database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

vio ssl structure renames (to get rid of ending _)

Browse Source 
Added TCP/IP read/write timeout for windows
Check on windows if second server is started with same TCP/IP port


BitKeeper/deleted/.del-have_openssl_2.inc~8c9f1a45676b698f:
  Delete: mysql-test/include/have_openssl_2.inc
BitKeeper/deleted/.del-have_openssl_2.require~53bbdfc136fb514:
  Delete: mysql-test/r/have_openssl_2.require
BitKeeper/deleted/.del-openssl_2.test~f2dfa927f19d14f8:
  Delete: mysql-test/t/openssl_2.test
BitKeeper/etc/ignore:
  added libmysql/vio_priv.h libmysql_r/vio_priv.h
client/mysql.cc:
  vio ssl structure renames
include/violite.h:
  Cleanup violite.h interface (move things to vio_priv.h)
libmysql/Makefile.am:
  Use vio_priv.h
libmysql/Makefile.shared:
  Use vio_priv.h
libmysqld/lib_vio.c:
  Added timeout for windows
mysys/my_getopt.c:
  Indentaion cleanup
sql/item_cmpfunc.cc:
  Remove compiler warnings
sql/item_func.cc:
  Remove compiler warnings
sql/mini_client.cc:
  vio ssl structure renames
sql/mysqld.cc:
  Check on windows if second server is started with same TCP/IP port
sql/net_serv.cc:
  Add read/write timeouts for windows
sql/sql_acl.cc:
  vio ssl structure renames
sql/sql_show.cc:
  vio ssl structure renames
vio/vio.c:
  Added timeouts for windows
vio/viosocket.c:
  Added timeouts for windows
vio/viossl.c:
  Added timeouts for windows
  Cleaned up structure element names
vio/viosslfactories.c:
  Added timeouts for windows
  Cleaned up structure element names
This commit is contained in:
unknown
2003-08-27 02:51:39 +03:00
parent e5b3d521f5
commit 59806e1004
22 changed files with 264 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.bzrignore
View File

@ -536,3 +536,5 @@ Docs/internals.pdf
Docs/internals.txt Docs/internals.txt
Docs/internals_toc.html Docs/internals_toc.html
scripts/make_win_src_distribution scripts/make_win_src_distribution
libmysql/vio_priv.h
libmysql_r/vio_priv.h

7
client/mysql.cc
View File

@ -708,6 +708,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
break; break;
case 'W': case 'W':
#ifdef __WIN__ #ifdef __WIN__
my_free(opt_mysql_unix_port, MYF(MY_ALLOW_ZERO_PTR));
opt_mysql_unix_port= my_strdup(MYSQL_NAMEDPIPE, MYF(0)); opt_mysql_unix_port= my_strdup(MYSQL_NAMEDPIPE, MYF(0));
#endif #endif
break; break;
@ -2329,10 +2330,10 @@ com_status(String *buffer __attribute__((unused)),
(void) mysql_fetch_row(result); // Read eof (void) mysql_fetch_row(result); // Read eof
} }
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
if (mysql.net.vio && mysql.net.vio->ssl_ && if (mysql.net.vio && mysql.net.vio->ssl_arg &&
SSL_get_cipher(mysql.net.vio->ssl_)) SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg))
tee_fprintf(stdout, "SSL:\t\t\tCipher in use is %s\n", tee_fprintf(stdout, "SSL:\t\t\tCipher in use is %s\n",
SSL_get_cipher(mysql.net.vio->ssl_)); SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg));
else else
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
tee_puts("SSL:\t\t\tNot in use", stdout); tee_puts("SSL:\t\t\tNot in use", stdout);

150
include/violite.h
View File

@ -43,6 +43,7 @@ Vio* vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost);
Vio* vio_new_win32pipe(HANDLE hPipe); Vio* vio_new_win32pipe(HANDLE hPipe);
#endif #endif
void vio_delete(Vio* vio); void vio_delete(Vio* vio);
int vio_close(Vio* vio);
#ifdef EMBEDDED_LIBRARY #ifdef EMBEDDED_LIBRARY
void vio_reset(Vio *vio); void vio_reset(Vio *vio);
@ -51,57 +52,64 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
my_socket sd, HANDLE hPipe, my_bool localhost); my_socket sd, HANDLE hPipe, my_bool localhost);
#endif #endif
/*
* vio_read and vio_write should have the same semantics
* as read(2) and write(2).
*/
int vio_read(Vio *vio, gptr buf, int size); int vio_read(Vio *vio, gptr buf, int size);
int vio_write(Vio *vio, const gptr buf, int size); int vio_write(Vio *vio, const gptr buf, int size);
/*
* Whenever the socket is set to blocking mode or not.
*/
int vio_blocking(Vio *vio, my_bool onoff, my_bool *old_mode); int vio_blocking(Vio *vio, my_bool onoff, my_bool *old_mode);
my_bool vio_is_blocking(Vio *vio); my_bool vio_is_blocking(Vio *vio);
/* /* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible */
* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible.
*/
int vio_fastsend(Vio *vio); int vio_fastsend(Vio *vio);
/* /* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible */
* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible.
*/
int vio_keepalive(Vio *vio, my_bool onoff); int vio_keepalive(Vio *vio, my_bool onoff);
/* /* Whenever we should retry the last read/write operation. */
* Whenever we should retry the last read/write operation.
*/
my_bool vio_should_retry(Vio *vio); my_bool vio_should_retry(Vio *vio);
/* /* Short text description of the socket for those, who are curious.. */
* When the workday is over...
*/
int vio_close(Vio* vio);
/*
* Short text description of the socket for those, who are curious..
*/
const char* vio_description(Vio *vio); const char* vio_description(Vio *vio);
/* Return the type of the connection */ /* Return the type of the connection */
enum enum_vio_type vio_type(Vio* vio); enum enum_vio_type vio_type(Vio* vio);
/* Return last error number */ /* Return last error number */
int vio_errno(Vio*vio); int vio_errno(Vio*vio);
/* Get socket number */ /* Get socket number */
my_socket vio_fd(Vio*vio); my_socket vio_fd(Vio*vio);
/* Remote peer's address and name in text form */
/*
* Remote peer's address and name in text form.
*/
my_bool vio_peer_addr(Vio* vio, char *buf, uint16 *port); my_bool vio_peer_addr(Vio* vio, char *buf, uint16 *port);
/* Remotes in_addr */ /* Remotes in_addr */
void vio_in_addr(Vio *vio, struct in_addr *in); void vio_in_addr(Vio *vio, struct in_addr *in);
my_bool vio_poll_read(Vio *vio,uint timeout); my_bool vio_poll_read(Vio *vio,uint timeout);
void vio_timeout(Vio *vio,uint timeout);
#ifdef HAVE_OPENSSL
#define HEADER_DES_LOCL_H dummy_something
#include <openssl/ssl.h>
#include <openssl/err.h>
struct st_VioSSLAcceptorFd
{
SSL_CTX *ssl_context;
SSL_METHOD *ssl_method;
struct st_VioSSLAcceptorFd *session_id_context;
};
/* One copy for client */
struct st_VioSSLConnectorFd
{
SSL_CTX *ssl_context;
/* function pointers which are only once for SSL client */
SSL_METHOD *ssl_method;
};
int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout);
int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout);
struct st_VioSSLConnectorFd
*new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
const char *cipher);
struct st_VioSSLAcceptorFd
*new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
const char *ca_file,const char *ca_path,
const char *cipher);
Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }
@ -121,77 +129,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
#define vio_close(vio) ((vio)->vioclose)(vio) #define vio_close(vio) ((vio)->vioclose)(vio)
#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt) #define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt)
#define vio_in_addr(vio, in) (vio)->in_addr(vio, in) #define vio_in_addr(vio, in) (vio)->in_addr(vio, in)
#define vio_timeout(vio, seconds) (vio)->timeout(vio, seconds)
#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */ #endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */
#ifdef HAVE_OPENSSL
#define HEADER_DES_LOCL_H dummy_something
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "my_net.h" /* needed because of struct in_addr */
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
void vio_ssl_delete(Vio* vio);
int vio_ssl_read(Vio* vio,gptr buf, int size);
int vio_ssl_write(Vio* vio,const gptr buf,int size);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int vio_ssl_fastsend(Vio* vio);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int vio_ssl_keepalive(Vio* vio, my_bool onoff);
/* Whenever we should retry the last read/write operation. */
my_bool vio_ssl_should_retry(Vio* vio);
/* When the workday is over... */
int vio_ssl_close(Vio* vio);
/* Return last error number */
int vio_ssl_errno(Vio *vio);
my_bool vio_ssl_peer_addr(Vio* vio, char *buf, uint16 *port);
void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
int vio_ssl_blocking(Vio * vio, my_bool set_blocking_mode, my_bool *old_mode);
/* Single copy for server */
enum vio_ssl_acceptorfd_state
{
state_connect = 1,
state_accept = 2
};
struct st_VioSSLAcceptorFd
{
SSL_CTX* ssl_context_;
SSL_METHOD* ssl_method_;
struct st_VioSSLAcceptorFd* session_id_context_;
};
/* One copy for client */
struct st_VioSSLConnectorFd
{
SSL_CTX* ssl_context_;
/* function pointers which are only once for SSL client */
SSL_METHOD* ssl_method_;
};
int sslaccept(struct st_VioSSLAcceptorFd*, Vio*, long timeout);
int sslconnect(struct st_VioSSLConnectorFd*, Vio*, long timeout);
struct st_VioSSLConnectorFd
*new_VioSSLConnectorFd(const char* key_file, const char* cert_file,
const char* ca_file, const char* ca_path,
const char* cipher);
struct st_VioSSLAcceptorFd
*new_VioSSLAcceptorFd(const char* key_file, const char* cert_file,
const char* ca_file,const char* ca_path,
const char* cipher);
Vio* new_VioSSL(struct st_VioSSLAcceptorFd* fd, Vio* sd,int state);
#ifdef __cplusplus
}
#endif
#endif /* HAVE_OPENSSL */
/* This enumerator is used in parser - should be always visible */ /* This enumerator is used in parser - should be always visible */
enum SSL_type enum SSL_type
{ {
@ -228,10 +168,8 @@ struct st_vio
void (*in_addr)(Vio*, struct in_addr*); void (*in_addr)(Vio*, struct in_addr*);
my_bool (*should_retry)(Vio*); my_bool (*should_retry)(Vio*);
int (*vioclose)(Vio*); int (*vioclose)(Vio*);
void (*timeout)(Vio*, unsigned int timeout);
#ifdef HAVE_OPENSSL void *ssl_arg;
SSL* ssl_;
#endif /* HAVE_OPENSSL */
#endif /* HAVE_VIO */ #endif /* HAVE_VIO */
}; };
#endif /* EMBEDDED_LIBRARY */ #endif /* EMBEDDED_LIBRARY */

2
libmysql/Makefile.am
View File

@ -41,7 +41,7 @@ link_sources:
rm -f $(srcdir)/$$f; \ rm -f $(srcdir)/$$f; \
@LN_CP_F@ $(srcdir)/../strings/$$f $(srcdir)/$$f; \ @LN_CP_F@ $(srcdir)/../strings/$$f $(srcdir)/$$f; \
done; \ done; \
for f in $$vs; do \ for f in $$vs $(vioheaders); do \
rm -f $(srcdir)/$$f; \ rm -f $(srcdir)/$$f; \
@LN_CP_F@ $(srcdir)/../vio/$$f $(srcdir)/$$f; \ @LN_CP_F@ $(srcdir)/../vio/$$f $(srcdir)/$$f; \
done; \ done; \

3
libmysql/Makefile.shared
View File

@ -46,6 +46,7 @@ mystringsextra= strto.c
mystringsgen= ctype_autoconf.c mystringsgen= ctype_autoconf.c
dbugobjects = dbug.lo # IT IS IN SAFEMALLOC.C sanity.lo dbugobjects = dbug.lo # IT IS IN SAFEMALLOC.C sanity.lo
mysysheaders = mysys_priv.h my_static.h mysysheaders = mysys_priv.h my_static.h
vioheaders = vio_priv.h
mysysobjects1 = my_init.lo my_static.lo my_malloc.lo my_realloc.lo \ mysysobjects1 = my_init.lo my_static.lo my_malloc.lo my_realloc.lo \
my_create.lo my_delete.lo mf_tempfile.lo my_open.lo \ my_create.lo my_delete.lo mf_tempfile.lo my_open.lo \
mf_casecnv.lo my_read.lo my_write.lo errors.lo \ mf_casecnv.lo my_read.lo my_write.lo errors.lo \
@ -86,7 +87,7 @@ clean-local:
`echo $(mysysobjects) | sed "s;\.lo;.c;g"` \ `echo $(mysysobjects) | sed "s;\.lo;.c;g"` \
`echo $(vio_objects) | sed "s;\.lo;.c;g"` \ `echo $(vio_objects) | sed "s;\.lo;.c;g"` \
$(CHARSET_SRCS) $(CHARSET_OBJS) \ $(CHARSET_SRCS) $(CHARSET_OBJS) \
$(mystringsextra) $(mystringsgen) $(mysysheaders) \ $(mystringsextra) $(mystringsgen) $(mysysheaders) $(vioheaders)\
ctype_extra_sources.c net.c ../linked_client_sources ctype_extra_sources.c net.c ../linked_client_sources
ctype_extra_sources.c: conf_to_src ctype_extra_sources.c: conf_to_src

5
libmysqld/lib_vio.c
View File

@ -218,4 +218,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
return 0; return 0;
} }
void vio_timeout(Vio *vio __attribute__((unused)),
uint timeout __attribute__((unused)))
{
}
#endif /* HAVE_VIO */ #endif /* HAVE_VIO */

4
mysql-test/include/have_openssl_2.inc
View File

@ -1,4 +0,0 @@
-- require r/have_openssl_2.require
disable_query_log;
SHOW STATUS LIKE "SSL_get_cipher";
enable_query_log;

2
mysql-test/r/have_openssl_2.require
View File

@ -1,2 +0,0 @@
Variable_name Value
jkhjkhfs

5
mysql-test/t/openssl_2.test
View File

@ -1,5 +0,0 @@
# We want to test everything with SSL turned on.
-- source include/have_openssl_2.inc
SHOW STATUS LIKE 'SSL%';

3
mysys/my_getopt.c
View File

@ -464,8 +464,7 @@ static int setval(const struct my_option *opts, char *argument,
break; break;
case GET_STR_ALLOC: case GET_STR_ALLOC:
if ((*((char**) result_pos))) if ((*((char**) result_pos)))
my_free((*(char**) result_pos), my_free((*(char**) result_pos), MYF(MY_WME | MY_FAE));
MYF(MY_WME | MY_FAE));
if (!(*((char**) result_pos)= my_strdup(argument, MYF(MY_WME)))) if (!(*((char**) result_pos)= my_strdup(argument, MYF(MY_WME))))
return EXIT_OUT_OF_MEMORY; return EXIT_OUT_OF_MEMORY;
break; break;

3
sql/item_cmpfunc.cc
View File

@ -1177,7 +1177,10 @@ Item_cond::fix_fields(THD *thd,TABLE_LIST *tables)
{ {
List_iterator<Item> li(list); List_iterator<Item> li(list);
Item *item; Item *item;
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char buff[sizeof(char*)]; // Max local vars in function char buff[sizeof(char*)]; // Max local vars in function
#endif
not_null_tables_cache= used_tables_cache= 0; not_null_tables_cache= used_tables_cache= 0;
const_item_cache= 0; const_item_cache= 0;
/* /*

5
sql/item_func.cc
View File

@ -59,7 +59,10 @@ bool
Item_func::fix_fields(THD *thd,TABLE_LIST *tables) Item_func::fix_fields(THD *thd,TABLE_LIST *tables)
{ {
Item **arg,**arg_end; Item **arg,**arg_end;
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char buff[STACK_BUFF_ALLOC]; // Max argument in function char buff[STACK_BUFF_ALLOC]; // Max argument in function
#endif
binary=0; binary=0;
used_tables_cache= not_null_tables_cache= 0; used_tables_cache= not_null_tables_cache= 0;
const_item_cache=1; const_item_cache=1;
@ -1159,7 +1162,9 @@ bool
udf_handler::fix_fields(THD *thd,TABLE_LIST *tables,Item_result_field *func, udf_handler::fix_fields(THD *thd,TABLE_LIST *tables,Item_result_field *func,
uint arg_count, Item **arguments) uint arg_count, Item **arguments)
{ {
#ifndef EMBEDDED_LIBRARY // Avoid compiler warning
char buff[STACK_BUFF_ALLOC]; // Max argument in function char buff[STACK_BUFF_ALLOC]; // Max argument in function
#endif
DBUG_ENTER("Item_udf_func::fix_fields"); DBUG_ENTER("Item_udf_func::fix_fields");
if (thd) if (thd)

2
sql/mini_client.cc
View File

@ -843,7 +843,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
} }
/* Do the SSL layering. */ /* Do the SSL layering. */
DBUG_PRINT("info", ("IO layer change in progress...")); DBUG_PRINT("info", ("IO layer change in progress..."));
DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_)); DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context));
sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio, (long)(mysql->options.connect_timeout)); sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio, (long)(mysql->options.connect_timeout));
DBUG_PRINT("info", ("IO layer change done!")); DBUG_PRINT("info", ("IO layer change done!"));
} }

13
sql/mysqld.cc
View File

@ -1136,7 +1136,14 @@ static void server_init(void)
IPaddr.sin_family = AF_INET; IPaddr.sin_family = AF_INET;
IPaddr.sin_addr.s_addr = my_bind_addr; IPaddr.sin_addr.s_addr = my_bind_addr;
IPaddr.sin_port = (unsigned short) htons((unsigned short) mysql_port); IPaddr.sin_port = (unsigned short) htons((unsigned short) mysql_port);
#ifndef __WIN__
/*
We should not use SO_REUSEADDR on windows as this would enable a
user to open two mysqld servers with the same TCP/IP port.
*/
(void) setsockopt(ip_sock,SOL_SOCKET,SO_REUSEADDR,(char*)&arg,sizeof(arg)); (void) setsockopt(ip_sock,SOL_SOCKET,SO_REUSEADDR,(char*)&arg,sizeof(arg));
#endif
if (bind(ip_sock, my_reinterpret_cast(struct sockaddr *) (&IPaddr), if (bind(ip_sock, my_reinterpret_cast(struct sockaddr *) (&IPaddr),
sizeof(IPaddr)) < 0) sizeof(IPaddr)) < 0)
{ {
@ -3011,6 +3018,12 @@ extern "C" pthread_handler_decl(handle_connections_sockets,
} }
if (sock == unix_sock) if (sock == unix_sock)
thd->host=(char*) localhost; thd->host=(char*) localhost;
#ifdef __WIN__
/* Set default wait_timeout */
ulong wait_timeout= global_system_variables.net_wait_timeout * 1000;
(void) setsockopt(new_sock, SOL_SOCKET, SO_RCVTIMEO, (char*)&wait_timeout,
sizeof(wait_timeout));
#endif
create_new_thread(thd); create_new_thread(thd);
} }

3
sql/net_serv.cc
View File

@ -434,6 +434,7 @@ net_real_write(NET *net,const char *packet,ulong len)
thr_alarm(&alarmed,(uint) net->write_timeout,&alarm_buff); thr_alarm(&alarmed,(uint) net->write_timeout,&alarm_buff);
#else #else
alarmed=0; alarmed=0;
vio_timeout(net->vio, net->write_timeout);
#endif /* NO_ALARM */ #endif /* NO_ALARM */
pos=(char*) packet; end=pos+len; pos=(char*) packet; end=pos+len;
@ -623,6 +624,8 @@ my_real_read(NET *net, ulong *complen)
#ifndef NO_ALARM #ifndef NO_ALARM
if (net_blocking) if (net_blocking)
thr_alarm(&alarmed,net->read_timeout,&alarm_buff); thr_alarm(&alarmed,net->read_timeout,&alarm_buff);
#else
vio_timeout(net->vio, net->read_timeout);
#endif /* NO_ALARM */ #endif /* NO_ALARM */
pos = net->buff + net->where_b; /* net->packet -4 */ pos = net->buff + net->where_b; /* net->packet -4 */

17
sql/sql_acl.cc
View File

@ -531,6 +531,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
(my_bool) old_ver))) (my_bool) old_ver)))
{ {
Vio *vio=thd->net.vio; Vio *vio=thd->net.vio;
#ifdef HAVE_OPENSSL
SSL *ssl= (SSL*) vio->ssl_arg;
#endif
/* /*
In this point we know that user is allowed to connect In this point we know that user is allowed to connect
from given host by given username/password pair. Now from given host by given username/password pair. Now
@ -553,8 +556,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
we should reject connection. we should reject connection.
*/ */
if (vio_type(vio) == VIO_TYPE_SSL && if (vio_type(vio) == VIO_TYPE_SSL &&
SSL_get_verify_result(vio->ssl_) == X509_V_OK && SSL_get_verify_result(ssl) == X509_V_OK &&
SSL_get_peer_certificate(vio->ssl_)) SSL_get_peer_certificate(ssl))
user_access=acl_user->access; user_access=acl_user->access;
break; break;
case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
@ -563,28 +566,28 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
we should reject connection. we should reject connection.
*/ */
if (vio_type(vio) == VIO_TYPE_SSL && if (vio_type(vio) == VIO_TYPE_SSL &&
SSL_get_verify_result(vio->ssl_) == X509_V_OK) SSL_get_verify_result(ssl) == X509_V_OK)
{ {
if (acl_user->ssl_cipher) if (acl_user->ssl_cipher)
{ {
DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
acl_user->ssl_cipher, acl_user->ssl_cipher,
SSL_get_cipher(vio->ssl_))); SSL_get_cipher(ssl)));
if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))) if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(ssl)))
user_access=acl_user->access; user_access=acl_user->access;
else else
{ {
if (global_system_variables.log_warnings) if (global_system_variables.log_warnings)
sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'", sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'",
acl_user->ssl_cipher, acl_user->ssl_cipher,
SSL_get_cipher(vio->ssl_)); SSL_get_cipher(ssl));
user_access=NO_ACCESS; user_access=NO_ACCESS;
break; break;
} }
} }
/* Prepare certificate (if exists) */ /* Prepare certificate (if exists) */
DBUG_PRINT("info",("checkpoint 1")); DBUG_PRINT("info",("checkpoint 1"));
X509* cert=SSL_get_peer_certificate(vio->ssl_); X509* cert=SSL_get_peer_certificate(ssl);
DBUG_PRINT("info",("checkpoint 2")); DBUG_PRINT("info",("checkpoint 2"));
/* If X509 issuer is speified, we check it... */ /* If X509 issuer is speified, we check it... */
if (acl_user->x509_issuer) if (acl_user->x509_issuer)

61
sql/sql_show.cc
View File

@ -1274,77 +1274,77 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
case SHOW_SSL_CTX_SESS_ACCEPT: case SHOW_SSL_CTX_SESS_ACCEPT:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_ACCEPT_GOOD: case SHOW_SSL_CTX_SESS_ACCEPT_GOOD:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_CONNECT_GOOD: case SHOW_SSL_CTX_SESS_CONNECT_GOOD:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE: case SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE: case SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_CB_HITS: case SHOW_SSL_CTX_SESS_CB_HITS:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_HITS: case SHOW_SSL_CTX_SESS_HITS:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_CACHE_FULL: case SHOW_SSL_CTX_SESS_CACHE_FULL:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_MISSES: case SHOW_SSL_CTX_SESS_MISSES:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_TIMEOUTS: case SHOW_SSL_CTX_SESS_TIMEOUTS:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_NUMBER: case SHOW_SSL_CTX_SESS_NUMBER:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_CONNECT: case SHOW_SSL_CTX_SESS_CONNECT:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_SESS_GET_CACHE_SIZE: case SHOW_SSL_CTX_SESS_GET_CACHE_SIZE:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context_))); SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_GET_VERIFY_MODE: case SHOW_SSL_CTX_GET_VERIFY_MODE:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context_))); SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_GET_VERIFY_DEPTH: case SHOW_SSL_CTX_GET_VERIFY_DEPTH:
net_store_data(&packet2,(uint32) net_store_data(&packet2,(uint32)
(!ssl_acceptor_fd ? 0 : (!ssl_acceptor_fd ? 0 :
SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context_))); SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context)));
break; break;
case SHOW_SSL_CTX_GET_SESSION_CACHE_MODE: case SHOW_SSL_CTX_GET_SESSION_CACHE_MODE:
if (!ssl_acceptor_fd) if (!ssl_acceptor_fd)
@ -1352,7 +1352,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
net_store_data(&packet2,"NONE" ); net_store_data(&packet2,"NONE" );
break; break;
} }
switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context_)) switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context))
{ {
case SSL_SESS_CACHE_OFF: case SSL_SESS_CACHE_OFF:
net_store_data(&packet2,"OFF" ); net_store_data(&packet2,"OFF" );
@ -1379,37 +1379,38 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables,
break; break;
/* First group - functions relying on SSL */ /* First group - functions relying on SSL */
case SHOW_SSL_GET_VERSION: case SHOW_SSL_GET_VERSION:
net_store_data(&packet2, thd->net.vio->ssl_ ? net_store_data(&packet2, thd->net.vio->ssl_arg ?
SSL_get_version(thd->net.vio->ssl_) : ""); SSL_get_version((SSL*) thd->net.vio->ssl_arg) : "");
break; break;
case SHOW_SSL_SESSION_REUSED: case SHOW_SSL_SESSION_REUSED:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_session_reused(thd->net.vio->ssl_) : 0)); SSL_session_reused((SSL*) thd->net.vio->ssl_arg) : 0));
break; break;
case SHOW_SSL_GET_DEFAULT_TIMEOUT: case SHOW_SSL_GET_DEFAULT_TIMEOUT:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_get_default_timeout(thd->net.vio->ssl_):0)); SSL_get_default_timeout((SSL*) thd->net.vio->ssl_arg) :
0));
break; break;
case SHOW_SSL_GET_VERIFY_MODE: case SHOW_SSL_GET_VERIFY_MODE:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_get_verify_mode(thd->net.vio->ssl_):0)); SSL_get_verify_mode((SSL*) thd->net.vio->ssl_arg):0));
break; break;
case SHOW_SSL_GET_VERIFY_DEPTH: case SHOW_SSL_GET_VERIFY_DEPTH:
net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ?
SSL_get_verify_depth(thd->net.vio->ssl_):0)); SSL_get_verify_depth((SSL*) thd->net.vio->ssl_arg):0));
break; break;
case SHOW_SSL_GET_CIPHER: case SHOW_SSL_GET_CIPHER:
net_store_data(&packet2, thd->net.vio->ssl_ ? net_store_data(&packet2, thd->net.vio->ssl_arg ?
SSL_get_cipher(thd->net.vio->ssl_) : ""); SSL_get_cipher((SSL*) thd->net.vio->ssl_arg) : "");
break; break;
case SHOW_SSL_GET_CIPHER_LIST: case SHOW_SSL_GET_CIPHER_LIST:
if (thd->net.vio->ssl_) if (thd->net.vio->ssl_arg)
{ {
char buf[1024], *pos; char buf[1024], *pos;
pos=buf; pos=buf;
for (int i=0 ; i++ ;) for (int i=0 ; i++ ;)
{ {
const char *p=SSL_get_cipher_list(thd->net.vio->ssl_,i); const char *p=SSL_get_cipher_list((SSL*) thd->net.vio->ssl_arg,i);
if (p == NULL) if (p == NULL)
break; break;
pos=strmov(pos, p); pos=strmov(pos, p);

10
vio/vio.c
View File

@ -21,13 +21,7 @@
the file descriptior. the file descriptior.
*/ */
#define DONT_MAP_VIO #include "vio_priv.h"
#include <my_global.h>
#include <mysql_com.h>
#include <my_sys.h>
#include <m_string.h>
#include <violite.h>
#include <errno.h>
/* /*
* Helper to fill most of the Vio* with defaults. * Helper to fill most of the Vio* with defaults.
@ -61,6 +55,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
vio->in_addr =vio_ssl_in_addr; vio->in_addr =vio_ssl_in_addr;
vio->vioblocking =vio_ssl_blocking; vio->vioblocking =vio_ssl_blocking;
vio->is_blocking =vio_is_blocking; vio->is_blocking =vio_is_blocking;
vio->timeout =vio_ssl_timeout;
} }
else /* default is VIO_TYPE_TCPIP */ else /* default is VIO_TYPE_TCPIP */
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
@ -77,6 +72,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type,
vio->in_addr =vio_in_addr; vio->in_addr =vio_in_addr;
vio->vioblocking =vio_blocking; vio->vioblocking =vio_blocking;
vio->is_blocking =vio_is_blocking; vio->is_blocking =vio_is_blocking;
vio->timeout =vio_timeout;
} }
#endif /* HAVE_VIO */ #endif /* HAVE_VIO */
DBUG_VOID_RETURN; DBUG_VOID_RETURN;

54
vio/vio_priv.h Normal file
View File

@ -0,0 +1,54 @@
/* Copyright (C) 2003 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/* Structures and functions private to the vio package */
#define DONT_MAP_VIO
#include <my_global.h>
#include <mysql_com.h>
#include <my_sys.h>
#include <m_string.h>
#include <violite.h>
#ifdef HAVE_OPENSSL
#include "my_net.h" /* needed because of struct in_addr */
void vio_ssl_delete(Vio* vio);
int vio_ssl_read(Vio *vio,gptr buf, int size);
int vio_ssl_write(Vio *vio,const gptr buf,int size);
void vio_ssl_timeout(Vio *vio, uint timeout);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int vio_ssl_fastsend(Vio *vio);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int vio_ssl_keepalive(Vio *vio, my_bool onoff);
/* Whenever we should retry the last read/write operation. */
my_bool vio_ssl_should_retry(Vio *vio);
/* When the workday is over... */
int vio_ssl_close(Vio *vio);
/* Return last error number */
int vio_ssl_errno(Vio *vio);
my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port);
void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);
/* Single copy for server */
enum vio_ssl_acceptorfd_state
{
state_connect = 1,
state_accept = 2
};
#endif /* HAVE_OPENSSL */

25
vio/viosocket.c
View File

@ -21,19 +21,7 @@
the file descriptior. the file descriptior.
*/ */
#define DONT_MAP_VIO #include "vio_priv.h"
#include <my_global.h>
#include <mysql_com.h>
#include <errno.h>
#include <my_sys.h>
#include <violite.h>
#include <my_net.h>
#include <m_string.h>
#ifndef __WIN__
#define HANDLE void *
#endif
void vio_delete(Vio* vio) void vio_delete(Vio* vio)
{ {
@ -334,3 +322,14 @@ my_bool vio_poll_read(Vio *vio,uint timeout)
DBUG_RETURN(fds.revents & POLLIN ? 0 : 1); DBUG_RETURN(fds.revents & POLLIN ? 0 : 1);
#endif #endif
} }
void vio_timeout(Vio *vio __attribute__((unused)),
uint timeout __attribute__((unused)))
{
#ifdef __WIN__
ulong wait_timeout= (ulong) timeout * 1000;
(void) setsockopt(vio->sd, SOL_SOCKET, SO_RCVTIMEO, (char*) &wait_timeout,
sizeof(wait_timeout));
#endif /* __WIN__ */
}

89
vio/viossl.c
View File

@ -21,23 +21,10 @@
the file descriptior. the file descriptior.
*/ */
#include <my_global.h> #include "vio_priv.h"
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <mysql_com.h>
#include <errno.h>
#include <assert.h>
#include <violite.h>
#include <my_sys.h>
#include <my_net.h>
#include <m_string.h>
#ifndef __WIN__
#define HANDLE void *
#endif
static void static void
report_errors() report_errors()
{ {
@ -88,11 +75,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
int r; int r;
DBUG_ENTER("vio_ssl_read"); DBUG_ENTER("vio_ssl_read");
DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p", DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p",
vio->sd, buf, size, vio->ssl_)); vio->sd, buf, size, vio->ssl_arg));
if ((r= SSL_read(vio->ssl_, buf, size)) < 0) if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0)
{ {
int err= SSL_get_error(vio->ssl_, r); int err= SSL_get_error((SSL*) vio->ssl_arg, r);
DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err)); DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err));
report_errors(); report_errors();
} }
@ -107,7 +94,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
DBUG_ENTER("vio_ssl_write"); DBUG_ENTER("vio_ssl_write");
DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));
if ((r= SSL_write(vio->ssl_, buf, size)) < 0) if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0)
report_errors(); report_errors();
DBUG_PRINT("exit", ("%d", r)); DBUG_PRINT("exit", ("%d", r));
DBUG_RETURN(r); DBUG_RETURN(r);
@ -171,11 +158,11 @@ int vio_ssl_close(Vio * vio)
int r; int r;
DBUG_ENTER("vio_ssl_close"); DBUG_ENTER("vio_ssl_close");
r=0; r=0;
if (vio->ssl_) if ((SSL*) vio->ssl_arg)
{ {
r = SSL_shutdown(vio->ssl_); r = SSL_shutdown((SSL*) vio->ssl_arg);
SSL_free(vio->ssl_); SSL_free((SSL*) vio->ssl_arg);
vio->ssl_= 0; vio->ssl_arg= 0;
} }
if (vio->sd >= 0) if (vio->sd >= 0)
{ {
@ -273,8 +260,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
net_blocking = vio_is_blocking(vio); net_blocking = vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */ vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_=0; vio->ssl_arg= 0;
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_))) if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context)))
{ {
DBUG_PRINT("error", ("SSL_new failure")); DBUG_PRINT("error", ("SSL_new failure"));
report_errors(); report_errors();
@ -282,25 +269,25 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
vio_blocking(vio, net_blocking, &unused); vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1); DBUG_RETURN(1);
} }
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout)); DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout));
SSL_clear(vio->ssl_); SSL_clear((SSL*) vio->ssl_arg);
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
SSL_set_fd(vio->ssl_,vio->sd); SSL_set_fd((SSL*) vio->ssl_arg,vio->sd);
SSL_set_accept_state(vio->ssl_); SSL_set_accept_state((SSL*) vio->ssl_arg);
if (SSL_do_handshake(vio->ssl_) < 1) if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
{ {
DBUG_PRINT("error", ("SSL_do_handshake failure")); DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors(); report_errors();
SSL_free(vio->ssl_); SSL_free((SSL*) vio->ssl_arg);
vio->ssl_=0; vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE); vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused); vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1); DBUG_RETURN(1);
} }
#ifndef DBUF_OFF #ifndef DBUF_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name(vio->ssl_))); ,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
client_cert = SSL_get_peer_certificate (vio->ssl_); client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
if (client_cert != NULL) if (client_cert != NULL)
{ {
DBUG_PRINT("info",("Client certificate:")); DBUG_PRINT("info",("Client certificate:"));
@ -317,7 +304,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
else else
DBUG_PRINT("info",("Client does not have certificate.")); DBUG_PRINT("info",("Client does not have certificate."));
str=SSL_get_shared_ciphers(vio->ssl_, buf, sizeof(buf)); str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf));
if (str) if (str)
{ {
DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str)); DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str));
@ -340,14 +327,14 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
my_bool net_blocking; my_bool net_blocking;
enum enum_vio_type old_type; enum enum_vio_type old_type;
DBUG_ENTER("sslconnect"); DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_)); DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context));
old_type= vio->type; old_type= vio->type;
net_blocking = vio_is_blocking(vio); net_blocking = vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */ vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_=0; vio->ssl_arg= 0;
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_))) if (!(vio->ssl_arg = SSL_new(ptr->ssl_context)))
{ {
DBUG_PRINT("error", ("SSL_new failure")); DBUG_PRINT("error", ("SSL_new failure"));
report_errors(); report_errors();
@ -355,25 +342,25 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
vio_blocking(vio, net_blocking, &unused); vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1); DBUG_RETURN(1);
} }
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout)); DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout));
SSL_clear(vio->ssl_); SSL_clear((SSL*) vio->ssl_arg);
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
SSL_set_fd (vio->ssl_, vio->sd); SSL_set_fd ((SSL*) vio->ssl_arg, vio->sd);
SSL_set_connect_state(vio->ssl_); SSL_set_connect_state((SSL*) vio->ssl_arg);
if (SSL_do_handshake(vio->ssl_) < 1) if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
{ {
DBUG_PRINT("error", ("SSL_do_handshake failure")); DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors(); report_errors();
SSL_free(vio->ssl_); SSL_free((SSL*) vio->ssl_arg);
vio->ssl_=0; vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE); vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused); vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1); DBUG_RETURN(1);
} }
#ifndef DBUG_OFF #ifndef DBUG_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name(vio->ssl_))); ,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
server_cert = SSL_get_peer_certificate (vio->ssl_); server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
if (server_cert != NULL) if (server_cert != NULL)
{ {
DBUG_PRINT("info",("Server certificate:")); DBUG_PRINT("info",("Server certificate:"));
@ -407,4 +394,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)),
return set_blocking_mode ? 0 : 1; return set_blocking_mode ? 0 : 1;
} }
void vio_ssl_timeout(Vio *vio __attribute__((unused)),
uint timeout __attribute__((unused)))
{
/* Not yet implemented (non critical) */
}
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */

65
vio/viosslfactories.c
View File

@ -14,15 +14,10 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#include <my_global.h> #include "vio_priv.h"
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <mysql_com.h>
#include <my_sys.h>
#include <violite.h>
static bool ssl_algorithms_added = FALSE; static bool ssl_algorithms_added = FALSE;
static bool ssl_error_strings_loaded= FALSE; static bool ssl_error_strings_loaded= FALSE;
static int verify_depth = 0; static int verify_depth = 0;
@ -203,8 +198,8 @@ new_VioSSLConnectorFd(const char* key_file,
my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0))))) my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0)))))
DBUG_RETURN(0); DBUG_RETURN(0);
ptr->ssl_context_= 0; ptr->ssl_context= 0;
ptr->ssl_method_= 0; ptr->ssl_method= 0;
/* FIXME: constants! */ /* FIXME: constants! */
if (!ssl_algorithms_added) if (!ssl_algorithms_added)
@ -219,10 +214,10 @@ new_VioSSLConnectorFd(const char* key_file,
ssl_error_strings_loaded = TRUE; ssl_error_strings_loaded = TRUE;
SSL_load_error_strings(); SSL_load_error_strings();
} }
ptr->ssl_method_ = TLSv1_client_method(); ptr->ssl_method = TLSv1_client_method();
ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); ptr->ssl_context = SSL_CTX_new(ptr->ssl_method);
DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_)); DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context));
if (ptr->ssl_context_ == 0) if (ptr->ssl_context == 0)
{ {
DBUG_PRINT("error", ("SSL_CTX_new failed")); DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors(); report_errors();
@ -234,20 +229,20 @@ new_VioSSLConnectorFd(const char* key_file,
*/ */
if (cipher) if (cipher)
{ {
result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
} }
SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{ {
DBUG_PRINT("error", ("vio_set_cert_stuff failed")); DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors(); report_errors();
goto ctor_failure; goto ctor_failure;
} }
if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path) == 0) if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0)
{ {
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_) == 0) if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0)
{ {
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors(); report_errors();
@ -257,7 +252,7 @@ new_VioSSLConnectorFd(const char* key_file,
/* DH stuff */ /* DH stuff */
dh=get_dh512(); dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
DH_free(dh); DH_free(dh);
DBUG_RETURN(ptr); DBUG_RETURN(ptr);
@ -292,10 +287,10 @@ new_VioSSLAcceptorFd(const char *key_file,
ptr= ((struct st_VioSSLAcceptorFd*) ptr= ((struct st_VioSSLAcceptorFd*)
my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0))); my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)));
ptr->ssl_context_=0; ptr->ssl_context=0;
ptr->ssl_method_=0; ptr->ssl_method=0;
/* FIXME: constants! */ /* FIXME: constants! */
ptr->session_id_context_ = ptr; ptr->session_id_context= ptr;
if (!ssl_algorithms_added) if (!ssl_algorithms_added)
{ {
@ -310,9 +305,9 @@ new_VioSSLAcceptorFd(const char *key_file,
ssl_error_strings_loaded = TRUE; ssl_error_strings_loaded = TRUE;
SSL_load_error_strings(); SSL_load_error_strings();
} }
ptr->ssl_method_= TLSv1_server_method(); ptr->ssl_method= TLSv1_server_method();
ptr->ssl_context_= SSL_CTX_new(ptr->ssl_method_); ptr->ssl_context= SSL_CTX_new(ptr->ssl_method);
if (ptr->ssl_context_ == 0) if (ptr->ssl_context == 0)
{ {
DBUG_PRINT("error", ("SSL_CTX_new failed")); DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors(); report_errors();
@ -320,31 +315,31 @@ new_VioSSLAcceptorFd(const char *key_file,
} }
if (cipher) if (cipher)
{ {
result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
} }
/* SSL_CTX_set_quiet_shutdown(ctx,1); */ /* SSL_CTX_set_quiet_shutdown(ctx,1); */
SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128); SSL_CTX_sess_set_cache_size(ptr->ssl_context,128);
/* DH? */ /* DH? */
SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
SSL_CTX_set_session_id_context(ptr->ssl_context_, SSL_CTX_set_session_id_context(ptr->ssl_context,
(const uchar*) &(ptr->session_id_context_), (const uchar*) &(ptr->session_id_context),
sizeof(ptr->session_id_context_)); sizeof(ptr->session_id_context));
/* /*
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
*/ */
if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{ {
DBUG_PRINT("error", ("vio_set_cert_stuff failed")); DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors(); report_errors();
goto ctor_failure; goto ctor_failure;
} }
if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path) == 0) if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0)
{ {
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0)
{ {
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors(); report_errors();
@ -353,7 +348,7 @@ new_VioSSLAcceptorFd(const char *key_file,
} }
/* DH stuff */ /* DH stuff */
dh=get_dh512(); dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
DH_free(dh); DH_free(dh);
DBUG_RETURN(ptr); DBUG_RETURN(ptr);
@ -362,6 +357,4 @@ ctor_failure:
my_free((gptr) ptr,MYF(0)); my_free((gptr) ptr,MYF(0));
DBUG_RETURN(0); DBUG_RETURN(0);
} }
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */