ssl_ca,
mysql->options.ssl_capath) == 1)
{
#ifdef X509_V_FLAG_CRL_CHECK
X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "OpenSSL library doesn't support CRL certificates");
DBUG_RETURN(1);
#endif
}
}
}
DBUG_RETURN(0); DBUG_RETURN(0);
error: error:
@@ -259,8 +282,21 @@ error:
static int my_verify_callback(int ok, X509_STORE_CTX *ctx) static int my_verify_callback(int ok, X509_STORE_CTX *ctx)
{ {
/* since we don't have access to the mysql structure, we just return */ X509 *check_cert;
return ok; DBUG_ENTER("my_verify_callback");
if (!ok)
{
uint depth;
if (!(check_cert= X509_STORE_CTX_get_current_cert(ctx)))
DBUG_RETURN(0);
depth= X509_STORE_CTX_get_error_depth(ctx);
DBUG_PRINT("info", ("error_depth=%d", depth));
if (depth == 0)
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ctx->error= %d", ctx->error));
DBUG_RETURN(1);
} }
/* /*
@@ -291,7 +327,6 @@ SSL *my_ssl_init(MYSQL *mysql)
if (!SSL_set_app_data(ssl, mysql)) if (!SSL_set_app_data(ssl, mysql))
goto error; goto error;
if (my_ssl_set_certs(ssl)) if (my_ssl_set_certs(ssl))
goto error; goto error;
@@ -340,6 +375,7 @@ int my_ssl_connect(SSL *ssl)
if (SSL_connect(ssl) != 1) if (SSL_connect(ssl) != 1)
{ {
printf("connect failed\n");
my_SSL_error(mysql); my_SSL_error(mysql);
/* restore blocking mode */ /* restore blocking mode */
if (!blocking) if (!blocking)

2
libmariadb/my_auth.c
View File

@@ -6,7 +6,7 @@
#include <mysql/client_plugin.h> #include <mysql/client_plugin.h>
#include <violite.h> #include <violite.h>
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <my_secure.h> #include <ma_secure.h>
#endif #endif
typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t; typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t;

2
libmariadb/violite.c
View File

@@ -42,7 +42,7 @@
#endif #endif
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <my_secure.h> #include <ma_secure.h>
#endif #endif
#ifdef _WIN32 #ifdef _WIN32

21
unittest/libmariadb/certs/ca-cert.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKJqUreNtr3EMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTIxMjAxMTExMjA3WhcNMjIxMDEwMTExMjA3WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4jb3yqpNn
sZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64vgmS4Ftdv
+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE218R5UOjg
0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlHLV99looT
T4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw40+X8BUaL
2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABo1AwTjAdBgNVHQ4EFgQUUk+4Eg7w
xG/VQ7r2GdDVnKBMB28wHwYDVR0jBBgwFoAUUk+4Eg7wxG/VQ7r2GdDVnKBMB28w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAvxPUK88FFPpjcnM6k9v/
XdEb4xgivcdTxQD5QH9A9lQZWnaMd+7dWGoeLgwP3/N/b7gV6BgAJt73aWa7AkMV
SKi10qk7IOs2DXlNuFzs1uy7ziBWrftUp5cTIDjZ8B5jZ23vUjkQfMivi9dnhVwp
UUjhh0gjoxYtvP8VJzz7FEMtHNEiwQsQ7G/at4T2xTWR4TlYXdvzE+5x1JdMYoed
vO4sihtZ2REZrXasvwpA2TofTTvOWGiU28SqV0AFh3Kz64WnRuJBkTR3zK5iTQvy
Zc7Loz5yZC+5ebn1hG2yjjpjJUfcEdv2i85hQQBjZarC6ibfptrgeO/bAQEU8ppV
kA==
-----END CERTIFICATE-----

27
unittest/libmariadb/certs/ca-key.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4
jb3yqpNnsZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64v
gmS4Ftdv+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE2
18R5UOjg0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlH
LV99looTT4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw4
0+X8BUaL2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABAoIBACeVdhL08HSks06n
mNuGYefUOFpSq0RcVmKvUWv4/XgyGvniDI4k/EoUdUTW8aaMgcMI0tsGlzmoTWtU
ri7QRFphfQ2KgT6EIhjSqvL5iq/pSAzLciJKqOAX6MNwhBW0TVolM61CyK0Ji/ow
K19n+qjfFvo3Pkcz0UxEb8xqh1abfCgjaJnnjj0JlUO+xqNNRh3Gm6M2BrmrNhuR
l4fRr/moOrK+uMD1PCHJcx5zlWSX4FBjF52iD8divsD6vM10dBiyamNc3WrBHiWN
cp7ARtRcMS2k1XrUTAv69ltAll1BPzHQ7yC/HpJq4QBxoDRPPftsiRB9izC5MyDt
HdqArgECgYEA8ByToWHP+Ao+tw/xH26yRz1d/1pe7hq+qB13LEyvDZe4wd1smuv/
3VkNG/43yEYaLy3VxwKhxePrFL5WasLpB1dAmGIwio1hb2LldBlZp6HoW1u8MNYL
grC/3TLp1hQP2WT/yKuuqwKW+ebRpov2oTV7HmO7g+eKUDZOEjhPS90CgYEA1hOK
udBOEAGOYKa7086fSTFvJWMNy3lDEmJuvMVXcaYroaBjKWM2XZnCwKDymj+0mtzl
HY6SVgZEM+mfdm0U9kuRdQSaOCrmmLg0nBqta2fng939hSY1ED8TGMt6rDWA4lOD
SPiJwdeKkZEb7jSkLBojfNwpv/4+IfGZC18+2PECgYBIwjAOIAiX/erBKCiFwNJu
+e6I2UaY2ivZ34vkNZx5/vaycDlfvJG87iYlzGP04SFAGKCF/Isu3wC2OXMQSN26
JrthMafJ5EuZKBulkaT0QgCZ5nNhTQsR4CNTkQEAqPWgh5Vmpnd4RIGhWks/L3xd
n0oejFQfBUOJSNthdAS7VQKBgHRl974Epw1I61NeFS6bYDx55ocbjrqd2nw6jR+S
5XLj+UFOZdxxF3RZUG1QldiM3vR9Ow6RILwpeBgJ5SyNLyKkABjyQbBckzlinyhp
0PVfb6BhqaEmHyAQS5/ls3PDO6rT4cRhbvW47p0rm1YvxTw9kiIny4ObB8mJBcAL
L67hAoGAIg00eMX2tqaY772vho2Q8ba2OT8ZvhGxRd2+eIB8LbK7Nh119+4O37zr
sHEq7QD15i34PM/dI9fbxFXi9cFFsxdwE5b4stTx/ZPdz5og05FCTyBX88L1FzLc
ZPEDbdYcajXSJSeGtbwilNKDtqLx62ANPRvrACZSKYWdfYRwBgw=
-----END RSA PRIVATE KEY-----

0
unittest/libmariadb/ca.pem → unittest/libmariadb/certs/ca.pem
View File

19
unittest/libmariadb/certs/client-cert.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xMjEyMDExMTE5NTBaFw0yMjExMjkxMTE5NTBaMGAxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQxGTAXBgNVBAMMEGNsaWVudC5sb2NhbGhvc3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCfq0vKNGpEXPHiISQu0sLoIJ81eHzJyKUEHo+z
TKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKnPNoaZK8gja5XoCx/cTIda7D6
/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQrEtjovu/OEqJfgKyaN0N1AC0
mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o7tnsSqLSYyZ+UebJN1O6WAQY
B5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98OynmlVzazUkt0L37Ya8ojxMkUMBon
+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0cgCChGl3FAgMBAAEwDQYJKoZI
hvcNAQEFBQADggEBAC3l+GCH29tKQlY+zyo8CdX0n0LKwKNJKFuxOBWEYG6WHcId
lE99faUlFF2XvN32MN+tFU9VXoxNm0BCOiMu3O9HcqWp3Bfzu36tNbQlBrpcVGYQ
Zq2zAEbWvNoQjVkDAHIRrbGJ9dv3a+ev7O0sjA1BxdfrWhhl4uyfWb3XCSG+0qeb
1S/PmYq+HzGNkmgMlRBZX0Bu+wwTBEreSCaieZrNqJUsLzIxjR+8m7YM6I7U0Ihi
PEGmzMFz70OBeMVc/4h7jzcMMvHRhHNSMnUVsXxhxHl6EW29Uha66nf9zd3A9b1g
/q8S27ufXMLGIPP+6PCRqiF792Kq9OTn67Iq7Tw=
-----END CERTIFICATE-----

28
unittest/libmariadb/certs/client-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfq0vKNGpEXPHi
ISQu0sLoIJ81eHzJyKUEHo+zTKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKn
PNoaZK8gja5XoCx/cTIda7D6/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQ
rEtjovu/OEqJfgKyaN0N1AC0mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o
7tnsSqLSYyZ+UebJN1O6WAQYB5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98Oynml
VzazUkt0L37Ya8ojxMkUMBon+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0c
gCChGl3FAgMBAAECggEBAIGbfIQAlBo2ECpsmIBhmNDwWgv/Z9wrwLddT2xN07Ta
JOBtyhJaX4jAhydOwRfGvy3Q1RBuF3zlQxWZsbkm7XlRSKncXQJ+Eh4Lore5uv3F
x91k34o06Tjd4POczRPilbmd3heKyqmOtncqRG/2hr+ro+WDohDMSlPFOWVgd8ft
bP/CcNqQ4J/FqbItQPxXK6dJkFL8BR66SlslEX38bmUK+/9EGTiAttye4BXhZ6Pu
sr9g0A24fYOiHZ6CFawnFDzTZzMXyRpQnXZi0isakgvXq4i8FeSI+p5zQGle2LE1
f2u+QnMOiymAbrXLhLKWrJMS207IQmzFvc3YOumQhKkCgYEA1Jj0999ks42/NPk3
UWzUZRlOCpUbRb+Olo0DfWPR8KhjQYV8B3Sqc3Ao4NZzhGZecJDYWTlNMGiCIGIR
vrtFW8huL5fOE/XZqkrVShXvK/Zhs73EqWnYCRP2i4E3E6RvB5MniRHeRZ0l9FiH
qh+kp9z8OLZ6J7IrXQyWClSt1/sCgYEAwEQhCQwhUPb74zL0UUjk1LZPJAQJHvaD
3PWIYX6FKtjjUIOcCXGgQM6C9omXOdv+mMryKTkpCEt4TrDN1Q9vvMBYAjcHlhhi
QQ041+dFNGwsXa6e24Ei8v5qgzR5mzvAVL3381WfyF22Bsjw0dfVwlTZvI7oUMmu
5pthuYKt9T8CgYBVfz3lAV4KJ5MhxqfMgyvXjJmp/9T789FwEj25C4++bLmd/ASp
Ku3xhsWpxhSmxlRsiJO5LiYwtZa/VzEztzRpeO13DmG9/T0QExA7vx50W51nH4Yb
a4mJ/RFFgS2ZJKPSNAfOQ/VToaNF5OSKMjeRmnmEhT4TAMAXp5wfg3Z2SQKBgFna
fSXhSWCxTJ6tnYivbGIMoYfPawPRaWbGSOpnWozft7xVBYNUWvRujr3xJ3+e1KlL
j0i8sfRycNM1xbwg7rNjoL3IQf9ffeuw5jPgnXMWatWNWihzfYXaaKTQzVRC5Gu2
LD7IcVgOk5cwKXuoRvn+9ZMtply7JMYZL96mt+25AoGBAMnJmRAzIONjtsYAhjvu
SEur63oM2qXTsjMLbVK+jgGww8D7ESPZI2Hr3h9SoyQGebJZXmLbzk0qi3yVVamx
fHCyORgEh7qVSkUqnxVB0nTacbqdKpGUpNDEPyw4+Yad1wTUxMWcii0V3s5K84v/
zVLsxtDOT8M6Z57mZXUzKaTT
-----END PRIVATE KEY-----

17
unittest/libmariadb/certs/client-req.pem Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQY2xp
ZW50LmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+r
S8o0akRc8eIhJC7SwuggnzV4fMnIpQQej7NMo6qj6Yecftm+vHsAGvxwQt0IoMnO
ECfmFzWQQqc82hpkryCNrlegLH9xMh1rsPr84phR34rf1H5BXceAFLgL8AbZ2M9x
XVqjLtzs9BCsS2Oi+784Sol+ArJo3Q3UALSaA/yHJ1fo/j1ZWz9NOC6+p3tLX2WF
LUXOUpx8zmju2exKotJjJn5R5sk3U7pYBBgHkw/HcotS7tl79q4bBzg29VOtGY3T
RjbP3w7KeaVXNrNSS3QvfthryiPEyRQwGif6AwqjpVpcY+Wu14P5+zfs7rgeGlvf
XOygS0rf7RyAIKEaXcUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBOs8sFu+Lh
8wuC1QJ6Wqx4tSjVOsFlu6WQpaZ0fiYb9RpK1V//2sUGTX7SRiKOJE7/zh+Ehu5m
DsIEo5Ptu/JasYbBp3BeRSVVlyLGITvOGpUapUnOebvp+it/v9kjGW33vG2t3+j4
LihduPz6xz1GacCVNU3iQQGCE/I0tv3nSu/E0zTR4EvBneKFeV5ox63Cor9g7kQM
80Pv39YDv/Tc/JWmkZsILxWbzLyIuzyHiPTJMsz5P0GAIxPBl0PiTCaJuXkgIhIh
HIblZuW4I1gqGgAkZBS/iAxwV9VjZkldcc76qOkSfQIqQoTUn5UvDCvTmfAHHQuH
eu7XCpo8W7lx
-----END CERTIFICATE REQUEST-----

19
unittest/libmariadb/certs/server-cert.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xMjEyMDExMTE0NDBaFw0yMjExMjkxMTE0NDBaMGAxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQxGTAXBgNVBAMMEHNlcnZlci5sb2NhbGhvc3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDJF13NPPgprDQC4BSo+f4cSzS4j46n+TEAaCu0
m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dPT0p3Hc8qcvsMtcujKyGIsOYc
bUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbcolq9cjQnQtlXGSPkDzVJCJng
h4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2LgqMG4pewJuXqtu98ue1Je28MnV
S/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6xVrHmKJSyGURUwORSlKvX/lIn
58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuzbiKErGa5AgMBAAEwDQYJKoZI
hvcNAQEFBQADggEBAFCKctZQ2cmR+AmESpzJl6EZspCKtd2gUsla531OrKnUWfYU
FcuZ+DEffnp4jQXtnVqO4mkBjVW5Etr5XF8r3Lm2cVTHkt/IfVjT5LcEdUdFzm4Q
UQHkAikc6pkz60guVXyi4SDkhjKyO/2K0HgwG1ndj+uAuatskAdybmS/OqvelRSL
lw72tND+Fy3RNwdf/cmmbDMGxfZO2LB/LRL1Yknn6CtHuCAWWwdUx7VkpRcjIpsI
X/CcvRgab8rCv/EZtBuhI2bunQ7MkAv4B93Y0o9t7H0mFTywrqj33e6iG/fS+dkK
2l0qvPpJ1YPqjuw0IGVujykdsGBXvXqbtxnGWMY=
-----END CERTIFICATE-----

28
unittest/libmariadb/certs/server-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJF13NPPgprDQC
4BSo+f4cSzS4j46n+TEAaCu0m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dP
T0p3Hc8qcvsMtcujKyGIsOYcbUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbc
olq9cjQnQtlXGSPkDzVJCJngh4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2Lgq
MG4pewJuXqtu98ue1Je28MnVS/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6x
VrHmKJSyGURUwORSlKvX/lIn58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuz
biKErGa5AgMBAAECggEBAIHC1ELGHxU1C/L3Ch3oA7PaS9D0wgdeY+JxVhKbq37g
5PCskbCABoG+rPNhfuBhZCbldnTpUKSRc7GX5uNqlu47eAjBnwBRqrf7/uFFHa5Q
dQCBH136OBuAgcEo+PXCJGVSugS8wxih8aUaFxe8hC75kioEDQbzUV0pcbJTg1xn
sLIEfIeNwHMemLtpN4n+GpJ8j19GLqaUDcjPM5ZRUs4yDvv1FZeGXjHijyZLP11h
rJLVrvmhqUoEG/ZdkqYKPrOG5qpOnkn/i9WPoUrahtWb6kKsZUjPoBCKqCqq/0kT
0WRI7Qgz13wPpbsVL8gQU9PgUM9MyNKH7yqGZnTmHiECgYEA61CvZD26tciutQfq
s0N8k20vQpX0uelDxsYBI9Acxt7LNWEIeiZLhrGKMSWsg0v541RKjiewzDcVOfQb
qA7wPC/IWfc1F/1gK3yg025IRgXhcuoWVd9jm7ob/czzxQIA8ew2fsDgqlYwkqPb
661TdEnctjYt29nqAQkayDdW8DUCgYEA2sSJzhAsscIE94TMw4O0C4PaOiYMfVb0
oi7S4E7OLZ3bXm8OSlYRPxL66VxyNW+2g4BwXqMrsxd5x7QHGXEaqDPP8YEEOxrK
pkMiCfDvGpN0dlIobpPNVVGTfDcY/go3y30ZsdcX4G6S9lqsGEDo/hdVPrpeOULp
rG1Yimgu9PUCgYEAwUXwCOE6rXw7Iq1x8/MGKwCOxJ3t95TD+ks/PG7+c8kiFqGw
GMPDXMoNuvg6jUyl3jWpVsD60YCcipEY9hvu7UBBysLkdOPDTXR7k60M55aE6aGi
3r0wTwO5YegogDN5GzrsN4er/7vzAT5cr2IZHXZdNbuiRuTg8iDMQo5RddECgYEA
n+hJUnZANS68srA/fCoo0MHwIdDuEDAfYO0Y9xyjWHSqhLxola2TracSAMGyOZ0O
q9CWUpayupXOTkspZU9nTMuSk9TaYtmShzVLDDkwjRx7ZIFpTGp9DIA0bfdYLVkK
r5Mh1PyEV2h7w9dDM/c+V3x2swNHHFPsujyzG3hL2oECgYBgi1w63a/cfkQACVRt
tjy1ZtP50sRaSlXXC5Txh9u6AoO0k13V1+POo3LikYHfZRRrLTtMUrPVPAdD5H3v
rQ11p7gVgzw7ikMEi4hNw2ueX6UXzVSxAyeLGdG71QToqXPwK1tH/AOnD5g6hYAS
kXsNUaCkLeNkkbcWxXPY2HE6MA==
-----END PRIVATE KEY-----

17
unittest/libmariadb/certs/server-req.pem Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQc2Vy
dmVyLmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkX
Xc08+CmsNALgFKj5/hxLNLiPjqf5MQBoK7Sb4HDQdIavowBcifsRSvdVjHzMojvj
8cbUdgFLx09PSncdzypy+wy1y6MrIYiw5hxtS2kKRkxiEKEgwwD8AA77CXKidpJR
hhSZOUMKxtyiWr1yNCdC2VcZI+QPNUkImeCHiN4pln0uJW9YRuUS7hisASeq4St1
qU+Y14nYuCowbil7Am5eq273y57Ul7bwydVL82tE8+16axlwVwmVAugbD+C1lFZD
SAz6EdqpzrFWseYolLIZRFTA5FKUq9f+Uifnxm0PJLtsjVbUO0xnb9QXE1N2YKgL
pIX9+P8Ma7NuIoSsZrkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB+Ctji5m7b
v/IYBSvvMIhWRDcQIQ/+3pzwtPRH8wb2iB6kYLFirC8vPYn320Dvva4MRp1DPzvP
egQduKFO0ic36DvDvKooSKVvCSoS/LGhH/jFFTbFmp7aJF0raqBU8HIg38eJ0KPv
smVND9uQ+Cibdzn6f3EX/a0c3FRtEtu5cYkJ1B7dksKr1guaobUOxQ4ti4mm4vkG
ll6VHdSMlHTsFLE3cqL7C+0g8f1cJYKyyXtx/43mzdYyOzHptndjmXfitATxw9Zy
hCXJtvgwbQdGA8ZiCeB6BxNfbD4Bhm2G0k59Vv942IunQUShWwDXTlSXz7DFRs/h
lDL64qSmNvdm
-----END CERTIFICATE REQUEST-----

29
unittest/libmariadb/ssl.c
View File

@@ -74,7 +74,7 @@ static int test_ssl_cipher(MYSQL *unused)
my= mysql_init(NULL); my= mysql_init(NULL);
FAIL_IF(!my, "mysql_init() failed"); FAIL_IF(!my, "mysql_init() failed");
mysql_ssl_set(my,0, 0, "./ca.pem", 0, 0); mysql_ssl_set(my,0, 0, "./certs/ca.pem", 0, 0);
FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema, FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema,
port, socketname, 0), mysql_error(my)); port, socketname, 0), mysql_error(my));
@@ -115,7 +115,7 @@ static int test_multi_ssl_connections(MYSQL *unused)
mysql[i]= mysql_init(NULL); mysql[i]= mysql_init(NULL);
FAIL_IF(!mysql[i],"mysql_init() failed"); FAIL_IF(!mysql[i],"mysql_init() failed");
mysql_ssl_set(mysql[i], 0, 0, "./ca.pem", 0, 0); mysql_ssl_set(mysql[i], 0, 0, "./certs/ca.pem", 0, 0);
FAIL_IF(!mysql_real_connect(mysql[i], hostname, username, password, schema, FAIL_IF(!mysql_real_connect(mysql[i], hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql[i])); port, socketname, 0), mysql_error(mysql[i]));
@@ -154,7 +154,7 @@ static void ssl_thread(void)
mysql_thread_end(); mysql_thread_end();
pthread_exit(-1); pthread_exit(-1);
} }
mysql_ssl_set(mysql, 0, 0, "./ca.pem", 0, 0); mysql_ssl_set(mysql, 0, 0, "./certs/ca.pem", 0, 0);
if(!mysql_real_connect(mysql, hostname, username, password, schema, if(!mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0)) port, socketname, 0))
@@ -213,8 +213,31 @@ static int test_ssl_threads(MYSQL *mysql)
} }
#endif #endif
static int test_phpbug51647(MYSQL *my)
{
int rc;
MYSQL* mysql;
if (check_skip_ssl())
return SKIP;
mysql= mysql_init(NULL);
FAIL_IF(!mysql, "Can't allocate memory");
mysql_ssl_set(mysql, "certs/client-key.pem", "certs/client-cert.pem", "certs/ca-cert.pem", 0, 0);
FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema,
port, socketname, 0), mysql_error(mysql));
diag("%s", mysql_get_ssl_cipher(mysql));
mysql_close(mysql);
return OK;
}
struct my_tests_st my_tests[] = { struct my_tests_st my_tests[] = {
{"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL},
{"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_ssl_cipher", test_ssl_cipher, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_ssl_cipher", test_ssl_cipher, TEST_CONNECTION_NONE, 0, NULL, NULL},
{"test_multi_ssl_connections", test_multi_ssl_connections, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_multi_ssl_connections", test_multi_ssl_connections, TEST_CONNECTION_NONE, 0, NULL, NULL},
#ifndef WIN32 #ifndef WIN32