From 2544aa7b9fa21a3fd6fd09a9fbaeee399d4c663d Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 6 Feb 2007 16:28:36 +0100 Subject: [PATCH] Bug#25988 openssl_1 Test Case Fails - Small difference in output from 'X509_NAME_Oneline' between OpenSSL and yaSSL. OpenSSL uses an extension that allow's the email adress of the cert holder. - Imported patch for yaSSL "add email to DN output" extra/yassl/taocrypt/src/asn.cpp: Import patch yassl.diff mysql-test/r/openssl_1.result: Update result file mysql-test/t/openssl_1.test: Update test to include "emailAddress=" tag in the required SUBJECT for grant. --- extra/yassl/taocrypt/src/asn.cpp | 14 +++++++++++++- mysql-test/r/openssl_1.result | 4 ++-- mysql-test/t/openssl_1.test | 4 ++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index 2994b906e76..a06ab658c7b 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -732,9 +732,21 @@ void CertDecoder::GetName(NameType nt) source_.advance(strLen); } else { - // skip + bool email = false; + if (joint[0] == 0x2a && joint[1] == 0x86) // email id hdr + email = true; + source_.advance(oidSz + 1); word32 length = GetLength(source_); + + if (email) { + memcpy(&ptr[idx], "/emailAddress=", 14); + idx += 14; + + memcpy(&ptr[idx], source_.get_current(), length); + idx += length; + } + source_.advance(length); } } diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 914fe25119f..34d8e3ab768 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -3,8 +3,8 @@ create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges; connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET); diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 49f8fc4d7d4..3d614514de3 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -10,8 +10,8 @@ insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB"; grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx"; flush privileges;