From b382649f50dbdf1b875c3c2773e986b17efd3b67 Mon Sep 17 00:00:00 2001 From: "holzboote@googlemail.com" <> Date: Thu, 19 Sep 2013 15:14:11 +0200 Subject: [PATCH] More SSL fixes: - verification functions for key and cert now use SSL_context - Added support for server cert verification (hostname must match) - minor bug fixes --- CMakeLists.txt | 2 +- libmariadb/libmariadb.c | 10 +- libmariadb/ma_secure.c | 103 +++++++------ libmariadb/my_auth.c | 20 ++- libmariadb/my_thr_init.c | 3 + unittest/libmariadb/certs/ca-cert.pem | 21 --- unittest/libmariadb/certs/ca-key.pem | 27 ---- unittest/libmariadb/certs/ca.pem | 60 ++++---- unittest/libmariadb/certs/client-cert.pem | 30 ++-- unittest/libmariadb/certs/client-key-enc.pem | 17 +++ unittest/libmariadb/certs/client-key.pem | 43 ++---- unittest/libmariadb/certs/client-req.pem | 17 --- unittest/libmariadb/certs/create_certs.sh | 15 ++ unittest/libmariadb/certs/server-cert.pem | 30 ++-- unittest/libmariadb/certs/server-key-enc.pem | 17 +++ unittest/libmariadb/certs/server-key.pem | 43 ++---- unittest/libmariadb/certs/server-req.pem | 17 --- unittest/libmariadb/ssl.c | 145 ++++++++++++++++--- 18 files changed, 341 insertions(+), 279 deletions(-) delete mode 100644 unittest/libmariadb/certs/ca-cert.pem delete mode 100644 unittest/libmariadb/certs/ca-key.pem create mode 100644 unittest/libmariadb/certs/client-key-enc.pem delete mode 100644 unittest/libmariadb/certs/client-req.pem create mode 100755 unittest/libmariadb/certs/create_certs.sh create mode 100644 unittest/libmariadb/certs/server-key-enc.pem delete mode 100644 unittest/libmariadb/certs/server-req.pem diff --git a/CMakeLists.txt b/CMakeLists.txt index db53765b..1bcae874 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -129,7 +129,7 @@ INCLUDE(${CMAKE_SOURCE_DIR}/cmake/CheckFunctions.cmake) INCLUDE(${CMAKE_SOURCE_DIR}/cmake/CheckTypes.cmake) # Check for OpenSSL -IF(WITH_SSL) +IF(WITH_OPENSSL) FIND_PACKAGE(OpenSSL) IF(OPENSSL_FOUND) ADD_DEFINITIONS(-DHAVE_OPENSSL) diff --git a/libmariadb/libmariadb.c b/libmariadb/libmariadb.c index 108456e4..49d86334 100644 --- a/libmariadb/libmariadb.c +++ b/libmariadb/libmariadb.c @@ -1321,17 +1321,12 @@ mysql_init(MYSQL *mysql) #ifdef ENABLED_LOCAL_INFILE mysql->options.client_flag|= CLIENT_LOCAL_FILES; #endif + mysql->reconnect= 0; return mysql; } -//#ifdef HAVE_OPENSSL -/************************************************************************** -** Fill in SSL part of MYSQL structure and set 'use_ssl' flag. -** NB! Errors are not reported until you do mysql_real_connect. -**************************************************************************/ - int STDCALL mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) @@ -1341,8 +1336,7 @@ mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, mysql->options.ssl_ca = ca==0 ? 0 : my_strdup(ca,MYF(0)); mysql->options.ssl_capath = capath==0 ? 0 : my_strdup(capath,MYF(0)); mysql->options.ssl_cipher = cipher==0 ? 0 : my_strdup(cipher,MYF(0)); - mysql->options.use_ssl = 1; - //mysql->connector_fd = new_VioSSLConnectorFd(key, cert, ca, capath); +/* todo: add crl stuff */ return 0; } diff --git a/libmariadb/ma_secure.c b/libmariadb/ma_secure.c index ce0f9616..42a90190 100644 --- a/libmariadb/ma_secure.c +++ b/libmariadb/ma_secure.c @@ -30,10 +30,8 @@ static SSL_CTX *SSL_context= NULL; #define MAX_SSL_ERR_LEN 100 -#ifdef THREAD extern pthread_mutex_t LOCK_ssl_config; static pthread_mutex_t *LOCK_crypto; -#endif /* SSL error handling @@ -46,9 +44,12 @@ static void my_SSL_error(MYSQL *mysql) DBUG_ENTER("my_SSL_error"); + if (mysql_errno(mysql)) + DBUG_VOID_RETURN; + if (!ssl_errno) { - my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "No SSL error"); + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "Unknown SSL error"); DBUG_VOID_RETURN; } if ((ssl_error_reason= ERR_reason_error_string(ssl_errno))) @@ -63,7 +64,6 @@ static void my_SSL_error(MYSQL *mysql) DBUG_VOID_RETURN; } -#ifdef THREAD /* thread safe callbacks for OpenSSL Crypto call back functions will be @@ -83,7 +83,6 @@ my_cb_locking(int mode, int n, const char *file, int line) else pthread_mutex_unlock(&LOCK_crypto[n]); } -#endif /* Initializes SSL and allocate global @@ -101,14 +100,11 @@ int my_ssl_start(MYSQL *mysql) { int rc= 0; DBUG_ENTER("my_ssl_start"); -#ifdef THREAD /* lock mutex to prevent multiple initialization */ pthread_mutex_lock(&LOCK_ssl_config); -#endif if (!my_ssl_initialized) { -#ifdef THREAD if (!(LOCK_crypto= (pthread_mutex_t *)my_malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks(), MYF(0)))) @@ -124,7 +120,6 @@ int my_ssl_start(MYSQL *mysql) CRYPTO_set_id_callback(my_cb_threadid); CRYPTO_set_locking_callback(my_cb_locking); } -#endif #if SSLEAY_VERSION_NUMBER >= 0x00907000L OPENSSL_config(NULL); #endif @@ -145,9 +140,7 @@ int my_ssl_start(MYSQL *mysql) my_ssl_initialized= TRUE; } end: -#ifdef THREAD pthread_mutex_unlock(&LOCK_ssl_config); -#endif DBUG_RETURN(rc); } @@ -166,12 +159,9 @@ end: void my_ssl_end() { DBUG_ENTER("my_ssl_end"); -#ifdef THREAD pthread_mutex_lock(&LOCK_ssl_config); -#endif if (my_ssl_initialized) { -#ifdef THREAD int i; CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); @@ -180,27 +170,26 @@ void my_ssl_end() pthread_mutex_destroy(&LOCK_crypto[i]); my_free((gptr)LOCK_crypto, MYF(0)); -#endif if (SSL_context) { SSL_CTX_free(SSL_context); SSL_context= FALSE; } - ERR_free_strings(); + ERR_remove_state(0); EVP_cleanup(); - CONF_modules_unload(1); CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + ENGINE_cleanup(); + CONF_modules_free(); + CONF_modules_unload(1); + sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); my_ssl_initialized= FALSE; } -#ifdef THREAD pthread_mutex_unlock(&LOCK_ssl_config); -#endif + pthread_mutex_destroy(&LOCK_ssl_config); DBUG_VOID_RETURN; } -#ifdef THREAD -#endif - /* Set certification stuff. */ @@ -228,21 +217,19 @@ static int my_ssl_set_certs(SSL *ssl) /* set cert */ if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0) { - if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) != 1) - goto error; - if (SSL_use_certificate_file(ssl, mysql->options.ssl_cert, SSL_FILETYPE_PEM) != 1) - goto error; + if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) <= 0) + goto error; have_cert= 1; } /* set key */ if (mysql->options.ssl_key && mysql->options.ssl_key[0]) { - if (SSL_use_PrivateKey_file(ssl, mysql->options.ssl_key, SSL_FILETYPE_PEM) != 1) + if (SSL_CTX_use_PrivateKey_file(SSL_context, mysql->options.ssl_key, SSL_FILETYPE_PEM) <= 0) goto error; /* verify key */ - if (have_cert && SSL_check_private_key(ssl) != 1) + if (have_cert && SSL_CTX_check_private_key(SSL_context) != 1) goto error; } /* ca_file and ca_path */ @@ -250,30 +237,37 @@ static int my_ssl_set_certs(SSL *ssl) mysql->options.ssl_ca, mysql->options.ssl_capath) == 0) { + if (mysql->options.ssl_ca || mysql->options.ssl_capath) + goto error; if (SSL_CTX_set_default_verify_paths(SSL_context) == 0) goto error; } - - if (mysql->options.ssl_ca || mysql->options.ssl_capath) +#ifdef CRL_IMPLEMENTED + if (mysql->options.ssl_crl || mysql->options.ssl_crlpath) { X509_STORE *certstore; if ((certstore= SSL_CTX_get_cert_store(SSL_context))) { if (X509_STORE_load_locations(certstore, mysql->options.ssl_ca, - mysql->options.ssl_capath) == 1) + mysql->options.ssl_capath) == 0) { -#ifdef X509_V_FLAG_CRL_CHECK - X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -#else - my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "OpenSSL library doesn't support CRL certificates"); + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + ER(CR_SSL_CONNECTION_ERROR), + "Loading certificate failed"); + DBUG_RETURN(1); + } + if (X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK | + X509_V_FLAG_CRL_CHECK_ALL) == 0) + { + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + ER(CR_SSL_CONNECTION_ERROR), + "X509_STORE_set_flags failed"); DBUG_RETURN(1); -#endif } - else - goto error; } } +#endif DBUG_RETURN(0); @@ -285,20 +279,41 @@ error: static int my_verify_callback(int ok, X509_STORE_CTX *ctx) { X509 *check_cert; + SSL *ssl; + MYSQL *mysql; DBUG_ENTER("my_verify_callback"); + ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + DBUG_ASSERT(ssl != NULL); + mysql= (MYSQL *)SSL_get_app_data(ssl); + DBUG_ASSERT(mysql != NULL); + + /* skip verification if no ca_file/path was specified */ + if (!mysql->options.ssl_ca && !mysql->options.ssl_capath) + { + ok= 1; + DBUG_RETURN(1); + } + if (!ok) { uint depth; if (!(check_cert= X509_STORE_CTX_get_current_cert(ctx))) DBUG_RETURN(0); depth= X509_STORE_CTX_get_error_depth(ctx); - DBUG_PRINT("info", ("error_depth=%d", depth)); if (depth == 0) + { + ok= 1; DBUG_RETURN(1); + } } - DBUG_PRINT("info", ("ctx->error= %d", ctx->error)); - DBUG_RETURN(1); + else + DBUG_RETURN(1); + + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + ER(CR_SSL_CONNECTION_ERROR), + X509_verify_cert_error_string(ctx->error)); + DBUG_RETURN(0); } /* @@ -317,7 +332,7 @@ SSL *my_ssl_init(MYSQL *mysql) int verify; SSL *ssl= NULL; - DBUG_ENTER("my_get_ssl"); + DBUG_ENTER("my_ssl_init"); DBUG_ASSERT(mysql->net.vio->ssl == NULL); @@ -335,6 +350,7 @@ SSL *my_ssl_init(MYSQL *mysql) verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ? SSL_VERIFY_NONE : SSL_VERIFY_PEER; SSL_set_verify(ssl, verify, my_verify_callback); + SSL_set_verify_depth(ssl, 1); DBUG_RETURN(ssl); error: @@ -365,6 +381,7 @@ int my_ssl_connect(SSL *ssl) DBUG_ASSERT(ssl != NULL); mysql= (MYSQL *)SSL_get_app_data(ssl); + CLEAR_CLIENT_ERROR(mysql); /* Set socket to blocking if not already set */ if (!(blocking= vio_is_blocking(mysql->net.vio))) @@ -395,6 +412,7 @@ int my_ssl_connect(SSL *ssl) SYNOPSIS my_ssl_verify_server_cert() MYSQL mysql + mybool verify_server_cert; RETURN VALUES 1 Error @@ -504,6 +522,7 @@ int my_ssl_close(Vio *vio) int i, rc; DBUG_ENTER("my_ssl_close"); + /* 2 x pending + 2 * data = 4 */ for (i=0; i < 4; i++) if ((rc= SSL_shutdown(vio->ssl))) diff --git a/libmariadb/my_auth.c b/libmariadb/my_auth.c index 494969fe..f75577cf 100644 --- a/libmariadb/my_auth.c +++ b/libmariadb/my_auth.c @@ -326,7 +326,20 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio, end= buff+5; } #ifdef HAVE_OPENSSL - if (mysql->client_flag & CLIENT_SSL) + if (mysql->options.ssl_key || + mysql->options.ssl_cert || + mysql->options.ssl_ca || + mysql->options.ssl_capath || + mysql->options.ssl_cipher +#ifdef CRL_IMPLEMENTED + || (mysql->options.extension && + (mysql->options.extension->ssl_crl || + mysql->options.extension->ssl_crlpath)) +#endif + ) + mysql->options.use_ssl= 1; + if (mysql->options.use_ssl && + (mysql->client_flag & CLIENT_SSL)) { SSL *ssl; /* @@ -353,8 +366,9 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio, goto error; } - if (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT && - my_ssl_verify_server_cert(ssl)) + if ((mysql->options.ssl_ca || mysql->options.ssl_capath) && + (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) && + my_ssl_verify_server_cert(ssl)) goto error; } #endif /* HAVE_OPENSSL */ diff --git a/libmariadb/my_thr_init.c b/libmariadb/my_thr_init.c index 84c48090..d3b02ec9 100644 --- a/libmariadb/my_thr_init.c +++ b/libmariadb/my_thr_init.c @@ -147,6 +147,9 @@ void my_thread_end(void) if (tmp && tmp->initialized) { +#ifdef HAVE_OPENSSL + ERR_remove_thread_state(NULL); +#endif #if !defined(DBUG_OFF) if (tmp->dbug) { diff --git a/unittest/libmariadb/certs/ca-cert.pem b/unittest/libmariadb/certs/ca-cert.pem deleted file mode 100644 index b8155583..00000000 --- a/unittest/libmariadb/certs/ca-cert.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDXTCCAkWgAwIBAgIJAKJqUreNtr3EMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTIxMjAxMTExMjA3WhcNMjIxMDEwMTExMjA3WjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4jb3yqpNn -sZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64vgmS4Ftdv -+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE218R5UOjg -0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlHLV99looT -T4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw40+X8BUaL -2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABo1AwTjAdBgNVHQ4EFgQUUk+4Eg7w -xG/VQ7r2GdDVnKBMB28wHwYDVR0jBBgwFoAUUk+4Eg7wxG/VQ7r2GdDVnKBMB28w -DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAvxPUK88FFPpjcnM6k9v/ -XdEb4xgivcdTxQD5QH9A9lQZWnaMd+7dWGoeLgwP3/N/b7gV6BgAJt73aWa7AkMV -SKi10qk7IOs2DXlNuFzs1uy7ziBWrftUp5cTIDjZ8B5jZ23vUjkQfMivi9dnhVwp -UUjhh0gjoxYtvP8VJzz7FEMtHNEiwQsQ7G/at4T2xTWR4TlYXdvzE+5x1JdMYoed -vO4sihtZ2REZrXasvwpA2TofTTvOWGiU28SqV0AFh3Kz64WnRuJBkTR3zK5iTQvy -Zc7Loz5yZC+5ebn1hG2yjjpjJUfcEdv2i85hQQBjZarC6ibfptrgeO/bAQEU8ppV -kA== ------END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/ca-key.pem b/unittest/libmariadb/certs/ca-key.pem deleted file mode 100644 index af32267c..00000000 --- a/unittest/libmariadb/certs/ca-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4 -jb3yqpNnsZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64v -gmS4Ftdv+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE2 -18R5UOjg0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlH -LV99looTT4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw4 -0+X8BUaL2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABAoIBACeVdhL08HSks06n -mNuGYefUOFpSq0RcVmKvUWv4/XgyGvniDI4k/EoUdUTW8aaMgcMI0tsGlzmoTWtU -ri7QRFphfQ2KgT6EIhjSqvL5iq/pSAzLciJKqOAX6MNwhBW0TVolM61CyK0Ji/ow -K19n+qjfFvo3Pkcz0UxEb8xqh1abfCgjaJnnjj0JlUO+xqNNRh3Gm6M2BrmrNhuR -l4fRr/moOrK+uMD1PCHJcx5zlWSX4FBjF52iD8divsD6vM10dBiyamNc3WrBHiWN -cp7ARtRcMS2k1XrUTAv69ltAll1BPzHQ7yC/HpJq4QBxoDRPPftsiRB9izC5MyDt -HdqArgECgYEA8ByToWHP+Ao+tw/xH26yRz1d/1pe7hq+qB13LEyvDZe4wd1smuv/ -3VkNG/43yEYaLy3VxwKhxePrFL5WasLpB1dAmGIwio1hb2LldBlZp6HoW1u8MNYL -grC/3TLp1hQP2WT/yKuuqwKW+ebRpov2oTV7HmO7g+eKUDZOEjhPS90CgYEA1hOK -udBOEAGOYKa7086fSTFvJWMNy3lDEmJuvMVXcaYroaBjKWM2XZnCwKDymj+0mtzl -HY6SVgZEM+mfdm0U9kuRdQSaOCrmmLg0nBqta2fng939hSY1ED8TGMt6rDWA4lOD -SPiJwdeKkZEb7jSkLBojfNwpv/4+IfGZC18+2PECgYBIwjAOIAiX/erBKCiFwNJu -+e6I2UaY2ivZ34vkNZx5/vaycDlfvJG87iYlzGP04SFAGKCF/Isu3wC2OXMQSN26 -JrthMafJ5EuZKBulkaT0QgCZ5nNhTQsR4CNTkQEAqPWgh5Vmpnd4RIGhWks/L3xd -n0oejFQfBUOJSNthdAS7VQKBgHRl974Epw1I61NeFS6bYDx55ocbjrqd2nw6jR+S -5XLj+UFOZdxxF3RZUG1QldiM3vR9Ow6RILwpeBgJ5SyNLyKkABjyQbBckzlinyhp -0PVfb6BhqaEmHyAQS5/ls3PDO6rT4cRhbvW47p0rm1YvxTw9kiIny4ObB8mJBcAL -L67hAoGAIg00eMX2tqaY772vho2Q8ba2OT8ZvhGxRd2+eIB8LbK7Nh119+4O37zr -sHEq7QD15i34PM/dI9fbxFXi9cFFsxdwE5b4stTx/ZPdz5og05FCTyBX88L1FzLc -ZPEDbdYcajXSJSeGtbwilNKDtqLx62ANPRvrACZSKYWdfYRwBgw= ------END RSA PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/ca.pem b/unittest/libmariadb/certs/ca.pem index 740f81cc..8fd79fc7 100644 --- a/unittest/libmariadb/certs/ca.pem +++ b/unittest/libmariadb/certs/ca.pem @@ -1,38 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIDGDCCAgACAQEwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UEBhMCREUxCzAJBgNV -BAgMAkJXMRMwEQYDVQQHDApIZWlkZWxiZXJnMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTIxMTIyMDcxMDM5WhcNMjIxMDAxMDcxMDM5WjBS -MQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcxEzARBgNVBAcMCkhlaWRlbGJlcmcx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAOKiAyhtJXHgjr0cLFx+gYqBZCzg+Bpevh3/+U0t -A5trng5kht8dbI6m0Qjz8Mi09sFxaHmmL6WA+wxL8LqwMjOXpn3aAjNW3+QFu5Ei -Iy+8KrwdJdZVzRHCCLt4HWpeMQBzn2y/MUgZzc8+RhcQSu2KVDBiKLVpa6Z9k3gl -wsezI8ClJ6vWsJGnJX699H9BhMyS85ipVmeL69h5tWsdHQtmbK+XdHPQldi9r/88 -f2VfIOo7EFSm9ohJG70P8lhEIqByhQ8Hw0akGWLLsLg4cufPVrOdPZocJ/qJjQVG -OkfSPkIgwKnpzGbXjFG5IMh5rXJCIRbO3ofTxGpSTzNQ0hcCAwEAATANBgkqhkiG -9w0BAQUFAAOCAQEAb7bIszKyzpCvom4FjnNYT3buQCf0qnUGoPgVpXIpjc4Lsyr0 -nmIfgGNo/+5B1cj3iAtIuSojXOK96r8a84TueCaeX9ZDdG+ZZm9ng6mIiyQraZyR -Gl+VsTH40O0QTjMcPB344Yz0ZSHU1E35LzarApHtqZi9TpCBFc0td1EhxX7rdEOD -WzBRTKcMzV+Y0Fslqjy73JVYnaxJ/ZShW7TOowrdjE9DZ8VZ7dVSJOtdTLB5WNQE -mxFInjbUig5vvHzmf4bEsBDz7RXy0W8fMQd2HEcgGBDwdQYq18kZl9H5plORDCgg -S93U+OoInjEU2KEWyDyiBI7OwAZYIQytrxDBOw== +MIICTDCCAbWgAwIBAgIJAMc8o9u+bopUMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ +kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD +DAZzZXJ2ZXIwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK +CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE +AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSnS+kxI2wBY1M +eINRxfpyx5BQ8x4hX8o79PT+1PpEYEt/aNL1D2LronG4tbpB6pFTJ+mxnbPAOhns +nGEpYYh5Tz1VOcB1+IMko/Eqa4jComxb1Yxv3c1xbtFNyGaylOCQ1KHs60UNDL8K +eZs827ys293jPjR7Kz3fzTfPRCgc3wIDAQABo1AwTjAdBgNVHQ4EFgQUDYVv8BN8 +pzV3lwVpUzg1zSFLm9UwHwYDVR0jBBgwFoAUDYVv8BN8pzV3lwVpUzg1zSFLm9Uw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBkU+Vx9Qkx/l/covoosxUl +xigDiZf0WZhsBNudu3aB5OV08eXLdkPxnF/nmTotiK+FvmIAh1fM65mMLlxbfRpH +3kAlI470shYEaysC1aIgcdha7EHJXcmKeMcGdaJR3UKrg7h/3XX4WdFV/27q9tjx ++CIl79v79TqPaKLL08jWHg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDGDCCAgACAQEwDQYJKoZIhvcNAQEFBQAwUjELMAkGA1UEBhMCREUxCzAJBgNV -BAgMAkJXMRMwEQYDVQQHDApIZWlkZWxiZXJnMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTIxMTIyMDcxMTI0WhcNMjIxMDAxMDcxMTI0WjBS -MQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcxEzARBgNVBAcMCkhlaWRlbGJlcmcx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBANofs7wzZpUourQz03gALCHcTYXbuTJ16w/rbvql -WUa1R/qUgaxN9k7SEj260Vr7PMEREAIdKIu54jCy/yCRzYb/03HorQjJgGXjYvtX -nmwwUgLZSz3aLIX2p7jcw3ESiqN1/oZ3fB8+i6HT8igFcmbAOkPEN8TBM9Qenqj7 -NNx9iYAOp7r8xJXJXTEWBIy0kJ2eXZQacveLGPgFs6Qq0Hvn8FsXT9zQQH98BQhL -o35vjxas/A8ThZiKd8cCmUbTtGxIlncR7FmJuqKAJVTSg/ZePFoYqW0s9GAtPJfC -DVdaT94uGZIWtOCLPqQgiEyjdHWHdeF+WBdXex3xRI3Ii+UCAwEAATANBgkqhkiG -9w0BAQUFAAOCAQEAKSXEbcpfgqZiWIJBpQX86kNMWhjA4m8GKwXoxhgxTtEZPju/ -VO/ehjsTo8AnRQdW4/sD+KgVqn6F4jw5WVwK6L0TTlat5umn+zKW9c72Cmsf7kiZ -pc6bluyKv1uhS5pK1HLjQaL8vY4WExHkh8nGEuS4IIhAtHzBblE3G4/Kdq7V7IO7 -+YaSwO1nRiYaFbrZkF8u+GOIVJlcQ7C7m2332c0NFYBmYoeJ03rwb8kWe40UHaiP -R3Pl/bzrRbcHiSqLawFpfYOG1+Sq9GkBwysv6ADU4wKcu9dYNvjgbRHhHuSLB3am -Dnj09lCHMDxHUtk1PhLsxG65lMw4GaUEqjfUmg== +MIICTDCCAbWgAwIBAgIJAINPYND1suQ5MA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ +kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD +DAZjbGllbnQwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK +CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE +AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH0i3GrrSfiYf8 +qk4eZfcPpgLW1X7lSOWxB9yvP7xE4rGNeKAIA6ZMCfvsuf4ABBH6ktPVqKEMnOPP +ro40fyUz/Oa77M0j8hhRld7BGRcckcpkz/xfRBQ4bZuuBXlkFKDeGpyGGVdrUBFg +pGx6tCxgLjcss+Mg31QQp2dgfHsuXwIDAQABo1AwTjAdBgNVHQ4EFgQUDrNUQrfC +7FA4jhm5WBPqhpwIBc8wHwYDVR0jBBgwFoAUDrNUQrfC7FA4jhm5WBPqhpwIBc8w +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBD0fpXPv6Vv80uibJ1njm9 +znClMWKRMRu2jU1P3aSynzLHssqIA+hWCNZZHyXvHOvsizEhJU1aW/zTuUSeWg0Q +Ay4o3Tycw0gh5NbNNMyyLi5ZivsPq6mYBlnYtCdXmDLj7gqrK4qu2xo19ifaIlUY +sD9uawV17DPPers9aYOqVg== -----END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/client-cert.pem b/unittest/libmariadb/certs/client-cert.pem index 619611a3..fe210e21 100644 --- a/unittest/libmariadb/certs/client-cert.pem +++ b/unittest/libmariadb/certs/client-cert.pem @@ -1,19 +1,15 @@ -----BEGIN CERTIFICATE----- -MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV -BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDAeFw0xMjEyMDExMTE5NTBaFw0yMjExMjkxMTE5NTBaMGAxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz -IFB0eSBMdGQxGTAXBgNVBAMMEGNsaWVudC5sb2NhbGhvc3QwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCfq0vKNGpEXPHiISQu0sLoIJ81eHzJyKUEHo+z -TKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKnPNoaZK8gja5XoCx/cTIda7D6 -/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQrEtjovu/OEqJfgKyaN0N1AC0 -mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o7tnsSqLSYyZ+UebJN1O6WAQY -B5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98OynmlVzazUkt0L37Ya8ojxMkUMBon -+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0cgCChGl3FAgMBAAEwDQYJKoZI -hvcNAQEFBQADggEBAC3l+GCH29tKQlY+zyo8CdX0n0LKwKNJKFuxOBWEYG6WHcId -lE99faUlFF2XvN32MN+tFU9VXoxNm0BCOiMu3O9HcqWp3Bfzu36tNbQlBrpcVGYQ -Zq2zAEbWvNoQjVkDAHIRrbGJ9dv3a+ev7O0sjA1BxdfrWhhl4uyfWb3XCSG+0qeb -1S/PmYq+HzGNkmgMlRBZX0Bu+wwTBEreSCaieZrNqJUsLzIxjR+8m7YM6I7U0Ihi -PEGmzMFz70OBeMVc/4h7jzcMMvHRhHNSMnUVsXxhxHl6EW29Uha66nf9zd3A9b1g -/q8S27ufXMLGIPP+6PCRqiF792Kq9OTn67Iq7Tw= +MIICTDCCAbWgAwIBAgIJAINPYND1suQ5MA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ +kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD +DAZjbGllbnQwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK +CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE +AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH0i3GrrSfiYf8 +qk4eZfcPpgLW1X7lSOWxB9yvP7xE4rGNeKAIA6ZMCfvsuf4ABBH6ktPVqKEMnOPP +ro40fyUz/Oa77M0j8hhRld7BGRcckcpkz/xfRBQ4bZuuBXlkFKDeGpyGGVdrUBFg +pGx6tCxgLjcss+Mg31QQp2dgfHsuXwIDAQABo1AwTjAdBgNVHQ4EFgQUDrNUQrfC +7FA4jhm5WBPqhpwIBc8wHwYDVR0jBBgwFoAUDrNUQrfC7FA4jhm5WBPqhpwIBc8w +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBD0fpXPv6Vv80uibJ1njm9 +znClMWKRMRu2jU1P3aSynzLHssqIA+hWCNZZHyXvHOvsizEhJU1aW/zTuUSeWg0Q +Ay4o3Tycw0gh5NbNNMyyLi5ZivsPq6mYBlnYtCdXmDLj7gqrK4qu2xo19ifaIlUY +sD9uawV17DPPers9aYOqVg== -----END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/client-key-enc.pem b/unittest/libmariadb/certs/client-key-enc.pem new file mode 100644 index 00000000..3a5ea6d4 --- /dev/null +++ b/unittest/libmariadb/certs/client-key-enc.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQItEtCzxFB1MgCAggA +MBQGCCqGSIb3DQMHBAhQRWSgaevikASCAoD0NCt6KOmLcMeg/gMjodCa66nYftCQ +oQ7j62krniWZq2b5CjvSFuh71cq2M5qOEpgs9a6kOTdQ8aZNxaB4mNDgLqoxY9yV +MACfIRoBqHc7TbWwKCPbE+5PzCjCuG+1Hqr3HQYPpOYTZqXHuHNhBWzeUEr+eITf +fnxdoiVnKbwT5E3fVaHGJI7h5JrUkz3So6ynUbE3blmCroHAqsp9N5YAW+Kabq8p +sCVoDz/xat3cyhHWaj3LZsRzr1WmPgqXQtRde6UU8hECZ6JhkqzvMnYCnOmxtXWu +KcRAGg3SQOqYZi7uc8p3beNvfIHffywhGxzMDDGIDhRbw+eDBQmVAZIdHJpZ70Nf +c8Zgdqx7Q8KT8mpu3JlmQ1dl+7Wh8HNejMIHCS18lV1BU3K2gdYmfpzeiFdzFEvq +2evXcU3zP1OKmrcMTaL8oHtbTKk/ArWb3j19/5KxR5BZoiZuZ9+x1GuZx5oF+T+5 +/ExWFtO92EIZvTdhMgLJBnXE0ULUB0vYWN75tVvSc8nKeC+AbZWTYZdB5wtd8YLv +0rz26/kxW/icC5bfNPf8gFojs7bMDDIeqgPLlwLCWkUu6FBTfvlYQYSbHubqAqaH +p76pY2SzMr9ZH0o/mtdjCBxl+Jy6mel7hEa5ADueBoiskUOCWUyy8NndfADX3zaM +uqm45AVI3mu/wEfSpu9DUklhkm9AtXKBi9Ash+Bj8XGWOZixe/xwAU8gABS2VBmB +qXtPPiUqEi2t7wFDEOuqfymnV7khg26Xz45/8LZnHkXJXXZp7aJI4piX/gooLZaT +L5Hso5vidt9tcr3AuNv84ZLXIptZZzun9SIB3klm/tssYFgqxxo/hLaN +-----END ENCRYPTED PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/client-key.pem b/unittest/libmariadb/certs/client-key.pem index b1ba2ca0..a4919432 100644 --- a/unittest/libmariadb/certs/client-key.pem +++ b/unittest/libmariadb/certs/client-key.pem @@ -1,28 +1,15 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfq0vKNGpEXPHi -ISQu0sLoIJ81eHzJyKUEHo+zTKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKn -PNoaZK8gja5XoCx/cTIda7D6/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQ -rEtjovu/OEqJfgKyaN0N1AC0mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o -7tnsSqLSYyZ+UebJN1O6WAQYB5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98Oynml -VzazUkt0L37Ya8ojxMkUMBon+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0c -gCChGl3FAgMBAAECggEBAIGbfIQAlBo2ECpsmIBhmNDwWgv/Z9wrwLddT2xN07Ta -JOBtyhJaX4jAhydOwRfGvy3Q1RBuF3zlQxWZsbkm7XlRSKncXQJ+Eh4Lore5uv3F -x91k34o06Tjd4POczRPilbmd3heKyqmOtncqRG/2hr+ro+WDohDMSlPFOWVgd8ft -bP/CcNqQ4J/FqbItQPxXK6dJkFL8BR66SlslEX38bmUK+/9EGTiAttye4BXhZ6Pu -sr9g0A24fYOiHZ6CFawnFDzTZzMXyRpQnXZi0isakgvXq4i8FeSI+p5zQGle2LE1 -f2u+QnMOiymAbrXLhLKWrJMS207IQmzFvc3YOumQhKkCgYEA1Jj0999ks42/NPk3 -UWzUZRlOCpUbRb+Olo0DfWPR8KhjQYV8B3Sqc3Ao4NZzhGZecJDYWTlNMGiCIGIR -vrtFW8huL5fOE/XZqkrVShXvK/Zhs73EqWnYCRP2i4E3E6RvB5MniRHeRZ0l9FiH -qh+kp9z8OLZ6J7IrXQyWClSt1/sCgYEAwEQhCQwhUPb74zL0UUjk1LZPJAQJHvaD -3PWIYX6FKtjjUIOcCXGgQM6C9omXOdv+mMryKTkpCEt4TrDN1Q9vvMBYAjcHlhhi -QQ041+dFNGwsXa6e24Ei8v5qgzR5mzvAVL3381WfyF22Bsjw0dfVwlTZvI7oUMmu -5pthuYKt9T8CgYBVfz3lAV4KJ5MhxqfMgyvXjJmp/9T789FwEj25C4++bLmd/ASp -Ku3xhsWpxhSmxlRsiJO5LiYwtZa/VzEztzRpeO13DmG9/T0QExA7vx50W51nH4Yb -a4mJ/RFFgS2ZJKPSNAfOQ/VToaNF5OSKMjeRmnmEhT4TAMAXp5wfg3Z2SQKBgFna -fSXhSWCxTJ6tnYivbGIMoYfPawPRaWbGSOpnWozft7xVBYNUWvRujr3xJ3+e1KlL -j0i8sfRycNM1xbwg7rNjoL3IQf9ffeuw5jPgnXMWatWNWihzfYXaaKTQzVRC5Gu2 -LD7IcVgOk5cwKXuoRvn+9ZMtply7JMYZL96mt+25AoGBAMnJmRAzIONjtsYAhjvu -SEur63oM2qXTsjMLbVK+jgGww8D7ESPZI2Hr3h9SoyQGebJZXmLbzk0qi3yVVamx -fHCyORgEh7qVSkUqnxVB0nTacbqdKpGUpNDEPyw4+Yad1wTUxMWcii0V3s5K84v/ -zVLsxtDOT8M6Z57mZXUzKaTT ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDH0i3GrrSfiYf8qk4eZfcPpgLW1X7lSOWxB9yvP7xE4rGNeKAI +A6ZMCfvsuf4ABBH6ktPVqKEMnOPPro40fyUz/Oa77M0j8hhRld7BGRcckcpkz/xf +RBQ4bZuuBXlkFKDeGpyGGVdrUBFgpGx6tCxgLjcss+Mg31QQp2dgfHsuXwIDAQAB +AoGBALnq696NlM9PlnBXQOH1uz8bFk8vS6coAVaK2yFPqutpBQx9LGDojGT5cSXc +E+GN5/B9ho2oHVhv7WLBpdxgZIpox1C8JUSaCohjFaY3F9m7SzjpasvZ4g9+5Dap +eWmsWs6DlyV4QZy0+7B/nDmtaOzwJ+IgwbkSfB/mJ8nIItBBAkEA+IlW4h4n1Abv +X7TnYpwCEXS0YACVc+Ms6LNu9+u5Yy7p1MMH5brrbHXZlFHqK6eUqKp83K5fCQsO +n2BBO8h54QJBAM3SVQThp70XOMAv0KIJ/2vwhqhNAwVL2pEwP8SZYSGlobUToX68 +RcHCVsGGd9tv2SQAsXeHAK9Oq3paaIarMD8CQQCdN7u3RB4ruMtZvoUUUt3YDvw/ +Mn9YFKAG/+K1f+8A999BELKBN1HPhWlCsuKwBM08OMTNkJxbixwP44LAf5vhAkEA +vhgCIAUOOE2nQ5Gl3tLfDmFS7URbgtvBHZFzg++pTzs79BMSeAwJXWBRYmIAdzKB +WYguYFfW4RMGu3WezqpzXwJAf4VPFKjd4om9+44dX8egxFO9vqX2/OV2CdxyGZnB +5VZB3sL3ip2XdKCLnPN4qdDNlulq9TBuMu0SK5dZcwBiCA== +-----END RSA PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/client-req.pem b/unittest/libmariadb/certs/client-req.pem deleted file mode 100644 index 1d646e1c..00000000 --- a/unittest/libmariadb/certs/client-req.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQY2xp -ZW50LmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+r -S8o0akRc8eIhJC7SwuggnzV4fMnIpQQej7NMo6qj6Yecftm+vHsAGvxwQt0IoMnO -ECfmFzWQQqc82hpkryCNrlegLH9xMh1rsPr84phR34rf1H5BXceAFLgL8AbZ2M9x -XVqjLtzs9BCsS2Oi+784Sol+ArJo3Q3UALSaA/yHJ1fo/j1ZWz9NOC6+p3tLX2WF -LUXOUpx8zmju2exKotJjJn5R5sk3U7pYBBgHkw/HcotS7tl79q4bBzg29VOtGY3T -RjbP3w7KeaVXNrNSS3QvfthryiPEyRQwGif6AwqjpVpcY+Wu14P5+zfs7rgeGlvf -XOygS0rf7RyAIKEaXcUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBOs8sFu+Lh -8wuC1QJ6Wqx4tSjVOsFlu6WQpaZ0fiYb9RpK1V//2sUGTX7SRiKOJE7/zh+Ehu5m -DsIEo5Ptu/JasYbBp3BeRSVVlyLGITvOGpUapUnOebvp+it/v9kjGW33vG2t3+j4 -LihduPz6xz1GacCVNU3iQQGCE/I0tv3nSu/E0zTR4EvBneKFeV5ox63Cor9g7kQM -80Pv39YDv/Tc/JWmkZsILxWbzLyIuzyHiPTJMsz5P0GAIxPBl0PiTCaJuXkgIhIh -HIblZuW4I1gqGgAkZBS/iAxwV9VjZkldcc76qOkSfQIqQoTUn5UvDCvTmfAHHQuH -eu7XCpo8W7lx ------END CERTIFICATE REQUEST----- diff --git a/unittest/libmariadb/certs/create_certs.sh b/unittest/libmariadb/certs/create_certs.sh new file mode 100755 index 00000000..6262351b --- /dev/null +++ b/unittest/libmariadb/certs/create_certs.sh @@ -0,0 +1,15 @@ +openssl req -x509 -newkey rsa:1024 \ +-keyout server-key-enc.pem -out server-cert.pem \ +-subj '/DC=com/DC=example/CN=server' -passout pass:qwerty + +openssl rsa -in server-key-enc.pem -out server-key.pem \ +-passin pass:qwerty -passout pass: + +openssl req -x509 -newkey rsa:1024 \ +-keyout client-key-enc.pem -out client-cert.pem \ +-subj '/DC=com/DC=example/CN=client' -passout pass:qwerty + +openssl rsa -in client-key-enc.pem -out client-key.pem \ +-passin pass:qwerty -passout pass: + +cat server-cert.pem client-cert.pem > ca.pem diff --git a/unittest/libmariadb/certs/server-cert.pem b/unittest/libmariadb/certs/server-cert.pem index c732ab5e..133f23d3 100644 --- a/unittest/libmariadb/certs/server-cert.pem +++ b/unittest/libmariadb/certs/server-cert.pem @@ -1,19 +1,15 @@ -----BEGIN CERTIFICATE----- -MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV -BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDAeFw0xMjEyMDExMTE0NDBaFw0yMjExMjkxMTE0NDBaMGAxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz -IFB0eSBMdGQxGTAXBgNVBAMMEHNlcnZlci5sb2NhbGhvc3QwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDJF13NPPgprDQC4BSo+f4cSzS4j46n+TEAaCu0 -m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dPT0p3Hc8qcvsMtcujKyGIsOYc -bUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbcolq9cjQnQtlXGSPkDzVJCJng -h4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2LgqMG4pewJuXqtu98ue1Je28MnV -S/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6xVrHmKJSyGURUwORSlKvX/lIn -58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuzbiKErGa5AgMBAAEwDQYJKoZI -hvcNAQEFBQADggEBAFCKctZQ2cmR+AmESpzJl6EZspCKtd2gUsla531OrKnUWfYU -FcuZ+DEffnp4jQXtnVqO4mkBjVW5Etr5XF8r3Lm2cVTHkt/IfVjT5LcEdUdFzm4Q -UQHkAikc6pkz60guVXyi4SDkhjKyO/2K0HgwG1ndj+uAuatskAdybmS/OqvelRSL -lw72tND+Fy3RNwdf/cmmbDMGxfZO2LB/LRL1Yknn6CtHuCAWWwdUx7VkpRcjIpsI -X/CcvRgab8rCv/EZtBuhI2bunQ7MkAv4B93Y0o9t7H0mFTywrqj33e6iG/fS+dkK -2l0qvPpJ1YPqjuw0IGVujykdsGBXvXqbtxnGWMY= +MIICTDCCAbWgAwIBAgIJAMc8o9u+bopUMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ +kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD +DAZzZXJ2ZXIwHhcNMTMwOTE4MTQ1MjE3WhcNMTMxMDE4MTQ1MjE3WjA/MRMwEQYK +CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE +AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSnS+kxI2wBY1M +eINRxfpyx5BQ8x4hX8o79PT+1PpEYEt/aNL1D2LronG4tbpB6pFTJ+mxnbPAOhns +nGEpYYh5Tz1VOcB1+IMko/Eqa4jComxb1Yxv3c1xbtFNyGaylOCQ1KHs60UNDL8K +eZs827ys293jPjR7Kz3fzTfPRCgc3wIDAQABo1AwTjAdBgNVHQ4EFgQUDYVv8BN8 +pzV3lwVpUzg1zSFLm9UwHwYDVR0jBBgwFoAUDYVv8BN8pzV3lwVpUzg1zSFLm9Uw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBkU+Vx9Qkx/l/covoosxUl +xigDiZf0WZhsBNudu3aB5OV08eXLdkPxnF/nmTotiK+FvmIAh1fM65mMLlxbfRpH +3kAlI470shYEaysC1aIgcdha7EHJXcmKeMcGdaJR3UKrg7h/3XX4WdFV/27q9tjx ++CIl79v79TqPaKLL08jWHg== -----END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/server-key-enc.pem b/unittest/libmariadb/certs/server-key-enc.pem new file mode 100644 index 00000000..41487f6d --- /dev/null +++ b/unittest/libmariadb/certs/server-key-enc.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQILNmuYbHy6EsCAggA +MBQGCCqGSIb3DQMHBAh39D+PX3mtuASCAoBCFRKn73NQZlDOzIhe0oNZcB5NCAaw +bIySG3lwlFU5YUcttZ6aLnaHOPBDjCSf3TFSXmxBDKYDgWz8A54MOa3lHVcjVgAn +U1jpNRRfW82t4b7zyf0EdHi2IsOjjW4VUJLZjsyYqFBhTaT7Wz4nL6iHRnE2lndM +25LGpNkwlrkRyB5tvIQTeEThCWscJj4/DCNtCvTfDtgyCGjAL+Hl1Ggfx6tJRoLO +A8XxdrfP4SGxOBLe9tI65XSviujr+pXt4Gw7SwjnyuqCqZ7zdpmI/A9SmPwLScRk +HSO0h4aXXZOOHvVjR3UtHPltOaHvlotnWuxC2c7OlAK2swa/InHPpXpYdObqRg92 +uV6Kn26XpT7+IlY0PrO6TmvbjF5FgKh9R+yBY4S7Faa0Tte32V2nomi0Z6FITrA1 +cC5b32ligf/cHn/0i9E/spgW7yyhbAeNdBmq/3Eer8fc6EjKfd7DTF+ieNgC+OxW +hR6OnJcmmTqtw/GYOLpWrguQ5O/BkzIpZXhmpsluAq31XSQRrvWDHKJizj/PoVBg +SYjGPX7C/LGYcAwytRUDZSURZX03vE987KfdzrvqMfwoxmkdhDvWQ2/Nr6lWb488 +hpUwcSnGmrKM2bMCuOD5CTz4u77wHXVt6ychdqyrLI1wBQKX7yysutU0jqOwsSxQ +OWzEurh1WGEyDKzTrFSNElTwCA6pF7nvF9aOd2D2U/tMw15Gx5hknu28KeMuQI6+ +ueyG3mbE3gKSbKlFlCYhpJv0s0++Dbrp9rh5oPZG1yj+9+D8M8yB4rDFYNiKJ3Ot +X/RoN8PXz9ToD6Z715llXl5t1gYmayzlNjcI/kvAXT68IZr0CzHNJxMM +-----END ENCRYPTED PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/server-key.pem b/unittest/libmariadb/certs/server-key.pem index 066a827e..b4342a6a 100644 --- a/unittest/libmariadb/certs/server-key.pem +++ b/unittest/libmariadb/certs/server-key.pem @@ -1,28 +1,15 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJF13NPPgprDQC -4BSo+f4cSzS4j46n+TEAaCu0m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dP -T0p3Hc8qcvsMtcujKyGIsOYcbUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbc -olq9cjQnQtlXGSPkDzVJCJngh4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2Lgq -MG4pewJuXqtu98ue1Je28MnVS/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6x -VrHmKJSyGURUwORSlKvX/lIn58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuz -biKErGa5AgMBAAECggEBAIHC1ELGHxU1C/L3Ch3oA7PaS9D0wgdeY+JxVhKbq37g -5PCskbCABoG+rPNhfuBhZCbldnTpUKSRc7GX5uNqlu47eAjBnwBRqrf7/uFFHa5Q -dQCBH136OBuAgcEo+PXCJGVSugS8wxih8aUaFxe8hC75kioEDQbzUV0pcbJTg1xn -sLIEfIeNwHMemLtpN4n+GpJ8j19GLqaUDcjPM5ZRUs4yDvv1FZeGXjHijyZLP11h -rJLVrvmhqUoEG/ZdkqYKPrOG5qpOnkn/i9WPoUrahtWb6kKsZUjPoBCKqCqq/0kT -0WRI7Qgz13wPpbsVL8gQU9PgUM9MyNKH7yqGZnTmHiECgYEA61CvZD26tciutQfq -s0N8k20vQpX0uelDxsYBI9Acxt7LNWEIeiZLhrGKMSWsg0v541RKjiewzDcVOfQb -qA7wPC/IWfc1F/1gK3yg025IRgXhcuoWVd9jm7ob/czzxQIA8ew2fsDgqlYwkqPb -661TdEnctjYt29nqAQkayDdW8DUCgYEA2sSJzhAsscIE94TMw4O0C4PaOiYMfVb0 -oi7S4E7OLZ3bXm8OSlYRPxL66VxyNW+2g4BwXqMrsxd5x7QHGXEaqDPP8YEEOxrK -pkMiCfDvGpN0dlIobpPNVVGTfDcY/go3y30ZsdcX4G6S9lqsGEDo/hdVPrpeOULp -rG1Yimgu9PUCgYEAwUXwCOE6rXw7Iq1x8/MGKwCOxJ3t95TD+ks/PG7+c8kiFqGw -GMPDXMoNuvg6jUyl3jWpVsD60YCcipEY9hvu7UBBysLkdOPDTXR7k60M55aE6aGi -3r0wTwO5YegogDN5GzrsN4er/7vzAT5cr2IZHXZdNbuiRuTg8iDMQo5RddECgYEA -n+hJUnZANS68srA/fCoo0MHwIdDuEDAfYO0Y9xyjWHSqhLxola2TracSAMGyOZ0O -q9CWUpayupXOTkspZU9nTMuSk9TaYtmShzVLDDkwjRx7ZIFpTGp9DIA0bfdYLVkK -r5Mh1PyEV2h7w9dDM/c+V3x2swNHHFPsujyzG3hL2oECgYBgi1w63a/cfkQACVRt -tjy1ZtP50sRaSlXXC5Txh9u6AoO0k13V1+POo3LikYHfZRRrLTtMUrPVPAdD5H3v -rQ11p7gVgzw7ikMEi4hNw2ueX6UXzVSxAyeLGdG71QToqXPwK1tH/AOnD5g6hYAS -kXsNUaCkLeNkkbcWxXPY2HE6MA== ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDSnS+kxI2wBY1MeINRxfpyx5BQ8x4hX8o79PT+1PpEYEt/aNL1 +D2LronG4tbpB6pFTJ+mxnbPAOhnsnGEpYYh5Tz1VOcB1+IMko/Eqa4jComxb1Yxv +3c1xbtFNyGaylOCQ1KHs60UNDL8KeZs827ys293jPjR7Kz3fzTfPRCgc3wIDAQAB +AoGBAIODSYvOfFcMsHWuzvlR8ZiYisIxfYADi4my5QT3QqtNofcWIpyJlhBjaDWZ +rIuaiFJvmtqhCewfm66G25j2YTuT0N4rZkcEzPm9y6NGgEgBWgMM01Jm2scg7WEN +IS/KYWptqGxeMLSPWAaVUT6LU4wfbueXBBfV9Mp0jBXW/vKhAkEA+9GhXU65/eQO +HnZRfPspuWeHAFRYGmPWnClDdOjFlmL0PpC5f6kENtX41PZEDUj1damJIJ/A/zRB +heKn9UV6kQJBANYcaYxuhCpjvlSm8wRc80AY8Ncn8hDQBCHhjHWSOdDyv/rvKeht +lOSeu8UJieJJwccJGa002Ql/ByvZIgJUeG8CQDqBF5ZQBhIge89D+eapi6YRkWHY +Nqfa7i9VvuBYfB9WWhx3D0HDiMEcsTT5ChJ0EuMFQmCb/QDNqTNr1026mKECQBRP +o6+fuEfxKFgNclZCnwzAkPBIKM1xfkLci5+HnJZ2wMGEOJyE8K/zYuqhKgRebNR9 +x4LH1aLx+vMs6O4Bp18CQGUQe24ONr9t+hSJ9FNdNfww/lIzJWvCt7xpqdccbd9O +3mrka7/Kfl8LFEpkk7XuAXuNB0wgd0aowD7NnZgaJcs= +-----END RSA PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/server-req.pem b/unittest/libmariadb/certs/server-req.pem deleted file mode 100644 index 2356625f..00000000 --- a/unittest/libmariadb/certs/server-req.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQc2Vy -dmVyLmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkX -Xc08+CmsNALgFKj5/hxLNLiPjqf5MQBoK7Sb4HDQdIavowBcifsRSvdVjHzMojvj -8cbUdgFLx09PSncdzypy+wy1y6MrIYiw5hxtS2kKRkxiEKEgwwD8AA77CXKidpJR -hhSZOUMKxtyiWr1yNCdC2VcZI+QPNUkImeCHiN4pln0uJW9YRuUS7hisASeq4St1 -qU+Y14nYuCowbil7Am5eq273y57Ul7bwydVL82tE8+16axlwVwmVAugbD+C1lFZD -SAz6EdqpzrFWseYolLIZRFTA5FKUq9f+Uifnxm0PJLtsjVbUO0xnb9QXE1N2YKgL -pIX9+P8Ma7NuIoSsZrkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB+Ctji5m7b -v/IYBSvvMIhWRDcQIQ/+3pzwtPRH8wb2iB6kYLFirC8vPYn320Dvva4MRp1DPzvP -egQduKFO0ic36DvDvKooSKVvCSoS/LGhH/jFFTbFmp7aJF0raqBU8HIg38eJ0KPv -smVND9uQ+Cibdzn6f3EX/a0c3FRtEtu5cYkJ1B7dksKr1guaobUOxQ4ti4mm4vkG -ll6VHdSMlHTsFLE3cqL7C+0g8f1cJYKyyXtx/43mzdYyOzHptndjmXfitATxw9Zy -hCXJtvgwbQdGA8ZiCeB6BxNfbD4Bhm2G0k59Vv942IunQUShWwDXTlSXz7DFRs/h -lDL64qSmNvdm ------END CERTIFICATE REQUEST----- diff --git a/unittest/libmariadb/ssl.c b/unittest/libmariadb/ssl.c index 6c2668c4..8b3b42d2 100644 --- a/unittest/libmariadb/ssl.c +++ b/unittest/libmariadb/ssl.c @@ -117,8 +117,13 @@ static int test_multi_ssl_connections(MYSQL *unused) mysql_ssl_set(mysql[i], 0, 0, "./certs/ca.pem", 0, 0); - FAIL_IF(!mysql_real_connect(mysql[i], hostname, username, password, schema, - port, socketname, 0), mysql_error(mysql[i])); + mysql_real_connect(mysql[i], hostname, username, password, schema, + port, socketname, 0); + if (mysql_errno(mysql[i])) + { + diag("loop: %d error: %d %s", i, mysql_errno(mysql[i]), mysql_error(mysql[i])); + return FAIL; + } cipher= (char *)mysql_get_ssl_cipher(mysql[i]); FAIL_IF(strcmp(cipher, "DHE-RSA-AES256-SHA") != 0, "Cipher != DHE-RSA-AES256-SHA"); @@ -158,7 +163,7 @@ static void ssl_thread(void) if(!mysql_real_connect(mysql, hostname, username, password, schema, port, socketname, 0)) { - diag("Error: %s", mysql_error(mysql)); + diag(">Error: %s", mysql_error(mysql)); mysql_close(mysql); mysql_thread_end(); pthread_exit(NULL); @@ -178,6 +183,9 @@ static int test_ssl_threads(MYSQL *mysql) pthread_t thread[50]; MYSQL_RES *res; MYSQL_ROW row; + + if (check_skip_ssl()) + return SKIP; rc= mysql_query(mysql, "DROP TABLE IF exists ssltest"); check_mysql_rc(rc, mysql); @@ -213,13 +221,10 @@ static int test_phpbug51647(MYSQL *my) if (check_skip_ssl()) return SKIP; - diag("todo: fix ca"); - return SKIP; - mysql= mysql_init(NULL); FAIL_IF(!mysql, "Can't allocate memory"); - mysql_ssl_set(mysql, "certs/client-key.pem", "certs/client-cert.pem", "certs/ca-cert.pem", 0, 0); + mysql_ssl_set(mysql, "./certs/client-key.pem", "./certs/client-cert.pem", "./certs/ca.pem", 0, 0); FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, port, socketname, 0), mysql_error(mysql)); @@ -239,10 +244,114 @@ static int test_conc50(MYSQL *my) mysql= mysql_init(NULL); FAIL_IF(!mysql, "Can't allocate memory"); - mysql_ssl_set(mysql, NULL, NULL, "test", NULL, NULL); + mysql_ssl_set(mysql, NULL, NULL, "certs/my_cert.pem", NULL, NULL); mysql_real_connect(mysql, hostname, username, password, schema, port, socketname, 0); + diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql)); + FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); + mysql_close(mysql); + + return OK; +} + +static int test_conc50_1(MYSQL *my) +{ + MYSQL *mysql; + + if (check_skip_ssl()) + return SKIP; + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, NULL, NULL, "./certs/ca.pem", NULL, NULL); + + mysql_real_connect(mysql, hostname, username, password, schema, + port, socketname, 0); + if (mysql_errno(mysql)) + diag("Error: %d %s", mysql_errno(mysql), mysql_error(mysql)); + FAIL_IF(mysql_errno(mysql), "No error expected"); + mysql_close(mysql); + + return OK; +} + +static int test_conc50_2(MYSQL *my) +{ + MYSQL *mysql; + + if (check_skip_ssl()) + return SKIP; + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, NULL, NULL, "./certs/dummy.pem", NULL, NULL); + + mysql_real_connect(mysql, hostname, username, password, schema, + port, socketname, 0); + FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); + mysql_close(mysql); + + return OK; +} + +static int test_conc50_3(MYSQL *my) +{ + MYSQL *mysql; + int rc; + char query[256]; + + if (check_skip_ssl()) + return SKIP; + + mysql_query(my, "DROP USER 'ssltest'@'localhost'"); + + sprintf(query, "GRANT ALL ON %s.* TO 'ssltest'@'localhost' REQUIRE SSL", schema ? schema : "*"); + rc= mysql_query(my, query); + check_mysql_rc(rc, mysql); + rc= mysql_query(my, "FLUSH PRIVILEGES"); + check_mysql_rc(rc, mysql); + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL); + + mysql_real_connect(mysql, hostname, (const char *)"ssltest", NULL, schema, + port, socketname, 0); + FAIL_IF(!mysql_errno(mysql), "Error expected, SSL connection required!"); + mysql_close(mysql); + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, NULL, NULL, "./certs/ca.pem", NULL, NULL); + + mysql_real_connect(mysql, hostname, "ssltest", NULL, schema, + port, socketname, 0); + FAIL_IF(mysql_errno(mysql), "No error expected"); + mysql_close(mysql); + + return OK; +} + +static int test_conc50_4(MYSQL *my) +{ + MYSQL *mysql; + + if (check_skip_ssl()) + return SKIP; + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, NULL, "./certs/ca.pem", NULL, NULL, NULL); + + mysql_real_connect(mysql, hostname, username, password, schema, + port, socketname, 0); + diag("Error: %s", mysql_error(mysql)); FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); mysql_close(mysql); @@ -260,20 +369,13 @@ static int verify_ssl_server_cert(MYSQL *my) mysql= mysql_init(NULL); FAIL_IF(!mysql, "Can't allocate memory"); - mysql_ssl_set(mysql, NULL, NULL, "./certs/ca-cert.pem", NULL, NULL); + mysql_ssl_set(mysql, NULL, NULL, "./certs/ca.pem", NULL, NULL); mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); mysql_real_connect(mysql, hostname, username, password, schema, port, socketname, 0); - if (!strcmp(mysql->host, "localhost")) - { - FAIL_IF(mysql_errno(mysql), "No error expected"); - } - else - { - FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); - } + FAIL_IF(mysql_errno(mysql) != 2026, "Expected errno 2026"); mysql_close(mysql); return OK; @@ -302,14 +404,19 @@ static int test_bug62743(MYSQL *my) struct my_tests_st my_tests[] = { {"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50", test_conc50, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_conc50_1", test_conc50_1, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0, NULL, NULL}, - {"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_ssl_cipher", test_ssl_cipher, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_multi_ssl_connections", test_multi_ssl_connections, TEST_CONNECTION_NONE, 0, NULL, NULL}, #ifndef WIN32 {"test_ssl_threads", test_ssl_threads, TEST_CONNECTION_NEW, 0, NULL, NULL}, -#endif +#endif + {NULL, NULL, 0, 0, NULL, NULL} };