database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Changed version number from RC to stable

Browse Source 
Fixed bug in Yassle to get correct error messages in case of errors
Provide better error messages in case of ssl connect failure
Updated out-of-date ssl certificates to fix failing mysql-test-system (certificates now active for 10 years)
Fixed bug in query_cache that could cause asserts and hangs in DEBUG builds.
Fixed bug where one connection did not see changes done by another connection.

configure.in:
  Changed version number from RC to stable
extra/yassl/src/yassl_error.cpp:
  Fixed bug in Yassle to get correct error messages in case of errors
  - 'error' is an enum that hold more error numbers than the enum was defined for
include/violite.h:
  Added error output string for sslaccept() and sslconnect() to get reason for connect failure
mysql-test/mysql-test-run.pl:
  Write failed test cases if mysql-test-run fails because of too many errors
mysql-test/r/grant.result:
  Update results to reflect new certificates
mysql-test/r/openssl_1.result:
  Update results to reflect new certificates
mysql-test/std_data/cacert.pem:
  Update ssl certificate
mysql-test/std_data/client-cert.pem:
  Update ssl certificate
mysql-test/std_data/client-key.pem:
  Update ssl certificate
mysql-test/std_data/server-cert.pem:
  Update ssl certificate
mysql-test/std_data/server-key.pem:
  Update ssl certificate
mysql-test/t/grant.test:
  Update test to reflect new certificates
mysql-test/t/openssl_1.test:
  Update test to reflect new certificates
mysql-test/t/query_cache_debug.test:
  Remove 'big_test' as test is now fast
sql-common/client.c:
  Give a better error message if ssl connect fails
sql/net_serv.cc:
  Fixed compiler warnings
sql/slave.cc:
  Give a better error message in logs if ssl connect fails
sql/sql_cache.cc:
  debug_wait_for_kill() now removes the set watch variable after kill signal
  This is needed as invalidate_table() may be called twice for one query.
  Ensure that net->query_cache_query is reset after query. This fixes assert in
  query_cache_end_of_result() if query_cache_query holds results from previous query.
  Removed DBUG_ASSERT(0), as this code can be run by query_cache_debug.test
sql/sql_connect.cc:
  Give a better error message if ssl connect fails
sql/sql_parse.cc:
  Fixed bug where one connection did not see changes done by another connection.
  For statements that changes tables, close_thread_tables() MUST be called before
  sending OK as a table handler may not make the changes available for other connections
  before unlock_tables().
vio/viossl.c:
  Give a better error message if ssl connect fails
This commit is contained in:
Michael Widenius
2010-01-29 12:42:31 +02:00
parent a041747567 89b1bb0be8
commit 4847e50ddb
21 changed files with 221 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.in
View File

@ -10,7 +10,7 @@ AC_CANONICAL_SYSTEM
#
# When changing major version number please also check switch statement
# in mysqlbinlog::check_master_version().
AM_INIT_AUTOMAKE(mysql, 5.1.42-MariaDB-rc)
AM_INIT_AUTOMAKE(mysql, 5.1.42-MariaDB)
AM_CONFIG_HEADER([include/config.h:config.h.in])
# Request support for automake silent-rules if available.

2
extra/yassl/src/yassl_error.cpp
View File

@ -60,7 +60,7 @@ void SetErrorString(YasslError error, char* buffer)
using namespace TaoCrypt;
const int max = MAX_ERROR_SZ; // shorthand
switch (error) {
switch ((int) error) {
// yaSSL proper errors
case range_error :

4
include/violite.h
View File

@ -123,8 +123,8 @@ struct st_VioSSLFd
SSL_CTX *ssl_context;
};
int sslaccept(struct st_VioSSLFd*, Vio *, long timeout);
int sslconnect(struct st_VioSSLFd*, Vio *, long timeout);
int sslaccept(struct st_VioSSLFd*, Vio *, long timeout, char *error_string);
int sslconnect(struct st_VioSSLFd*, Vio *, long timeout, char *error_string);
struct st_VioSSLFd
*new_VioSSLConnectorFd(const char *key_file, const char *cert_file,

5
mysql-test/mysql-test-run.pl
View File

@ -413,7 +413,6 @@ sub main {
# Not all tests completed, failure
mtr_report();
mtr_report("Only ", int(@$completed), " of $num_tests completed.");
mtr_error("Not all tests completed");
}
mtr_print_line();
@ -425,6 +424,10 @@ sub main {
mtr_report_stats($fail, $completed, $extra_warnings);
if ( @$completed != $num_tests)
{
mtr_error("Not all tests completed");
}
exit(0);
}

6
mysql-test/r/grant.result
View File

@ -29,15 +29,15 @@ show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "MySQL AB";
grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "Monty Program Ab";
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'Monty Program Ab' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'MySQL AB' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE ISSUER 'Monty Program Ab' SUBJECT 'testsubject' CIPHER 'EDH-RSA-DES-CBC3-SHA'
delete from mysql.user where user='mysqltest_1';
flush privileges;
delete from mysql.user where user='mysqltest_1';

12
mysql-test/r/openssl_1.result
View File

@ -3,8 +3,10 @@ create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user3@localhost require cipher
"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
grant select on test.* to ssl_user4@localhost require cipher
"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org" ISSUER "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
@ -44,9 +46,9 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1
drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
drop table t1;
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL error: ASN: bad other signature confirmation
mysqltest: Could not open connection 'default': 2026 SSL error: ASN: bad other signature confirmation
mysqltest: Could not open connection 'default': 2026 SSL error: ASN: bad other signature confirmation
SSL error: Unable to get private key from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error
SSL error: Unable to get certificate from ''

32
mysql-test/std_data/cacert.pem
View File

@ -1,17 +1,19 @@
-----BEGIN CERTIFICATE-----
MIICrTCCAhagAwIBAgIJAJXpePU0UOTVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
VQQKEwhNeVNRTCBBQjAeFw0wOTAxMjgxMDQ5NDZaFw0xNDAxMjcxMDQ5NDZaMEQx
CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
4XQHAe5R1+TXC8noZtWf+d5E0v1C59FWpn9SWEUCBjE5UiIwuJvi4Y+7xWGOXLAI
/JzJx5gNXLBiTsE/zh0uX9fKlajLhxB0GN+QU0ZlpQ1BeYipEcNXeI/7cT499f6v
XWabnTflivdCgHSWUOQ20/Lzs6kP6/e6OoZd/DPSjPECAwEAAaOBpjCBozAdBgNV
HQ4EFgQU8uLqVWWkmuKsnZf1RWz294wRrd8wdAYDVR0jBG0wa4AU8uLqVWWkmuKs
nZf1RWz294wRrd+hSKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxh
MRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAJXpePU0UOTV
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMMTE5sDN+Z0ZlV7KvH3g
6+aKvql8dTpRT3hYukeQlWua0nq74WPGVw0c4e/M/vbiMwmJcCYpB9pd4+dHqzSw
aPyoenjY6UF8n7B4quWy3SIUk2LSHeJLW+kzJn2afN9gvipFhdVh/uU2TIyLGOur
Z/vmJX2W7hF1uqPnbfa8Lrw=
MIIDIjCCAougAwIBAgIJAJhuvLP+2mGwMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV
BAYTAkZJMRAwDgYDVQQIEwdUdXVzdWxhMRkwFwYDVQQKExBNb250eSBQcm9ncmFt
IEFiMS4wLAYJKoZIhvcNAQkBFh9hYnN0cmFjdC5kZXZlbG9wZXJAYXNrbW9udHku
b3JnMB4XDTEwMDEyODIxNTcyNVoXDTEwMDIyNzIxNTcyNVowajELMAkGA1UEBhMC
RkkxEDAOBgNVBAgTB1R1dXN1bGExGTAXBgNVBAoTEE1vbnR5IFByb2dyYW0gQWIx
LjAsBgkqhkiG9w0BCQEWH2Fic3RyYWN0LmRldmVsb3BlckBhc2ttb250eS5vcmcw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIaY4pwbst50S32xJH3bSXhPGep
6gx1AWwZKsHTXL3VeMO6PHmC8zu5HM0zbOcrIJcXL3YVnpmE4b9OQxIiMSx1Yd+U
u8/sTkxgpsEKhCbIzECIwPhppyT/JP5aSXCadEvg+PSjikv8dOVkD68wVG4CcFIX
MFttsPebBVzEokZZAgMBAAGjgc8wgcwwHQYDVR0OBBYEFOCKaNHFFPrju8AwzWxS
f96IKfRwMIGcBgNVHSMEgZQwgZGAFOCKaNHFFPrju8AwzWxSf96IKfRwoW6kbDBq
MQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVHV1c3VsYTEZMBcGA1UEChMQTW9udHkg
UHJvZ3JhbSBBYjEuMCwGCSqGSIb3DQEJARYfYWJzdHJhY3QuZGV2ZWxvcGVyQGFz
a21vbnR5Lm9yZ4IJAJhuvLP+2mGwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAsmCX2/k9AInq2qhXtnkLip6cB0iOerLTNAzEijZc/aVf4wUjkL3cqhmC
kSTCwAHIOxp+ICwh6ky3xghXjoI9QnPFDVkRkzPT2tV0IoBaeQuI4e0CU2EY7L3P
XoDqp3oq1XtVcr9ZZdP68fBYUG/qcrWcXWk45ZFaBmBv3TotsGk=
-----END CERTIFICATE-----

81
mysql-test/std_data/client-cert.pem
View File

@ -1,55 +1,60 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
Issuer: C=FI, ST=Tuusula, O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org
Validity
Not Before: Jan 28 11:04:39 2009 GMT
Not After : Jan 28 11:04:39 2010 GMT
Subject: C=SE, ST=Uppsala, O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com
Not Before: Jan 28 22:01:38 2010 GMT
Not After : Dec 7 22:01:38 2019 GMT
Subject: C=FI, ST=Tuusula, O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:e1:52:30:2c:d9:be:64:28:91:5d:7a:fd:d9:e9:
14:35:7a:d2:94:4e:91:46:e0:db:9f:6b:79:f4:4c:
ac:6e:07:61:34:86:74:62:a7:a8:44:af:fa:87:87:
a8:7d:42:61:ff:ab:50:d4:7b:bf:75:fa:d5:d5:b3:
74:fb:56:1e:37
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bd:dc:3d:f8:3c:0b:d4:d2:c0:a3:9c:34:2d:e7:
11:ff:4d:43:35:17:f6:0d:91:01:92:9e:4f:4d:c0:
38:d5:62:03:55:33:db:66:a2:91:d3:f2:b6:23:34:
95:53:50:3d:4f:e3:0c:d7:76:fd:f6:54:64:e6:f6:
dc:70:74:7c:6b:74:41:59:b0:19:5d:62:90:3c:a7:
c8:5e:21:8f:2b:22:6b:c7:43:9b:be:79:84:60:da:
16:c9:ce:ee:fd:66:cb:54:81:e2:b5:1c:cf:f9:74:
de:38:2b:28:d4:31:33:55:d2:30:1c:a3:e4:c2:c7:
31:46:43:d5:33:3d:8a:0b:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
58:30:B5:9B:2C:05:94:06:BA:3D:3C:F0:B2:CD:1D:67:65:E3:7F:85
BE:E6:DB:19:8D:DB:72:9A:85:EE:B2:B8:5D:E7:FF:61:DF:09:08:AF
X509v3 Authority Key Identifier:
keyid:F2:E2:EA:55:65:A4:9A:E2:AC:9D:97:F5:45:6C:F6:F7:8C:11:AD:DF
DirName:/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB
serial:95:E9:78:F5:34:50:E4:D5
keyid:E0:8A:68:D1:C5:14:FA:E3:BB:C0:30:CD:6C:52:7F:DE:88:29:F4:70
Signature Algorithm: sha1WithRSAEncryption
05:19:e3:13:14:fc:c5:28:bf:69:f8:00:b3:25:cb:bd:ca:9f:
2f:4c:b3:a8:04:11:f0:74:27:bd:82:2c:b4:49:9b:a7:59:f0:
f7:87:d1:e0:ba:99:a2:fe:4b:1d:10:6f:e4:a2:b3:cd:7f:8b:
68:31:46:ee:cd:9e:e2:47:e1:4c:fa:74:d1:e2:8b:cc:a0:4b:
a8:24:d1:a4:c3:6b:2a:c6:28:cd:41:e0:06:48:e6:cf:f2:3c:
ca:37:95:d7:29:64:6b:91:91:83:e7:ac:c8:0b:87:bc:da:a6:
aa:f1:44:43:c8:74:7b:15:26:91:2e:03:c4:71:50:6c:f8:68:
dc:8c
41:95:6d:0a:a4:ee:af:68:cd:94:26:59:9a:18:b7:75:3c:c5:
0f:22:d3:5c:31:9b:85:a0:93:b3:f0:50:29:ba:1e:d3:5a:43:
0b:77:2d:98:87:a7:a7:39:0f:40:8d:03:d3:b3:67:43:77:bc:
3c:51:c2:f9:9e:7a:2d:39:c4:5c:16:d7:70:d6:74:d1:6c:e1:
6a:4d:fd:1f:10:af:64:3b:f4:64:e9:b2:b3:fb:c8:cd:c5:41:
cd:99:e0:ac:83:1d:81:2c:6b:99:ba:80:02:12:72:f7:3b:bb:
93:72:00:da:ff:d3:87:75:d2:3a:a4:ca:4d:c1:8b:c1:21:50:
cb:57
-----BEGIN CERTIFICATE-----
MIICfzCCAeigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJTRTEQ
MA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlT
UUwgQUIwHhcNMDkwMTI4MTEwNDM5WhcNMTAwMTI4MTEwNDM5WjBlMQswCQYDVQQG
EwJTRTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxMTAvBgkq
hkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEA4VIwLNm+ZCiRXXr92ekUNXrSlE6RRuDbn2t5
9EysbgdhNIZ0YqeoRK/6h4eofUJh/6tQ1Hu/dfrV1bN0+1YeNwIDAQABo4GjMIGg
MAkGA1UdEwQCMAAwHQYDVR0OBBYEFFgwtZssBZQGuj088LLNHWdl43+FMHQGA1Ud
IwRtMGuAFPLi6lVlpJrirJ2X9UVs9veMEa3foUikRjBEMQswCQYDVQQGEwJTRTEQ
MA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlT
UUwgQUKCCQCV6Xj1NFDk1TANBgkqhkiG9w0BAQUFAAOBgQAFGeMTFPzFKL9p+ACz
Jcu9yp8vTLOoBBHwdCe9giy0SZunWfD3h9Hgupmi/ksdEG/korPNf4toMUbuzZ7i
R+FM+nTR4ovMoEuoJNGkw2sqxijNQeAGSObP8jzKN5XXKWRrkZGD56zIC4e82qaq
8URDyHR7FSaRLgPEcVBs+GjcjA==
MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVHV1c3VsYTEZMBcGA1UEChMQTW9udHkgUHJvZ3JhbSBBYjEuMCwG
CSqGSIb3DQEJARYfYWJzdHJhY3QuZGV2ZWxvcGVyQGFza21vbnR5Lm9yZzAeFw0x
MDAxMjgyMjAxMzhaFw0xOTEyMDcyMjAxMzhaMGoxCzAJBgNVBAYTAkZJMRAwDgYD
VQQIEwdUdXVzdWxhMRkwFwYDVQQKExBNb250eSBQcm9ncmFtIEFiMS4wLAYJKoZI
hvcNAQkBFh9hYnN0cmFjdC5kZXZlbG9wZXJAYXNrbW9udHkub3JnMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQC93D34PAvU0sCjnDQt5xH/TUM1F/YNkQGSnk9N
wDjVYgNVM9tmopHT8rYjNJVTUD1P4wzXdv32VGTm9txwdHxrdEFZsBldYpA8p8he
IY8rImvHQ5u+eYRg2hbJzu79ZstUgeK1HM/5dN44KyjUMTNV0jAco+TCxzFGQ9Uz
PYoLRwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvubbGY3bcpqF7rK4Xef/
Yd8JCK8wHwYDVR0jBBgwFoAU4Ipo0cUU+uO7wDDNbFJ/3ogp9HAwDQYJKoZIhvcN
AQEFBQADgYEAQZVtCqTur2jNlCZZmhi3dTzFDyLTXDGbhaCTs/BQKboe01pDC3ct
mIenpzkPQI0D07NnQ3e8PFHC+Z56LTnEXBbXcNZ00Wzhak39HxCvZDv0ZOmys/vI
zcVBzZngrIMdgSxrmbqAAhJy9zu7k3IA2v/Th3XSOqTKTcGLwSFQy1c=
-----END CERTIFICATE-----

20
mysql-test/std_data/client-key.pem
View File

@ -1,9 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAOFSMCzZvmQokV16/dnpFDV60pROkUbg259refRMrG4HYTSGdGKn
qESv+oeHqH1CYf+rUNR7v3X61dWzdPtWHjcCAwEAAQJAXYooM8ZlcuEgj+VKU1ee
qyEFIMqJJxqcMk+E/nWCM96WxCP3zHNSrqNfSpI3ld7QzMwhdRz+gFLxT2gGNpIw
MQIhAPxzM/lDihe67X3ADYtDl9ZjA8Pm430x9sXlcxI17tCZAiEA5H1SyFl4mUee
9VnfSC2XGW7lwz72ZygfVX+b7tLWF08CIEh40gzW5MfXM+KLxdea+fXjyursV5ZT
R6KcMiKiNQLRAiAcmHqlzFzFgisotai2Fc6VRkXHG7gmzOSvBJt1VjmpDQIge6jf
2N7whTdvC4ferB+zUlgWQdyvx1c3T4gnt6PYdaY=
MIICXgIBAAKBgQC93D34PAvU0sCjnDQt5xH/TUM1F/YNkQGSnk9NwDjVYgNVM9tm
opHT8rYjNJVTUD1P4wzXdv32VGTm9txwdHxrdEFZsBldYpA8p8heIY8rImvHQ5u+
eYRg2hbJzu79ZstUgeK1HM/5dN44KyjUMTNV0jAco+TCxzFGQ9UzPYoLRwIDAQAB
AoGBAJa2lprPT7UJ99Ho1aL6ota/RnKHKtNqII17DgjyZis9OtgP6kJ3GrvdF6iq
vT79my4nVrJTyxYXuGF/5U1/qqNjuPPBE1Xbu1ubQlFv8CT0kKYynQ7Z3ls8fAHC
B3VJXnUVlG+GHtUEFFG4FQVX1fn/Sga67ioJ6ivAiBlHKaPBAkEA5f2ToWlj4u9O
KgfRkN54wdIp4yu2c40pbhMfKGjGGsBAHk92+qSBpzEmxLcI6Ay+4/QysSR4jYmK
jCJuxiTu1QJBANNU3Hx8Il2SF/2BqGLcIh2SHxzKQIT5wAyD2jb+P2cHvbk6pKGR
VTmw5bibxXmYMS6J/L2zUF2xtFe+Svwz96sCQEnKYSqBqOWvyBFeLtPfPTlal8vm
Q4SxfuBtTCrn6t+8XRYcgt0KGPsunvSwkS/6nuh+eiExxWgMACLUDVyPjv0CQQC4
sJJc7LOv6Oy0bWr2swHRrBEqvQsz63zOszCzHPHWHirNxZV5aiT8XT/2XZRwlvRs
gsVyGFLk/1fn0vN/g/8vAkEAxUdzUKvC1ZwjzGhgcz2bQU0tEZN4C9jBCiwOI2ud
BpAsPG0xAGGL2+hz0B0n88XiTHobiTZ1bg4Z41i4pXx2ZA==
-----END RSA PRIVATE KEY-----

80
mysql-test/std_data/server-cert.pem
View File

@ -3,53 +3,59 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
Issuer: C=FI, ST=Tuusula, O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org
Validity
Not Before: Jan 28 10:55:13 2009 GMT
Not After : Jan 28 10:55:13 2010 GMT
Subject: C=SE, ST=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com
Not Before: Jan 28 21:59:14 2010 GMT
Not After : Dec 7 21:59:14 2019 GMT
Subject: C=FI, ST=Tuusula, O=Monty Program Ab, CN=localhost/emailAddress=abstract.developer@askmonty.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:b6:8f:e5:b7:b4:86:83:13:8a:f9:bf:63:cb:64:
2d:b9:51:d1:de:ab:7b:45:1f:aa:b5:66:73:13:f9:
a6:07:d5:ba:7c:fa:92:bd:37:e2:ad:87:db:3e:b6:
6a:12:64:f8:ee:17:e3:15:06:2f:a8:82:68:bf:57:
8d:c3:04:98:27
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cc:79:74:2a:14:7e:77:06:b0:ec:1b:b6:da:70:
4c:4f:0e:94:04:8a:e7:69:f4:4c:9c:67:22:41:56:
3a:96:53:9e:95:9d:17:55:80:41:c0:13:d6:94:0f:
cd:2c:51:fe:a4:6e:f2:74:d8:5d:3b:3a:80:e3:85:
5b:a5:bc:7d:5c:25:55:e5:40:77:fe:f3:cb:5b:cd:
da:a5:f4:36:64:30:a2:a0:7f:93:b3:c4:56:75:2a:
c0:f7:65:2a:d7:e6:ff:88:25:03:e0:b4:40:2e:74:
4c:cb:46:95:73:cb:25:5c:87:0e:ec:0f:5a:19:c2:
b6:dc:9e:e8:f0:30:b1:9c:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D9:9A:B8:5F:22:EA:04:10:C8:25:7D:82:57:E6:2E:FD:19:29:E7:DA
6D:13:3B:40:52:3C:AF:18:EA:33:D1:B7:56:21:1B:05:FE:0B:9E:38
X509v3 Authority Key Identifier:
keyid:F2:E2:EA:55:65:A4:9A:E2:AC:9D:97:F5:45:6C:F6:F7:8C:11:AD:DF
DirName:/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB
serial:95:E9:78:F5:34:50:E4:D5
keyid:E0:8A:68:D1:C5:14:FA:E3:BB:C0:30:CD:6C:52:7F:DE:88:29:F4:70
Signature Algorithm: sha1WithRSAEncryption
54:07:2d:21:0b:a5:af:3b:58:23:32:5e:56:7f:ab:58:63:48:
91:aa:38:90:89:16:f9:cc:bf:a4:0e:78:2b:9f:c5:1b:58:a6:
e6:08:8f:2e:ae:97:03:21:9b:f1:cd:c0:26:8f:1d:d7:28:27:
a0:8e:81:09:1b:1c:0f:c9:a5:41:3a:2d:44:3f:9c:fa:87:ff:
c8:4c:2b:44:f7:1b:c1:3e:4f:01:7f:e9:26:cc:9f:1c:06:b5:
0b:27:d1:10:90:be:93:0c:9c:e7:b0:d1:ea:27:99:4e:06:14:
0c:7a:e9:c1:52:c5:33:68:bc:61:0d:db:81:3b:57:48:57:bf:
42:9a
97:db:65:23:7f:f1:15:3c:1e:83:ac:0e:0a:50:a0:0c:22:b8:
45:d4:ca:21:05:47:3b:3d:03:b5:6c:4b:8d:bb:5f:57:c3:c7:
4e:71:23:cf:33:a3:7f:a0:3d:bd:58:75:b8:37:22:16:2f:e9:
ed:ae:9b:94:29:81:6e:34:79:cf:41:bd:3d:8d:17:d7:22:1c:
1b:58:c7:0f:79:13:56:1d:e8:d8:4e:e5:07:3f:79:1b:dd:c4:
06:9b:c5:b6:02:34:43:c5:bf:e5:87:ad:f1:c1:8a:f2:be:c2:
00:1d:d4:27:1f:87:c8:80:31:ec:6e:97:95:b4:84:40:d1:73:
42:71
-----BEGIN CERTIFICATE-----
MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJTRTEQ
MA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlT
UUwgQUIwHhcNMDkwMTI4MTA1NTEzWhcNMTAwMTI4MTA1NTEzWjB5MQswCQYDVQQG
EwJTRTEQMA4GA1UECBMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxEjAQBgNV
BAMTCWxvY2FsaG9zdDExMC8GCSqGSIb3DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2
ZWxvcGVyQG15c3FsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC2j+W3tIaD
E4r5v2PLZC25UdHeq3tFH6q1ZnMT+aYH1bp8+pK9N+Kth9s+tmoSZPjuF+MVBi+o
gmi/V43DBJgnAgMBAAGjgaMwgaAwCQYDVR0TBAIwADAdBgNVHQ4EFgQU2Zq4XyLq
BBDIJX2CV+Yu/Rkp59owdAYDVR0jBG0wa4AU8uLqVWWkmuKsnZf1RWz294wRrd+h
SKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdV
cHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAJXpePU0UOTVMA0GCSqGSIb3DQEB
BQUAA4GBAFQHLSELpa87WCMyXlZ/q1hjSJGqOJCJFvnMv6QOeCufxRtYpuYIjy6u
lwMhm/HNwCaPHdcoJ6COgQkbHA/JpUE6LUQ/nPqH/8hMK0T3G8E+TwF/6SbMnxwG
tQsn0RCQvpMMnOew0eonmU4GFAx66cFSxTNovGEN24E7V0hXv0Ka
MIIC2TCCAkKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJGSTEQ
MA4GA1UECBMHVHV1c3VsYTEZMBcGA1UEChMQTW9udHkgUHJvZ3JhbSBBYjEuMCwG
CSqGSIb3DQEJARYfYWJzdHJhY3QuZGV2ZWxvcGVyQGFza21vbnR5Lm9yZzAeFw0x
MDAxMjgyMTU5MTRaFw0xOTEyMDcyMTU5MTRaMH4xCzAJBgNVBAYTAkZJMRAwDgYD
VQQIEwdUdXVzdWxhMRkwFwYDVQQKExBNb250eSBQcm9ncmFtIEFiMRIwEAYDVQQD
Ewlsb2NhbGhvc3QxLjAsBgkqhkiG9w0BCQEWH2Fic3RyYWN0LmRldmVsb3BlckBh
c2ttb250eS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMx5dCoUfncG
sOwbttpwTE8OlASK52n0TJxnIkFWOpZTnpWdF1WAQcAT1pQPzSxR/qRu8nTYXTs6
gOOFW6W8fVwlVeVAd/7zy1vN2qX0NmQwoqB/k7PEVnUqwPdlKtfm/4glA+C0QC50
TMtGlXPLJVyHDuwPWhnCttye6PAwsZyZAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBRtEztAUjyvGOoz0bdWIRsF/gueODAfBgNVHSMEGDAWgBTgimjRxRT647vA
MM1sUn/eiCn0cDANBgkqhkiG9w0BAQUFAAOBgQCX22Ujf/EVPB6DrA4KUKAMIrhF
1MohBUc7PQO1bEuNu19Xw8dOcSPPM6N/oD29WHW4NyIWL+ntrpuUKYFuNHnPQb09
jRfXIhwbWMcPeRNWHejYTuUHP3kb3cQGm8W2AjRDxb/lh63xwYryvsIAHdQnH4fI
gDHsbpeVtIRA0XNCcQ==
-----END CERTIFICATE-----

20
mysql-test/std_data/server-key.pem
View File

@ -1,9 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBALaP5be0hoMTivm/Y8tkLblR0d6re0UfqrVmcxP5pgfVunz6kr03
4q2H2z62ahJk+O4X4xUGL6iCaL9XjcMEmCcCAwEAAQJASA5VwgNb0CKHiPm0ntOk
hG+54SRX3DmafEy6gRjZIl/bZ/asSLhXUZ+CeohyrQh7BZgYWvykd8pRISL9eKsU
GQIhAOXkUrOtP/EtjyqNluEqZdG+RZi/7p61JS3Ce13Myu+LAiEAy0uMlV34AJpM
b40FPKqlHxw8DD/Dt1iKhNVAg8+LDVUCIFjv7fbJDbW2VG63/Cj8CAwOukoP5rbL
iaicVrHBKrllAiB9+MiaXeopZXNrxDS0jQFYr8Q9yt1aJVFgUkxx4Q9HKQIgZPs0
KlF3NNNWw78INaAEkyf0IEssnLMsuoCWw0DIOak=
MIICXgIBAAKBgQDMeXQqFH53BrDsG7bacExPDpQEiudp9EycZyJBVjqWU56VnRdV
gEHAE9aUD80sUf6kbvJ02F07OoDjhVulvH1cJVXlQHf+88tbzdql9DZkMKKgf5Oz
xFZ1KsD3ZSrX5v+IJQPgtEAudEzLRpVzyyVchw7sD1oZwrbcnujwMLGcmQIDAQAB
AoGBAMdMYkNZsmJFbVDVOobzCg3Mgc1jrmeBrOKNS8AvUe+QFXRyp3m5B102eOHb
/PmD+hU/5qao9UZzoYkiRM/oRq45jrqJEYwWrX007bKK0F9hnErtC1ImM1nBFVhx
6+6cr+ShUkvtj8+wJ2d5bIccUzGCUfFR5tb5BnePTXK8IVoBAkEA7WGNxHAVKgjS
AzlpHr5fvpivA07hNVJizTwZdWGGYeETilZhkkuMRwREceeohF6ILMf0FTZdFSa/
8EeLa3icIQJBANyDKFjynKwWy5pyRSz75mVwrEi+4eTQPsCPNWLkbpbEPwqPLYWJ
2VSFkISXF7b7Od48JkQWgiB8/kXqMDEdsXkCQQCzZvj3ryWvoP7nhOoXXBWMPGR4
gZLe86bMKVGsTsp7CtnzwRj4sbQQr/7yfvvzHmaYQX4M0gtDQwfolomd7YdBAkEA
y24ETuqjNu9grf81aiaJipPDnOjcJOcovSRgr/blPxmUvv0Pld5yLNN7W5a4PgrO
fAMpmi7ZpXcqbP17sBQgoQJAWTDFKAmfHPVdDGZuCw4yceP5d+Tv7ABglZUvpPKx
kAvGN1WBASUuCQJDOIgzl6gvYX07S5p147i9mv7UBWOpvw==
-----END RSA PRIVATE KEY-----

2
mysql-test/t/grant.test
View File

@ -35,7 +35,7 @@ revoke delete on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
grant select on mysqltest.* to mysqltest_1@localhost require NONE;
show grants for mysqltest_1@localhost;
grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "MySQL AB";
grant USAGE on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA" AND SUBJECT "testsubject" ISSUER "Monty Program Ab";
show grants for mysqltest_1@localhost;
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;

6
mysql-test/t/openssl_1.test
View File

@ -15,8 +15,10 @@ insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user3@localhost require cipher
"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
grant select on test.* to ssl_user4@localhost require cipher
"DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org" ISSUER "/C=FI/ST=Tuusula/O=Monty Program Ab/emailAddress=abstract.developer@askmonty.org";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;

1
mysql-test/t/query_cache_debug.test
View File

@ -1,5 +1,4 @@
--source include/not_embedded.inc
--source include/big_test.inc
--source include/have_query_cache.inc
--source include/have_debug.inc

10
sql-common/client.c
View File

@ -1863,6 +1863,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
uint port, const char *unix_socket,ulong client_flag)
{
char buff[NAME_LEN+USERNAME_LENGTH+100];
char error_string[1024];
char *end,*host_info= NULL;
my_socket sock;
in_addr_t ip_addr;
@ -2331,9 +2332,14 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
/* Connect to the server */
DBUG_PRINT("info", ("IO layer change in progress..."));
if (sslconnect(ssl_fd, mysql->net.vio,
(long) (mysql->options.connect_timeout)))
(long) (mysql->options.connect_timeout),
error_string))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR,
unknown_sqlstate,
"SSL error: %s",
error_string[0] ? error_string :
ER(CR_SSL_CONNECTION_ERROR));
goto error;
}
DBUG_PRINT("info", ("IO layer change done!"));

4
sql/net_serv.cc
View File

@ -219,7 +219,7 @@ my_bool net_realloc(NET *net, size_t length)
-1 Don't know if data is ready or not
*/
#if !defined(EMBEDDED_LIBRARY)
#if !defined(EMBEDDED_LIBRARY) && defined(DBUG_OFF)
static int net_data_is_ready(my_socket sd)
{
@ -280,7 +280,7 @@ static int net_data_is_ready(my_socket sd)
void net_clear(NET *net, my_bool clear_buffer)
{
#if !defined(EMBEDDED_LIBRARY)
#if !defined(EMBEDDED_LIBRARY) && defined(DBUG_OFF)
size_t count;
int ready;
#endif

5
sql/slave.cc
View File

@ -3803,10 +3803,11 @@ static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi,
suppress_warnings= 0;
mi->report(ERROR_LEVEL, last_errno,
"error %s to master '%s@%s:%d'"
" - retry-time: %d retries: %lu",
" - retry-time: %d retries: %lu message: %s",
(reconnect ? "reconnecting" : "connecting"),
mi->user, mi->host, mi->port,
mi->connect_retry, master_retry_count);
mi->connect_retry, master_retry_count,
mysql_error(mysql));
}
/*
By default we try forever. The reason is that failure will trigger

25
sql/sql_cache.cc
View File

@ -377,9 +377,11 @@ TODO list:
static void debug_wait_for_kill(const char *info)
{
DBUG_ENTER("debug_wait_for_kill");
const char *prev_info;
THD *thd;
char buff[1024];
DBUG_ENTER("debug_wait_for_kill");
thd= current_thd;
prev_info= thd->proc_info;
thd->proc_info= info;
@ -387,8 +389,16 @@ static void debug_wait_for_kill(const char *info)
while(!thd->killed)
my_sleep(1000);
thd->killed= THD::NOT_KILLED;
/*
Remove the set debug variable, to ensure we don't get stuck on it again
This is needed as for MyISAM, invalidate_table() may be called twice
(Once from mysql_delete() and once from mi_update_status())
*/
sprintf(buff, "-d,%s", info);
DBUG_SET(buff);
sql_print_information("Exit debug_wait_for_kill");
thd->proc_info= prev_info;
DBUG_VOID_RETURN;
}
@ -914,15 +924,18 @@ void query_cache_insert(NET *net, const char *packet, ulong length)
void query_cache_abort(NET *net)
{
THD *thd;
DBUG_ENTER("query_cache_abort");
THD *thd= current_thd;
/* See the comment on double-check locking usage above. */
if (net->query_cache_query == 0)
DBUG_VOID_RETURN;
if (query_cache.try_lock())
{
net->query_cache_query = 0;
DBUG_VOID_RETURN;
}
/*
While we were waiting another thread might have changed the status
@ -932,6 +945,7 @@ void query_cache_abort(NET *net)
net->query_cache_query);
if (query_block)
{
thd= current_thd;
thd_proc_info(thd, "storing result in query cache");
DUMP(&query_cache);
BLOCK_LOCK_WR(query_block);
@ -941,6 +955,7 @@ void query_cache_abort(NET *net)
DBUG_EXECUTE("check_querycache",query_cache.check_integrity(1););
}
DBUG_ASSERT(!net->query_cache_query);
query_cache.unlock();
DBUG_VOID_RETURN;
}
@ -970,8 +985,12 @@ void query_cache_end_of_result(THD *thd)
#endif
if (query_cache.try_lock())
{
thd->net.query_cache_query= 0;
DBUG_VOID_RETURN;
}
/* thd->net.query_cache_query may have changed during resize */
query_block= ((Query_cache_block*) thd->net.query_cache_query);
if (query_block)
{
@ -997,8 +1016,8 @@ void query_cache_end_of_result(THD *thd)
to this function. In the release version that query should be ignored
and removed from QC.
*/
DBUG_ASSERT(0);
query_cache.free_query(query_block);
thd->net.query_cache_query= 0;
query_cache.unlock();
DBUG_VOID_RETURN;
}

3
sql/sql_connect.cc
View File

@ -798,6 +798,7 @@ static int check_connection(THD *thd)
DBUG_PRINT("info", ("client capabilities: %lu", thd->client_capabilities));
if (thd->client_capabilities & CLIENT_SSL)
{
char error_string[1024];
/* Do the SSL layering. */
if (!ssl_acceptor_fd)
{
@ -806,7 +807,7 @@ static int check_connection(THD *thd)
return 1;
}
DBUG_PRINT("info", ("IO layer change in progress..."));
if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout))
if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout, error_string))
{
DBUG_PRINT("error", ("Failed to accept new SSL connection"));
inc_host_errors(&thd->remote.sin_addr);

21
sql/sql_parse.cc
View File

@ -1252,12 +1252,14 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
ha_maria::implicit_commit(thd, FALSE);
#endif
net_end_statement(thd);
query_cache_end_of_result(thd);
/*
Multiple queries exits, execute them individually
*/
close_thread_tables(thd);
net_end_statement(thd);
query_cache_end_of_result(thd);
ulong length= (ulong)(packet_end - beginning_of_next_stmt);
log_slow_statement(thd);
@ -1645,13 +1647,22 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
ha_maria::implicit_commit(thd, FALSE);
#endif
net_end_statement(thd);
query_cache_end_of_result(thd);
if (!(sql_command_flags[thd->lex->sql_command] & CF_CHANGES_DATA))
{
/* No changes in data; We can send ok at once to the client */
net_end_statement(thd);
query_cache_end_of_result(thd);
}
thd->proc_info= "closing tables";
/* Free tables */
close_thread_tables(thd);
if (sql_command_flags[thd->lex->sql_command] & CF_CHANGES_DATA)
{
net_end_statement(thd);
query_cache_end_of_result(thd);
}
log_slow_statement(thd);
thd_proc_info(thd, "cleaning up");

24
vio/viossl.c
View File

@ -74,8 +74,11 @@ report_errors(SSL* ssl)
}
if (ssl)
DBUG_PRINT("error", ("error: %s",
ERR_error_string(SSL_get_error(ssl, l), buf)));
{
int error= SSL_get_error(ssl, l);
DBUG_PRINT("error", ("error: %s (%d)",
ERR_error_string(error, buf), error));
}
DBUG_PRINT("info", ("socket_errno: %d", socket_errno));
DBUG_VOID_RETURN;
@ -174,16 +177,17 @@ void vio_ssl_delete(Vio *vio)
static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
int (*connect_accept_func)(SSL*))
int (*connect_accept_func)(SSL*), char *error_string)
{
SSL *ssl;
my_bool unused;
my_bool was_blocking;
DBUG_ENTER("ssl_do");
DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx",
(long) ptr, vio->sd, (long) ptr->ssl_context));
error_string[0]= 0;
/* Set socket to blocking if not already set */
vio_blocking(vio, 1, &was_blocking);
@ -191,6 +195,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl);
strmov(error_string, "SSL_new failed");
vio_blocking(vio, was_blocking, &unused);
DBUG_RETURN(1);
}
@ -203,6 +208,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
{
DBUG_PRINT("error", ("SSL_connect/accept failure"));
report_errors(ssl);
ERR_error_string(SSL_get_error(ssl, 0), error_string);
SSL_free(ssl);
vio_blocking(vio, was_blocking, &unused);
DBUG_RETURN(1);
@ -250,17 +256,19 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
}
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
char *error_string)
{
DBUG_ENTER("sslaccept");
DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_accept));
DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_accept, error_string));
}
int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
char *error_string)
{
DBUG_ENTER("sslconnect");
DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_connect));
DBUG_RETURN(ssl_do(ptr, vio, timeout, SSL_connect, error_string));
}