Send the proxy header and handshake response in a single write.
If the client uses two separate send() calls, the server's error message
"Proxy header not accepted from host" may be lost. This occurs because
the server sends a TCP RST (reset) instead of a FIN if it closes the socket
while the client is still sending data.
As a result, the client may receive ECONNRESET or EPIPE, without seeing
the actual error from the server.
Fixed different behavior of pvio_is_alive (which was first used
with fix of CONC-589). Both for sockets and named pipe the function
now returns true if the connection is alive, otherwise false.
The MySQL protocol documentation as well as the comments in code state
that the compression level is stored in one byte. The code, however,
used four bytes.
With normal client, statically linked plugin with be used
The DLL is for the obscure in-server client, which we never got rid off.
That client is used with mariabackup, replication, and some storage engines,
e.g connect and federated.
Fixes warnings like:
```
unittest/libmariadb/bulk1.c: In function ‘bulk1’:
unittest/libmariadb/bulk1.c:77:43: error: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
77 | lengths= (unsigned long *)calloc(sizeof(long), TEST_ARRAY_SIZE);
| ^~~~
unittest/libmariadb/bulk1.c:77:43: note: earlier argument should specify number of elements, later size of each element
unittest/libmariadb/bulk1.c:78:39: error: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argu
ment and not in the later argument [-Werror=calloc-transposed-args]
78 | vals= (unsigned int *)calloc(sizeof(int), TEST_ARRAY_SIZE);
| ^~~
```
The calloc prototype is:
```
void *calloc(size_t nmemb, size_t size);
```
So, just swap the number of members and size arguments to match the
prototype, as we're initialising N struct of size Y. GCC then sees we're not
doing anything wrong.
Signed-off-by: Sam James <sam@gentoo.org>
See https://pubs.opengroup.org/onlinepubs/7908799/xsh/poll.h.html, or the other files in this project referencing `poll.h`:
```console
% grep -r 'poll.h'
libmariadb/ma_net.c:#include <poll.h>
libmariadb/mariadb_lib.c:#include <poll.h>
plugins/pvio/pvio_socket.c:#include <sys/poll.h>
unittest/libmariadb/async.c:#include <poll.h>
```
This reverts 395641549ac7..536d9e2b9e5b, in particular:
8dffd56936 MDEV-31857 enable MYSQL_OPT_SSL_VERIFY_SERVER_CERT by default
a99570c118 MDEV-31855 SSL cert validation protocol extension
9aa15e72a7 TLS fingerprint
and related commits
because the default value of every option is 0
(option and option.extension are bzero-ed to reset),
tls_verify_server_cert was renamed to tls_allow_invalid_server_cert
with the default value of 0, "do not allow".
API didn't change, it's still MYSQL_OPT_SSL_VERIFY_SERVER_CERT
* extend the client auth plugin API with a new callback
* relax the plugin version check to allow load a plugin with the
same major version, even if the minor versions differ
* implement the protocol extension:
- don't abort at once if the certificate is self signed and
no CA was explicitly specified
- allow it if it passes fingerprint check
- allow it if plugin has hash_password_bin callback, password was
non-empty and the control hash matches server's
Client programs can use pipe handle via mysql_get_socket().
They also might want to use IO completion ports with this handle.
Prevent IOCP notifications to be sent to completion port, for internal
read and write with timeout.
CryptOpenAlgorithmProvider() documentation states:
"We recommend that you cache any algorithm provider handles that you will
use more than once, rather than opening and closing the algorithm providers
over and over."
This patch implements algorithm handle caching,
and also simplifies how hashes are handled in win_crypt.c
- MA_HASH_CTX* is now just BCrypt hash handle.
- We no longer allocate or free memory any memory outselves.
There are small change in the ma_hash API:
ma_hash_new() lost the second parameter, only used on Windows previously
Since the server certification option is used by client
only, there is no need to have this flag in server and or
client capabilities. The server itself validates client
certificate depending on the user definition.
Since the server doesn't support secure connections for
shared memory and named pipe connections but indicates
this capability by setting the CLIENT_SSL flag, we unset
this flag in case the connection uses shared memory
or named pipe.
This reverts commit 62c546c623, reversing
changes made to 29a8156193.
This PR needs to be reverted since it throws a warning and doesn't build
the Kerberos/GSSAPI plugin at all.
CMake Warning:
By not providing "FindGSSAPI.cmake" in CMAKE_MODULE_PATH this project has
asked CMake to find a package configuration file provided by "GSSAPI", but
CMake did not find one.
When including it, CMAKE_DISABLE_FIND_PACKAGE doesn't have the desired
effect. This can cause a CMake error when building mariadb:
"CMake Error at libmariadb/plugins/auth/CMakeLists.txt:123 (SET_TARGET_PROPERTIES):
SET_TARGET_PROPERTIES Can not find target to add properties to:
auth_gssapi_client"
krb5-config (used by FindGSSAPI) returns `-lkrb5 -lk5crypto -lcom_err`
but only libkrb5 is actually used by the plugin. The other two result
in unneeded dependencies unless they're tagged optional when linked
with --as-needed.
Some distributions use --as-needed automatically, which causes our
builds to differ from srpm builds, introducing failures in buildbot.
krb5-config (used by FindGSSAPI) returns `-lkrb5 -lk5crypto -lcom_err`
but only libkrb5 is actually used by the plugin. The other two result
in unneeded dependencies unless they're tagged optional when linked
with --as-needed.
Some distributions use --as-needed automatically, which causes our
builds to differ from srpm builds, introducing failures in buildbot.
