database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-09-15 08:21:18 +03:00
Code Activity
2,179 Commits 92 Branches 94 Tags
3.3
Commit Graph

213 Commits

Author SHA1 Message Date
Vladislav Vaintroub
629ec64630 Fix PVIO to return number of bytes read/written as "signed" integer 
since there is a lot of checks for return code being < 0 or -1.
 2016-10-13 17:42:03 +00:00
Sergei Golubchik
f95877dc5f Merge branch 'master' into serg-integr 2016-09-15 09:21:30 +02:00
Georg Richter
9b436eaaf7 TLS fixes: 
- don't use password in global context
  - load keys and certs via callback functions
  - don't use gnutls_bye since server is not able to detect dead socket
  - fixed valgrind errors in gnutls
 2016-09-13 16:12:34 +02:00
Vladislav Vaintroub
da8977d670 Merge branch 'master' into serg-integr 2016-09-12 11:47:14 +00:00
Vladislav Vaintroub
12797530d5 schannel cleanups 
- use CertFreeCertificateContext() to free memory allocated by QueryContextAttributes(SECPKG_ATTR_REMOTE_CERT_CONTEXT)
- consistently use "SSL connection error: " prefix for schannel errors
 2016-09-10 13:19:55 +00:00
Vladislav Vaintroub
2157642849 Cleanup/fix schannel TLS implementation 
- remove global variables
- remove in memory certificate stores that cache all CRL and all CA
- verify certificate against ssl_ca and ssl_crl  specified in
connection options (not against all CRL/CA in store)
 2016-09-09 20:17:30 +00:00
Georg Richter
571dc5f397 Fixed crash in gnutls: 
In case handshake will fail a further call to gnutls_bye function will lead in a crash.
Therefore we free the ssl handle immediately after handshake failed.
 2016-09-08 09:45:37 +02:00
Georg Richter
7d26557cbc GnuTLS: Added support for cipher mapping 
The following openssl cipher names are supported and will be mapped to gnutls priority:
DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA
 2016-09-08 08:36:07 +02:00
Georg Richter
c68c5dc27f Part for fix of CONC-200: 
declare type of my_ulonglong
 2016-09-08 08:01:21 +02:00
Vladislav Vaintroub
38b5e400da C/C integration : Fix mysql_test_client test 
- #include <stdlib.h> for strtod and other prototypes
- remove ma_config_win.h as it  redefines things from ma_config.h
- fix compile warnings
 2016-09-07 17:14:02 +00:00
Georg Richter
9f88e25fd6 Compiler warning fixes 2016-09-03 12:46:50 +02:00
Georg Richter
256dc4b511 Disable BIO methods for read/write by default 2016-08-09 14:15:37 +02:00
Georg Richter
dd9ebcf56a - Fixed license header 
- More OpenSSL 1.1 fixes
 2016-08-05 07:39:10 +02:00
Lawrin Novitsky
63d70147fe Moved c++ish declaration in the ma_tls_connect(libmariadb/secure/schannel.c) to other declarations on top of the function. It prevernted build at least with vs2010 2016-07-09 14:03:23 +02:00
Georg Richter
ba0ed073fd Implemented read/write bio functions, so we don't need sigpipe handler anymore. 2016-07-07 14:44:19 +02:00
Georg Richter
da38af3d61 Fixes for OpenSSL 1.1.0 2016-07-04 09:11:30 +02:00
Georg Richter
45a635dead Fixed compiler warnings 
removed latest test for ssl threads (test.c)
 2016-06-29 15:22:01 +02:00
Georg Richter
26d31929d4 several fixes for mariadb_stmt_execute_direct: 
- allow param binding via mysql_stmt_attr_set:
  mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, &param_count);
- If a prepared statement will be reexecuted, we send COM_STMT_CLOSE
  together with COM_STMT_PREPARE and COM_STMT_EXECUTE
 2016-06-18 14:07:28 +02:00
Georg Richter
4fd0ad4cbd Fix for CONC-190 (ported from 2.2 branch) 2016-06-04 09:00:20 +02:00
Vladislav Vaintroub
7496789f10 Fix openssl sigpipe correctly, move signal handler to openssl.c 2016-05-31 14:24:55 +02:00
Georg Richter
07877e61cf Fix for CONC-180 
In case handshake ended with Errorcode SEC_E_INTERNAL_ERROR we check
LastErrorCode (if it was set) and return system errormessage. For
timeout during SSL handshake we return the following error message:

ERROR 2026 (HY000): SSL connection error: A connection attempt failed
because the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond.
 2016-05-15 15:41:45 +02:00
Georg Richter
80714f3bbd Fix multi com bug: Don't change current multi buffer position after 
reallcating multi buffer
 2016-05-14 11:20:09 +02:00
vvaintroub
c84de83ba3 Start all SSL bugs with 'SSL connection error' for common messaging across TLS implementation, and to pass the openssl_1 test cross-plattform 2016-05-11 17:11:09 +00:00
vvaintroub
49527f7590 Fix errors in openssl_1 test suite. 
Provide mapping between openssl and schannel test suite ids.
This mapping is currently incomplete
 2016-05-11 12:41:57 +00:00
buildbot
6190f608f9 Fix schannel problems that popup on Win2012 R2 buildbot 
- Do not acquire a named context, because this might run
into permissions problem.
- Avoid sending TLS1.2 version by default. Yassl wrongfully rejects it
with a bad handshake (it should consider that 1.1 and 1.0 are supported too
but it does not)
 2016-04-05 19:39:42 +00:00
buildbot
ec878da68f Fix duplicate CertFreeCertificateContext() 
in case ma_schannel_load_private_key() fails

Also fix error checking for CryptAcquireContext
 2016-04-05 16:08:36 +00:00
Georg Richter
b4efe73c9e session tracking implementation (10.2-integration): 
- At the moment the following session tracking types are supported:
  SESSION_TRACK_SCHEMA
  SESSION_TRACK_SYSTEM_VARIABLES
  SESSION_TRACK_STATE_CHANGE
  SESSION_TRACK_TRANSACTION_CHARACTERISTICS
- New API functions
  mysql_session_track_get_next
  mysql_session_track_get_first
 2016-03-31 08:41:12 +02:00
Georg Richter
bea035a72b - Unittests: link static library instead of dynamic 
- TLS/SSL: renamed HAVE_SSL to HAVE_TLS to avoid trouble in
  10.2-integration
- Fixed wrong timeout in non-blocking mode
- Fixed valgrind error in prepared statement
 2016-03-28 10:29:55 +02:00
Georg Richter
ab393c9df5 Added tls_version support for schannel. tls_version has to be specified 
via mysql_options(mysql, MARIADB_OPT_TLS_VERSION, ...)
 2016-03-16 18:30:28 +01:00
Georg Richter
d78cba3013 Merge branch 'master' of https://github.com/MariaDB/mariadb-connector-c 2016-03-16 18:21:09 +01:00
Georg Richter
4b1e94bccc Since we use TLS and not SSL functions and structures were renamed 
from SSL to TLS
 2016-03-16 18:20:08 +01:00
Vladislav Vaintroub
8bf85da380 Fix build errors on Solaris 10 with gcc 3.4.3 2016-03-15 18:52:29 +01:00
Georg Richter
bb365dd794 SSL fixes: 
- wrong incude directory for OpenSSL
- added errormessage for SEC_E_ILLEGAL_MESSAGE
 2016-03-14 12:11:36 +01:00
Georg Richter
cc0c34554d - Fixes for 10.2-integration 
- As requested by Wlad we use connect timeout for read/write unless
    the connection was established.
- Added experimental session cache support for OpenSSL. It's currently
  disabled
 2016-03-08 17:08:01 +01:00
Vladislav Vaintroub
c67bb51c8d Fix openssl detection and compile errors for old openssl versions 2016-03-01 15:27:22 +01:00
Georg Richter
c433c30271 Added session ticket support for OpenSSL (experimental) 
Build fixes:
  - Build requires OpenSSL v. 1.0.1 or higher
  - Fixed win64 build (missing target properties for static lib)
 2016-03-01 13:37:55 +01:00
Georg Richter
ee004a83d3 GnuTLS fix: we need to check server certificate if no ca was specified 
but verify_server flag was set
 2016-02-29 15:47:50 +01:00
Georg Richter
2f6cc35a44 Disable TLSv_1.2 in schannel for now, we need a separate option for, 
since we will not be able to talk to servers built with yassl
 2016-02-24 10:41:17 +01:00
Georg Richter
8620b754ea Added missing error messages for wrong protocol 
moved connection handler into net->extension (ABI break)
 2016-02-23 13:50:14 +01:00
Georg Richter
d303cf76a7 More 10.2-integ fixes: 
- renamed my_net functions (ma_net)
- fixed wrong types in ma_schannel.c
- fixed wrong parameter in client_plugin when building load string
 2016-02-17 10:00:53 +01:00
Georg Richter
85525c2ba7 Merge remote-tracking branch 'origin/3.1' 2016-02-16 17:40:03 +01:00
Georg Richter
509b948e7d SSL fixes: 
- added MARIADB_OPT_SSL_CIPHER_STRENGTH (value uint) for Schannel
- fixed mutes in all ssl variants
 2016-02-16 13:04:16 +01:00
Georg Richter
4ca933bb81 Global cleanup: 
removed global locks
  removed dead code and files
  removed dbug
 2016-02-08 18:43:02 +01:00
Georg Richter
f3577bab94 Disable dbug by default (to enable it specify cmake option -DWITH_DBUG=ON) 
minor fixes for 10.2 integration (windows)
 2016-02-05 16:31:49 +01:00
Georg Richter
88015678c9 removed my_vsnprintf 
removed llstr.c
renamed int2string function with prefix ma_
 2016-02-04 14:22:27 +01:00
Georg Richter
c5ca735dd3 Renamed prefixes for 10.2 integration 2016-02-02 12:12:04 +01:00
Georg Richter
b00a0e2ce5 Merge https://github.com/MariaDB/mariadb-connector-c into 10.2-georg 2016-01-27 06:45:49 +01:00
Georg Richter
f62a2e0270 Fixed several memory leaks in ma_ssl.c 2016-01-07 13:23:28 +01:00
Georg Richter
4cb9b79ced renamed MARIADB_OPT_SSL_PASSWORD to PASSPHRASE 
Since MySQL server is picky about cipher suites, cipher suites in GnuTLS
switched back to default (NORMAL) without RHE_DSA
 2016-01-05 09:49:49 +01:00
Georg Richter
b5cf443681 Windows fixes for remote_io plugin 2016-01-04 10:02:10 +01:00