You've already forked mariadb-connector-c
mirror of
https://github.com/mariadb-corporation/mariadb-connector-c.git
synced 2025-08-08 14:02:17 +03:00
Fix for CONC-95: SSL connection with require X509 privilege doesn't work.
- all pems and ciphers are now stored in global context - create new ssl instance after loading pems into global context
This commit is contained in:
holzboote@googlemail.com
@@ -1,30 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICTDCCAbWgAwIBAgIJAOzGST1sgGjAMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
|
||||
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
|
||||
DAZzZXJ2ZXIwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
|
||||
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
|
||||
AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtK0qYQIWmTU5
|
||||
poKhvoSuMi26oPNpu+zYQ3NTKueY3xs03zRIhuJ5khI6t5/oRNRExDL/CU4609IT
|
||||
to7YnDByUlBftTPHujsEuW6GDAzVlmpGNuBYO5oLNBGL3f5BF0eDh37vQEYyr67M
|
||||
TR0mqPkd8IeztK0iCaJNXB7lTyyRcwIDAQABo1AwTjAdBgNVHQ4EFgQUlPvBMFAZ
|
||||
XqTPqYsVautG+QomU74wHwYDVR0jBBgwFoAUlPvBMFAZXqTPqYsVautG+QomU74w
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7Tu43BPt82IYShXH9FoYR
|
||||
WWqG2PI5BrN32VcTKEP/cZf7QNrPuungjnHne1VMVIN4dfB8QWB4Uvjq5f5kWunI
|
||||
BY1YpPFNy+5p+sUAHX9H4rJloVwNLYSKWPhEpe/zSKSTuPGqbAhYv8M/lMQlp58w
|
||||
oICORfoW3HruDjRnJxTAPw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICTDCCAbWgAwIBAgIJAKPJnSVjrc7LMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
|
||||
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
|
||||
DAZjbGllbnQwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
|
||||
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
|
||||
AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW1pzU0Rgd631H
|
||||
L4C2wB2hoIzwFxKcqHJk6MxZMcCFjH3EFyo7+hn42Hpz2bkibgsn9/Kcg2Y32cgK
|
||||
B1rWmerD8cU0dMcqxImZwyg5//s0tX2UjleZRnVTs5JEqFjSZSool0MHGKXnp8Bc
|
||||
t4F4d5hduT2WxXcRG+ltzATEV2A79QIDAQABo1AwTjAdBgNVHQ4EFgQUVcbFkeIN
|
||||
mXA+BmOy8AFkgDSFTUswHwYDVR0jBBgwFoAUVcbFkeINmXA+BmOy8AFkgDSFTUsw
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQANxUnH8UXd2vo83DQPh6+I
|
||||
E4J7DYn1D4pC3WXWQXIPXHvkmuuJnZcmapS4mgK932SyteALM4u5D01rvtpV76we
|
||||
sgPZHXDPXDimT62AScYgO8LpvEcmaYtw1zgxXRnC+o6DHNOvoG5iaV7kVo3wzr3B
|
||||
qtgFiFBvZYHTZ+hVAkk19Q==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,15 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICTDCCAbWgAwIBAgIJAKPJnSVjrc7LMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
|
||||
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
|
||||
DAZjbGllbnQwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
|
||||
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
|
||||
AwwGY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCW1pzU0Rgd631H
|
||||
L4C2wB2hoIzwFxKcqHJk6MxZMcCFjH3EFyo7+hn42Hpz2bkibgsn9/Kcg2Y32cgK
|
||||
B1rWmerD8cU0dMcqxImZwyg5//s0tX2UjleZRnVTs5JEqFjSZSool0MHGKXnp8Bc
|
||||
t4F4d5hduT2WxXcRG+ltzATEV2A79QIDAQABo1AwTjAdBgNVHQ4EFgQUVcbFkeIN
|
||||
mXA+BmOy8AFkgDSFTUswHwYDVR0jBBgwFoAUVcbFkeINmXA+BmOy8AFkgDSFTUsw
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQANxUnH8UXd2vo83DQPh6+I
|
||||
E4J7DYn1D4pC3WXWQXIPXHvkmuuJnZcmapS4mgK932SyteALM4u5D01rvtpV76we
|
||||
sgPZHXDPXDimT62AScYgO8LpvEcmaYtw1zgxXRnC+o6DHNOvoG5iaV7kVo3wzr3B
|
||||
qtgFiFBvZYHTZ+hVAkk19Q==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,17 +0,0 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIdzt3UBGdGKwCAggA
|
||||
MBQGCCqGSIb3DQMHBAi3EQ5NVU79qASCAoAxZFIJr9LVbcP+g/E7xCKmaaNgMfWw
|
||||
eLiIuJwZTgtFsb4CWG5pSGc1P+WP/4Blm2g9awnSOeIh9h4Rz1ZCeB4ztqZvTmqh
|
||||
MRsZc6Bp+CTslQdkPT07pATzesF46Cp4kB2prC5/lYBxydtafvMeDQOHxGqAjYwW
|
||||
6iqHrq2OGrJZkVYp5Jmg9Taj5uOXoUTLWvYtUVB/pHfe9TUFPYuhzNWv+8daG36Q
|
||||
gxUNMP049TNgQmYSX3R2XSizwVwLiq51KQ8awhOjRAzvZg8Bj6stTgDge+JspajR
|
||||
YZItn7+I/x4kv2M6/S2NnaXFjOnFB4ivr7BFGQhEM3drvE1hZw8LhYq1lFBFZeO/
|
||||
HXMeRIv95touqEvukoUT2E1lgsBiQ9EkpmH+mFQmqd8RHwxA2xVfx+WQo7wtPJ2e
|
||||
oezWOybQRK1tMxnF+np70VyyfBo4Y0JZ4ac19lm0wsfLdIJ9+H91WfNTAdGwaqLf
|
||||
yUEGRPpzIoCg2fw71mchZ8y3aknEWVMTcQsXlE8z5ZQv/m+x/2mK1Lw5Zg7MpOVi
|
||||
742XN7cFmH/uBfE2CndODqOOt7Sn9zw/S7auDOrE0qjrxAaW0p0Xby38lvL3e7fj
|
||||
/7qDf7dj/0vuOPxdEGWuhmUgM2ZXInxg6yGmmLDM15rbX613lWo1qmPKjl5MROSJ
|
||||
aKvXf7bG5cGbZ/sdkoISykWb7W/lH2NyMWKv5tGsKCtkC/0I5aUFMk1p4FE4uky4
|
||||
cZauUBJ1itNcXR80u3B76siRFgGKLFFgfTioblGSxIQ2cFqq3lY8f4ZcW+JjWZug
|
||||
g5p83DmIf7GCfjeuI4MYWYVcVu4kGCGtFmbZc54DalFEWZ3valr8C9l1
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
@@ -1,15 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXAIBAAKBgQCW1pzU0Rgd631HL4C2wB2hoIzwFxKcqHJk6MxZMcCFjH3EFyo7
|
||||
+hn42Hpz2bkibgsn9/Kcg2Y32cgKB1rWmerD8cU0dMcqxImZwyg5//s0tX2UjleZ
|
||||
RnVTs5JEqFjSZSool0MHGKXnp8Bct4F4d5hduT2WxXcRG+ltzATEV2A79QIDAQAB
|
||||
AoGAYsK2AOm+3qg3aIqDviRfwlm6reCNgSERdVyvn57hrQ9lsSRxtL92jeY/lubx
|
||||
PsfKaisAINYv8VWYkmhqY6R3fz7T2xmu0raSLS953dcs03oknnTJX6cOxkms9wtw
|
||||
AHVyAF5Lti0uEWS9LxxcJR7TAGI5UkJSQ88uWZeawH4XYgECQQDE+w49yaaEDcFN
|
||||
wLOWJIKTkBhvLkc76mI56kBgJS3rdG6/2EVJjwCQmPFUFaZpgqcsWZTZ2AlfhUAq
|
||||
bVl2Fg41AkEAxAhQrvFR3eupSy7RCqQ+X/kmlco1UYLtzCiFAGOV7wWlstVLbT76
|
||||
i/DClvvLZzQuGed6ELn4xsuHN3Fan6ouwQJBALH53F47anZ6LyPfbuPDzS8izND3
|
||||
0WjzVxjY7J1yOlE5fC9eawwRZwM/DR1aCmfeoslRj0pdBesGbHlpH6GwP9kCQAxc
|
||||
Cdo91M+NICthVES7fkNGziv7h8kP3DZXB6uym61qSbwwvoSwx9My5tHmJjjnjVCM
|
||||
y6FqWEkQZAIW34PZkwECQDd6osrGUSGcGbo324mwLTz4Qa1G96nX5U20vOXyJ0hb
|
||||
JJBl9rnl/dDN7MA6PWWArJqJY9AERQ8NUgMTloQlwi0=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -1,15 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICTDCCAbWgAwIBAgIJAOzGST1sgGjAMA0GCSqGSIb3DQEBBQUAMD8xEzARBgoJ
|
||||
kiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMQ8wDQYDVQQD
|
||||
DAZzZXJ2ZXIwHhcNMTQwMzAzMTIxNTM5WhcNMTQwNDAyMTIxNTM5WjA/MRMwEQYK
|
||||
CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEPMA0GA1UE
|
||||
AwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtK0qYQIWmTU5
|
||||
poKhvoSuMi26oPNpu+zYQ3NTKueY3xs03zRIhuJ5khI6t5/oRNRExDL/CU4609IT
|
||||
to7YnDByUlBftTPHujsEuW6GDAzVlmpGNuBYO5oLNBGL3f5BF0eDh37vQEYyr67M
|
||||
TR0mqPkd8IeztK0iCaJNXB7lTyyRcwIDAQABo1AwTjAdBgNVHQ4EFgQUlPvBMFAZ
|
||||
XqTPqYsVautG+QomU74wHwYDVR0jBBgwFoAUlPvBMFAZXqTPqYsVautG+QomU74w
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7Tu43BPt82IYShXH9FoYR
|
||||
WWqG2PI5BrN32VcTKEP/cZf7QNrPuungjnHne1VMVIN4dfB8QWB4Uvjq5f5kWunI
|
||||
BY1YpPFNy+5p+sUAHX9H4rJloVwNLYSKWPhEpe/zSKSTuPGqbAhYv8M/lMQlp58w
|
||||
oICORfoW3HruDjRnJxTAPw==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,17 +0,0 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIPpJdGdXjQRACAggA
|
||||
MBQGCCqGSIb3DQMHBAiUKNGTStSZLQSCAoC98JfG2THDxTwONDo/2cEwC2nmPiOt
|
||||
zptOrZBGEss9O+yt85JUge47Hidvf/O98/4zOAaOOwvt7Sq4Sosr+xovHYpvyYl1
|
||||
O4K5YMeS/Nx+lS5qcX6nKTuz/Nh69PTzn+cOT61ZYHTjXrcAMDKRbmcZTuN07ZXY
|
||||
toZOdQomJ5ivvh4zQqufk0VbtQ53Cy2OYvY+Zm42lmowWwSfJZbIWEfBxp/PUrap
|
||||
LyG9lDvcUJopcMcQ7cDg65M6fZoE1RjF1ACsPnmMzJJrlVgkYyDwKl0cXEaBIja+
|
||||
zA0iWbyHqre8sOD7Fv1PCTPhqOQ0eLU9RttPaw0YuPU4wx7Czlqkumzf4wZnYVe+
|
||||
rerh1/KjV/KyekcfrxNWaiLgiLVTDxGAFTU7wj7jKneMG2qTD/bvLRfcoiWH+1vK
|
||||
agyzL4wu2X0RyZQqPm3YbGl/ye/gusJmCpxR2vDD3dNw/pNi7jl/oZZnrUuV4VJQ
|
||||
xnaKQMcGm97UciGXg0S5rNPdZcSvbbU02pbj8B4Eg2QQXfFXI7UUxEWAcyP22YXj
|
||||
kAy1y7rI+9MDUX+pss7oncWD/meE+3X5qRorhvH3hN6UvDHCSL8g4iOlwjFA7IV+
|
||||
IPQw+QKJkBxNkj2/esV1GcDgeTKF+ybCnGZK5TANg68eArawWOmv/pYSsubsGfTn
|
||||
l5hcQF8zmm/p12KXxhJp21jyCHYiVXB8oAJXbAKssvnGZfkEo4vOmZiMsLCVsZI6
|
||||
1Pyo9G/c8W9DjaXZmgiN2APQciiRXkv87nru0d9zeiEiZRaTIC2xQuAojQZ4wLGl
|
||||
8eu7oqo/ebyi174UEAeNW8l/QUeMJVCyBKdbKKeRmZUzzJx0BJLMJskK
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
@@ -1,15 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXwIBAAKBgQDJtK0qYQIWmTU5poKhvoSuMi26oPNpu+zYQ3NTKueY3xs03zRI
|
||||
huJ5khI6t5/oRNRExDL/CU4609ITto7YnDByUlBftTPHujsEuW6GDAzVlmpGNuBY
|
||||
O5oLNBGL3f5BF0eDh37vQEYyr67MTR0mqPkd8IeztK0iCaJNXB7lTyyRcwIDAQAB
|
||||
AoGBAJk+Yp2i7BI9PhnZrr+x3l32E5YJ+ETpmMzJmhGitCgJwULPHYrIp8HTP3RK
|
||||
0/uEZ30DTvdCm6PIEIAXn7lkGM04YcnaerXIHBSwNQKIhyniNDfBfqox6azQaCDy
|
||||
wTFSgghU1SNOn6+ZOCXeGtp4Y7cXEWzPWfI0UJ9HopY0k+HZAkEA8UuJ87/JwMjk
|
||||
t4lB6ml+YgQw9MGrxAsdJrLzqvWo68Jd1g2Le6ghcRRTsx9KJo6b1P+63jxk6jnj
|
||||
ZMywLJL2nwJBANX/gIYXeDgsNkoFn3T6YPteatMPup5bT4t1sYRDZbKQj+rDVDYL
|
||||
PuwK6kIO4xQ6UId9UclfOVb7rwpsJa8jGK0CQQCj6SN6EBNWQWGVB8leGnF+1cgH
|
||||
y7QJxV71FeUOgjhQhsVFjgftZUXqUduVtzCgxok3BM0FAFOxBMfihmU6sk6TAkEA
|
||||
ixQ4Em30awWI7wjCfoMvPo85fByv27VaeDewfFZVJP1BG4GBHHKonT3my7HjMUVJ
|
||||
CxWObwKdQIPoWiy5PR7hLQJBAJxTKKgO5EVXUAv+gEmt+zTIKbTRyAWUcx/Ee4or
|
||||
ZHMwsQMtW95EKiakNYZ9lCZwLeyRF3I9iNn7RirresRan+I=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -65,8 +65,7 @@ static int test_ssl(MYSQL *mysql)
|
||||
|
||||
if (!skip_ssl)
|
||||
{
|
||||
rc= mysql_query(mysql, "DROP USER 'ssltest'@'localhost'");
|
||||
|
||||
rc= mysql_query(mysql, "DROP USER 'ssluser'@'localhost'");
|
||||
rc= mysql_query(mysql, "GRANT ALL ON test.* TO 'ssluser'@'localhost' IDENTIFIED BY 'sslpw' REQUIRE SSL");
|
||||
rc= mysql_query(mysql, "FLUSH PRVILEGES");
|
||||
}
|
||||
@@ -96,6 +95,40 @@ static int test_ssl_cipher(MYSQL *unused)
|
||||
return OK;
|
||||
}
|
||||
|
||||
static int test_conc95(MYSQL *my)
|
||||
{
|
||||
MYSQL *mysql;
|
||||
int rc;
|
||||
|
||||
if (check_skip_ssl())
|
||||
return SKIP;
|
||||
|
||||
rc= mysql_query(my, "DROP USER 'ssluser1'@'localhost'");
|
||||
check_mysql_rc(rc, my);
|
||||
rc= mysql_query(my, "GRANT ALL ON test.* TO 'ssluser1'@'localhost' IDENTIFIED BY 'sslpw' REQUIRE X509");
|
||||
check_mysql_rc(rc, my);
|
||||
rc= mysql_query(my, "FLUSH PRIVILEGES");
|
||||
check_mysql_rc(rc, my);
|
||||
|
||||
mysql= mysql_init(mysql);
|
||||
mysql_ssl_set(mysql,
|
||||
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/server-key.pem",
|
||||
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/server-cert.pem",
|
||||
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca.pem",
|
||||
NULL,
|
||||
NULL);
|
||||
|
||||
if (!mysql_real_connect(mysql, hostname, "ssluser1", sslpw, schema,
|
||||
port, socketname, 0))
|
||||
{
|
||||
mysql_close(mysql);
|
||||
diag("could not establish x509 connection");
|
||||
return FAIL;
|
||||
}
|
||||
mysql_close(mysql);
|
||||
return OK;
|
||||
}
|
||||
|
||||
static int test_multi_ssl_connections(MYSQL *unused)
|
||||
{
|
||||
MYSQL *mysql[50], *my;
|
||||
@@ -347,6 +380,7 @@ static int test_conc50_3(MYSQL *my)
|
||||
|
||||
mysql_real_connect(mysql, hostname, "ssltest", NULL, schema,
|
||||
port, socketname, 0);
|
||||
diag("Error: %s<", mysql_error(mysql));
|
||||
FAIL_IF(mysql_errno(mysql), "No error expected");
|
||||
mysql_close(mysql);
|
||||
|
||||
@@ -367,7 +401,7 @@ static int test_conc50_4(MYSQL *my)
|
||||
|
||||
mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
|
||||
port, socketname, 0);
|
||||
FAIL_IF(mysql_errno(mysql) , "Expected no error");
|
||||
FAIL_IF(!mysql_errno(mysql) , "Error expected");
|
||||
mysql_close(mysql);
|
||||
|
||||
return OK;
|
||||
@@ -381,9 +415,6 @@ static int verify_ssl_server_cert(MYSQL *my)
|
||||
if (check_skip_ssl())
|
||||
return SKIP;
|
||||
|
||||
diag("certs needs to be fixed.");
|
||||
return SKIP;
|
||||
|
||||
mysql= mysql_init(NULL);
|
||||
FAIL_IF(!mysql, "Can't allocate memory");
|
||||
|
||||
@@ -460,6 +491,7 @@ struct my_tests_st my_tests[] = {
|
||||
{"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"test_conc50_3", test_conc50_3, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"test_conc50_4", test_conc50_4, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"test_conc95", test_conc95, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"verify_ssl_server_cert", verify_ssl_server_cert, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"test_bug62743", test_bug62743, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL},
|
||||
|
||||
Reference in New Issue
Block a user