Merge jonas@perch:src/mysql-5.0

into  poseidon.ndb.mysql.com:/home/tomas/mysql-5.0


support-files/mysql.spec.sh:
  Auto merged

SSL/Makefile.am

@@ -17,8 +17,8 @@
 ## Process this file with automake to create Makefile.in
 
 EXTRA_DIST=	NOTES cacert.pem client-cert.pem client-key.pem \
-		client-req.pem run-client run-server server-cert.pem \
+		run-client run-server server-cert.pem \
-		server-key.pem server-req.pem
+		server-key.pem
 
 # Don't update the files from bitkeeper
 %::SCCS/s.%

SSL/NOTES

@@ -40,7 +40,69 @@ openssl s_server -port 1111 -cert ../SSL/server-cert.pem -key ../SSL/server-key.
 
 
 
+-------------------------------------------
+How to generate new keys:
 
+First we need the private key of the CA cert. Since we always throw
+away the old private key for the CA, we need to generate a totally new
+CA cert. Our CA cert is self signed and we will use that to sign the
+server and client keys. As long as we distibute the cacert.pem they can
+b oth be validated against that.
+
+
+1) openssl genrsa 512 > cecert.pem
+
+2) openssl req -new -x509 -nodes -md5 -days 1000 -key cacert.pem > cacert.pem
+
+We now have a cacert.pem which is the public key and a cakey.pem which is the
+private key of the CA.
+
+Steps to generate the server key.
+
+3) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
+
+4) copy ca-key.pem ca-cert.srl
+
+5) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+
+
+-- adding metadata to beginning
+
+6) openssl x509 -in server-cert.pem -text > tmp.pem
+
+7) mv tmp.pem server-cert.pem
+
+-- And almost the same for the client.
+
+8) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout client-key.pem > client-req.pem
+
+9) openssl x509 -req -in client-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
+
+
+-- adding metadata to beginning
+
+10) openssl x509 -in client-cert.pem -text > tmp.pem
+
+11) mv tmp.pem client-cert.pem
+
+The new certs are now generated. They can be verified against the cacert to test they are ok. This is actually what is done in the MySQL client and server.
+
+12) openssl verify -CAfile cacert.pem server-cert.pem
+server-cert.pem: OK
+13) openssl verify -CAfile cacert.pem client-cert.pm
+client-cert.pem: OK
+
+
+The files we add to our repository and thus distribute are
+* cacert.pem - CA's public key, used to verify the client/servers pblic keys
+* server-key.pem - servers private key
+* server-cert.pem - servers public key
+* client-key.pem - clients private key
+* client-cert.pem - clients public key
+
+
+
+== OLD NOTES below ==
 --------------------------------------------
 
 CA stuff:

SSL/cacert.pem

@@ -1,21 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIDcTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux
+MIICrTCCAhagAwIBAgIJAIAO/Ybiptv1MA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV
-EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB
+BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
-YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0
+VQQKEwhNeVNRTCBBQjAeFw0wNjA1MDMwODQ4NTRaFw0wOTAxMjcwODQ4NTRaMEQx
-Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYxNDE2WhcNMTMw
+CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
-OTA5MTYxNDE2WjCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP
+MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-BgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9w
++C46EQl1u7tQ6gb9eqc8V079gr8YmDPCEqtjO8bCIbchpjOpDITx0WZz36Sn9E72
-ZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNx
+GPJwNip4FxLaPRIA3xNQHM5cE5U53qznlRx1Fc4O3hcWCvyCqNDl/vzPAh3pI6Bl
-bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrT7zp5tp5djXp+TEQs
+Ku9hfHXpp93W812smVPe9haShEXGgbEPYGzvOfVdu/MCAwEAAaOBpjCBozAdBgNV
-5ZEds1XUglp/EQUQ1FMMb1Xe6gqJsQ62O+jsUe0nrUjXBrUCUy49k6mcnmQtZREj
+HQ4EFgQUjIy/6OCTmqtPHBFha6/qzVk3yTcwdAYDVR0jBG0wa4AUjIy/6OCTmqtP
-l1pWKmzx1fgcYpxTwxaY7IKB2jik5IWprhVPmSQ+AWss43oolXMZWR+csKehqm3j
+HBFha6/qzVk3yTehSKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxh
-+YNZc9NsR4ydE71l0VEtJEQvAgMBAAGjgegwgeUwHQYDVR0OBBYEFIiYZdnz8osD
+MRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAIAO/Ybiptv1
-HWZgYSP6rXNt02iSMIG1BgNVHSMEga0wgaqAFIiYZdnz8osDHWZgYSP6rXNt02iS
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA8lD9zyB820Oq1aj7ZafX
-oYGOpIGLMIGIMQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UE
+De/hbdt9RIl2tzgw2K3r1KZGdXJVL0vSt5fZ51Nq9lg7OPJy3iXf+caBJEp0IJpB
-ChMITXlTUUwgQUIxITAfBgNVBAMTGEFic3RyYWN0IE15U1FMIERldmVsb3BlcjEx
+uf4Gfr6zfXw+UlY6ZthRtHQHoXKcbskECjH5/ps/Uaa+dpVQ9O+Ii1rPzmgo6ztM
-MC8GCSqGSIb3DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNv
+s+xZ46ESBt4WiHXm8kwbU9Y=
-bYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAGIL22MCIU/0sKDp
-pZIhoabvNVDTfuhtene+WBCrzCzGXPZjB4+b/KAJJNvOR4zi43Kk7euu+PENs9M7
-nKpInMdhvT1RcCnUHJ3jBCvDDzXab2msqn3rxhwetWWbfE0OeEn/PoQcwiZCe7x5
-h+Zz+oUbvsEe4DjtDVgG4UH9nSSS
 -----END CERTIFICATE-----

SSL/client-cert.pem

@@ -1,67 +1,42 @@
 Certificate:
     Data:
-        Version: 3 (0x2)
+        Version: 1 (0x0)
         Serial Number: 1 (0x1)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
+        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
         Validity
-            Not Before: Sep 12 16:21:19 2003 GMT
+            Not Before: May  3 08:55:39 2006 GMT
-            Not After : Sep  9 16:21:19 2013 GMT
+            Not After : Jan 27 08:55:39 2009 GMT
-        Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Client/Email=abstract.mysql.developer@mysql.com
+        Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
+            RSA Public Key: (512 bit)
-                Modulus (1024 bit):
+                Modulus (512 bit):
-                    00:c4:03:0a:ee:e3:b1:12:fc:ee:b4:19:f4:e1:60:
+                    00:d8:db:68:28:49:84:4d:d6:0f:5c:bc:3d:9a:ab:
-                    1d:e0:28:c3:96:2d:df:82:69:cd:74:7c:54:58:d0:
+                    70:d5:3e:f5:b5:17:ba:ef:e1:f8:87:54:30:22:1f:
-                    ae:b3:59:3f:0c:19:1c:99:10:a6:12:c9:cf:3a:64:
+                    81:07:bf:f9:24:7f:8a:54:10:e9:5f:e6:99:50:04:
-                    05:43:8e:bf:d2:65:36:80:91:0b:65:b0:27:26:38:
+                    d4:3b:55:a9:f1:52:ad:12:2b:5a:da:5c:be:8c:3e:
-                    c9:23:d8:36:a2:4a:f0:f7:c0:2f:68:38:70:01:27:
+                    5b:9e:b0:5a:19
-                    29:ff:b2:c5:52:e1:6b:f1:c8:d7:c3:5c:ee:f0:37:
-                    6c:2a:9b:96:1a:05:9e:eb:33:a2:39:5a:77:66:62:
-                    27:75:1f:2f:6f:38:da:e5:9f:78:af:ca:6b:22:3f:
-                    57:2b:bc:a6:8f:47:d1:99:6f
                 Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                80:81:A9:22:EB:AB:D6:CA:7E:3F:8D:BB:D1:AC:2A:F4:87:9D:13:29
-            X509v3 Authority Key Identifier: 
-                keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92
-                DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
-                serial:00
-
     Signature Algorithm: md5WithRSAEncryption
-        86:17:1c:f3:9f:10:1b:75:47:03:ca:54:ea:ef:f7:15:54:8d:
+        07:57:bf:07:92:c2:8e:86:24:6b:0a:bf:e5:31:21:44:c3:60:
-        8f:58:c9:64:7d:de:2e:bf:ea:a6:5d:72:56:c9:81:be:bb:1c:
+        02:a6:ac:9e:f7:db:7a:6e:fc:4f:d4:7b:54:18:80:47:d2:4a:
-        78:a5:91:d6:f8:77:df:9d:d2:cb:94:d9:06:61:4f:05:21:22:
+        63:0e:e3:f8:af:6e:58:e3:97:5a:2b:82:5d:76:20:d1:33:a0:
-        2a:ea:9e:c3:8b:4d:fe:94:c7:98:61:cd:7e:88:19:c9:92:01:
+        f5:43:a1:d1:51:f4:ca:c8:b3:1a:66:4e:0e:55:df:d2:e8:fa:
-        1f:10:5b:c6:16:95:99:9b:32:01:3a:89:df:fa:0a:89:ac:fa:
+        83:18:42:f5:ec:66:40:f0:39:e8:f9:d7:cf:f6:dd:e4:7b:69:
-        b5:40:55:7a:ca:0a:bd:5d:8b:06:d8:7e:e1:44:8c:70:c8:63:
+        dd:0c:92:d8:52:95:43:6f:29:3d:f0:8d:4c:dd:52:ea:6b:a0:
-        c7:77:6a:37:3d:a4:ac:57:dc:00:c1:c1:f3:72:17:5b:50:95:
+        39:0f:dc:59:a7:5c:37:6b:8b:05:44:b7:69:ea:a3:58:e0:4e:
-        ee:b7
+        ce:d6
 -----BEGIN CERTIFICATE-----
-MIIDkTCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux
+MIIB5jCCAU8CAQEwDQYJKoZIhvcNAQEEBQAwRDELMAkGA1UEBhMCU0UxEDAOBgNV
-EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB
+BAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFC
-YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0
+MB4XDTA2MDUwMzA4NTUzOVoXDTA5MDEyNzA4NTUzOVowdzELMAkGA1UEBhMCU0Ux
-Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMTE5WhcNMTMw
+EDAOBgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15
-OTA5MTYyMTE5WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G
+U1FMIEFCMTEwLwYJKoZIhvcNAQkBFiJhYnN0cmFjdC5teXNxbC5kZXZlbG9wZXJA
-A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIENsaWVudDExMC8GCSqGSIb3
+bXlzcWwuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANjbaChJhE3WD1y8PZqr
-DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq
+cNU+9bUXuu/h+IdUMCIfgQe/+SR/ilQQ6V/mmVAE1DtVqfFSrRIrWtpcvow+W56w
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAxAMK7uOxEvzutBn04WAd4CjDli3fgmnNdHxU
+WhkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAHV78HksKOhiRrCr/lMSFEw2ACpqye
-WNCus1k/DBkcmRCmEsnPOmQFQ46/0mU2gJELZbAnJjjJI9g2okrw98AvaDhwAScp
+99t6bvxP1HtUGIBH0kpjDuP4r25Y45daK4JddiDRM6D1Q6HRUfTKyLMaZk4OVd/S
-/7LFUuFr8cjXw1zu8DdsKpuWGgWe6zOiOVp3ZmIndR8vbzja5Z94r8prIj9XK7ym
+6PqDGEL17GZA8Dno+dfP9t3ke2ndDJLYUpVDbyk98I1M3VLqa6A5D9xZp1w3a4sF
-j0fRmW8CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
+RLdp6qNY4E7O1g==
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSAgaki66vWyn4/
-jbvRrCr0h50TKTCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB
-jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT
-CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv
-BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C
-AQAwDQYJKoZIhvcNAQEEBQADgYEAhhcc858QG3VHA8pU6u/3FVSNj1jJZH3eLr/q
-pl1yVsmBvrsceKWR1vh3353Sy5TZBmFPBSEiKuqew4tN/pTHmGHNfogZyZIBHxBb
-xhaVmZsyATqJ3/oKiaz6tUBVesoKvV2LBth+4USMcMhjx3dqNz2krFfcAMHB83IX
-W1CV7rc=
 -----END CERTIFICATE-----

SSL/client-key.pem

@@ -1,15 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDEAwru47ES/O60GfThYB3gKMOWLd+Cac10fFRY0K6zWT8MGRyZ
+MIIBOgIBAAJBANjbaChJhE3WD1y8PZqrcNU+9bUXuu/h+IdUMCIfgQe/+SR/ilQQ
-EKYSyc86ZAVDjr/SZTaAkQtlsCcmOMkj2DaiSvD3wC9oOHABJyn/ssVS4WvxyNfD
+6V/mmVAE1DtVqfFSrRIrWtpcvow+W56wWhkCAwEAAQJAK27WT6tZylUjQomZNQ89
-XO7wN2wqm5YaBZ7rM6I5WndmYid1Hy9vONrln3ivymsiP1crvKaPR9GZbwIDAQAB
+TBiOEbUtBbqWklQ0R8FTkH9uKV+8KYQ+k+tMkoAEGFfChB0YfofNQ2KZYWWw4yOB
-AoGAcR7IaoGhKbIrGGl6d67+zuT3q24h9aOV3Mn7653TlNHGnvbHGFcRYPpyy+H5
+WQIhAPXXDQt73aou10s+cmKM3C3WzLmIZtrvm9wNBXWDGxgTAiEA4dG4cXrZfa1M
-X7m8XnHm+F+80hzNGzPecP9Q12oPOyoZgeQn6bTK73OFkNcX7FAkNdyH4xVhf2aK
+TTbjzNU1/Jf50/M8SvZDWMPQWxJ8oqMCIH6zBpYUkHlVCsBMvsbrsc4uFfTIx7mu
-YOzTcQfq3gRCqXtVIg4qBShTMjJLE31R8H430Or62XmJgFECQQDjP+Kz+ecQwuTB
+I7WVQGr/1sbhAiBf4uFirjtztgZUMx5/d3k5DH80lG/hlLf8FQl/4lWx6QIhAPHw
-HADLm+GQgceIB1kLgdQoZ3deUxGvqtVImuDRViSM0F2srfJ4GfkEDhc27UI5f6ir
+CXfPUbUFl4r/i9Br5+exGol50qX4F3aP5Sh5EnZT
-ZTOw4ww7AkEA3M9wCPgWNtbOXbYjaNA0IzHcjMDxQDVvJAmb3EiZlKQp4EfrESxR
-ly/u08TyfwrK6q5WS7xE0ad8+95G1af4XQJBAI9+3ME20SB1YItMCniHYwSj3oHX
-2fN5NKWax/Zoz+c0IV+qZMHq+kNso2oRoOUTyXk1CJWndcTnBnPMALr2c9cCQQCZ
-VL7Cq6uZVx6kemcqUHH0AprZbt3YLYLI7pc5p3xmeHzPzoEQQstBhjp8+aU+zPrN
-blRkcQ8E2x5yNA7SLLrNAkAhzkA+EK8hc0f9W3ncy+py0Rn0i5Ay0N3T715vkThf
-CfOHE3L91dLlmYpL5xVqOpugY/2sHyxwctv97DgS6tHZ
 -----END RSA PRIVATE KEY-----

SSL/client-req.pem

@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBvDCCASUCAQAwfDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP
-BgNVBAoTCE15U1FMIEFCMRUwEwYDVQQDEwxNeVNRTCBDbGllbnQxMTAvBgkqhkiG
-9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMQDCu7jsRL87rQZ9OFgHeAow5Yt34JpzXR8
-VFjQrrNZPwwZHJkQphLJzzpkBUOOv9JlNoCRC2WwJyY4ySPYNqJK8PfAL2g4cAEn
-Kf+yxVLha/HI18Nc7vA3bCqblhoFnuszojlad2ZiJ3UfL2842uWfeK/KayI/Vyu8
-po9H0ZlvAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAnKdk68dGJXvlj/GXwBUWN
-oXWF7hq4fDmwyhmcFUqk8qZKPKFUxkcER0GLzYeUgvD2URSfaS3/YW0d7K7kXGwP
-rB5edb+suaYf6mjm/w37xw/EJI9rdSKcB/3SSu8mALds7sUHDAO+MO0WkA/9d7t0
-LOsUqcDvMkKpZuYwNILwLw==
------END CERTIFICATE REQUEST-----

SSL/server-cert.pem

@@ -1,67 +1,42 @@
 Certificate:
     Data:
-        Version: 3 (0x2)
+        Version: 1 (0x0)
-        Serial Number: 2 (0x2)
+        Serial Number: 1 (0x1)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
+        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
         Validity
-            Not Before: Sep 12 16:22:06 2003 GMT
+            Not Before: May  3 08:54:13 2006 GMT
-            Not After : Sep  9 16:22:06 2013 GMT
+            Not After : Jan 27 08:54:13 2009 GMT
-        Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Server/Email=abstract.mysql.developer@mysql.com
+        Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
+            RSA Public Key: (512 bit)
-                Modulus (1024 bit):
+                Modulus (512 bit):
-                    00:e9:86:7a:55:84:88:4c:be:a4:f8:92:73:30:12:
+                    00:d9:fd:da:b3:fb:7c:e0:b0:03:be:97:c6:a4:36:
-                    49:0b:7a:85:87:39:34:39:0d:7d:0b:8d:18:c2:17:
+                    ac:71:af:bb:2d:e5:84:ed:f3:8f:2b:eb:11:e5:aa:
-                    95:13:52:d2:3f:55:10:57:c8:3f:5a:f5:b2:fa:8b:
+                    66:ed:bf:62:6b:e3:ce:fa:80:ed:90:ff:b9:4a:39:
-                    d0:67:49:cc:aa:82:fc:9f:ce:00:b4:73:f3:36:d2:
+                    20:40:b6:f2:99:bf:2f:33:b5:f2:ec:3a:90:60:1d:
-                    3a:d3:c2:b0:0e:14:c3:d4:b2:21:74:a1:f0:31:81:
+                    9e:94:7e:a4:1b
-                    60:87:98:73:5c:10:c1:b1:1a:4d:f1:f3:b0:98:3f:
-                    f0:d7:97:9b:2b:fd:d5:21:79:b2:2f:eb:64:15:c9:
-                    9b:9d:fc:9e:2d:d4:f8:04:5b:ea:a9:75:4b:42:c3:
-                    3d:0e:4d:2a:a8:b8:ca:99:8d
                 Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                6E:E4:9B:6A:C5:EA:E4:E6:C7:EF:D7:1E:C8:63:45:60:2B:1B:D4:D4
-            X509v3 Authority Key Identifier: 
-                keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92
-                DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
-                serial:00
-
     Signature Algorithm: md5WithRSAEncryption
-        31:77:69:b9:bd:ab:29:f3:fc:5a:09:16:6f:5d:42:ea:ba:01:
+        de:5e:35:cd:7b:11:e6:7c:c5:7c:d6:27:4e:72:12:49:42:eb:
-        55:69:e3:75:cf:b8:d1:b7:b9:bf:da:63:85:8c:48:92:06:60:
+        6f:2c:96:f3:f4:00:78:a7:4f:9f:2d:7b:d7:30:39:af:49:4d:
-        76:97:e0:00:78:4b:ad:da:ab:6a:90:6d:8b:03:a8:b1:e9:09:
+        df:b1:55:0d:30:be:23:6f:06:67:fd:dd:ba:98:66:36:c6:32:
-        78:e1:29:98:56:12:60:6b:42:fe:e8:a7:c4:f8:d6:15:07:e8:
+        b7:ed:63:fc:aa:49:cd:4f:72:98:3b:13:0e:f6:28:d7:d4:eb:
-        2b:c2:d8:8a:e5:1b:2e:51:08:9b:56:e3:b3:7a:4c:3e:e5:be:
+        04:6b:dc:e8:c7:04:80:92:e4:04:86:0b:ed:32:25:76:1d:a9:
-        4a:4d:f8:65:7b:a8:21:e0:ca:fe:8b:ab:d7:ec:f2:2d:f7:d0:
+        5c:a9:2c:18:2c:bd:bc:15:ed:e1:76:96:4d:bb:0d:41:44:06:
-        bf:d7:c5:23:1c:08:d8:aa:57:c7:f3:5f:ba:33:3f:78:d1:f4:
+        2c:ad:45:bb:db:61:ad:17:11:cb:49:70:67:eb:c6:27:d3:91:
-        8e:5e
+        c8:f2
 -----BEGIN CERTIFICATE-----
-MIIDkTCCAvqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux
+MIIB+zCCAWQCAQEwDQYJKoZIhvcNAQEEBQAwRDELMAkGA1UEBhMCU0UxEDAOBgNV
-EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB
+BAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFC
-YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0
+MB4XDTA2MDUwMzA4NTQxM1oXDTA5MDEyNzA4NTQxM1owgYsxCzAJBgNVBAYTAlNF
-Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMjA2WhcNMTMw
+MRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhN
-OTA5MTYyMjA2WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G
+eVNRTCBBQjESMBAGA1UEAxMJbG9jYWxob3N0MTEwLwYJKoZIhvcNAQkBFiJhYnN0
-A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIFNlcnZlcjExMC8GCSqGSIb3
+cmFjdC5teXNxbC5kZXZlbG9wZXJAbXlzcWwuY29tMFwwDQYJKoZIhvcNAQEBBQAD
-DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq
+SwAwSAJBANn92rP7fOCwA76XxqQ2rHGvuy3lhO3zjyvrEeWqZu2/YmvjzvqA7ZD/
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA6YZ6VYSITL6k+JJzMBJJC3qFhzk0OQ19C40Y
+uUo5IEC28pm/LzO18uw6kGAdnpR+pBsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQDe
-wheVE1LSP1UQV8g/WvWy+ovQZ0nMqoL8n84AtHPzNtI608KwDhTD1LIhdKHwMYFg
+XjXNexHmfMV81idOchJJQutvLJbz9AB4p0+fLXvXMDmvSU3fsVUNML4jbwZn/d26
-h5hzXBDBsRpN8fOwmD/w15ebK/3VIXmyL+tkFcmbnfyeLdT4BFvqqXVLQsM9Dk0q
+mGY2xjK37WP8qknNT3KYOxMO9ijX1OsEa9zoxwSAkuQEhgvtMiV2HalcqSwYLL28
-qLjKmY0CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
+Fe3hdpZNuw1BRAYsrUW722GtFxHLSXBn68Yn05HI8g==
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRu5Jtqxerk5sfv
-1x7IY0VgKxvU1DCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB
-jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT
-CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv
-BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C
-AQAwDQYJKoZIhvcNAQEEBQADgYEAMXdpub2rKfP8WgkWb11C6roBVWnjdc+40be5
-v9pjhYxIkgZgdpfgAHhLrdqrapBtiwOosekJeOEpmFYSYGtC/uinxPjWFQfoK8LY
-iuUbLlEIm1bjs3pMPuW+Sk34ZXuoIeDK/our1+zyLffQv9fFIxwI2KpXx/NfujM/
-eNH0jl4=
 -----END CERTIFICATE-----

SSL/server-key.pem

@@ -1,15 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDphnpVhIhMvqT4knMwEkkLeoWHOTQ5DX0LjRjCF5UTUtI/VRBX
+MIIBOgIBAAJBANn92rP7fOCwA76XxqQ2rHGvuy3lhO3zjyvrEeWqZu2/YmvjzvqA
-yD9a9bL6i9BnScyqgvyfzgC0c/M20jrTwrAOFMPUsiF0ofAxgWCHmHNcEMGxGk3x
+7ZD/uUo5IEC28pm/LzO18uw6kGAdnpR+pBsCAwEAAQJBAMieYdpmRoUaODf9wqh6
-87CYP/DXl5sr/dUhebIv62QVyZud/J4t1PgEW+qpdUtCwz0OTSqouMqZjQIDAQAB
+ULXH/sG8i1vaXRcUHcJ50oRVfVK8/tGGvUuTDu6MeINTdahNDlYfjwOjKWVXys1w
-AoGBALTq11nrjIEQbdSZ+R1z/R0kddB2U+wjdA3/6P9tr7PBxVsFdtzbKaI5mcib
+h6ECIQDs6s7DfczK2bKCLt0zqg24mZL3rOpGmDU+TatwN1yVgwIhAOuMzdVTX39p
-iwCKX0J2qmrP+SHUdsexBZxLR4KV/Z55v9Pym99Dy+DxDA95zURyCMKRBIzlU5uN
+328+5WxJvBOFfxmSmqdDhIFpnRMvgguJAiByvKjT/km+970+1OllyvaIL0AA2OpA
-F7USEQoltLUCsmZwNWdit0gfxSWdddkHNuI0uxTzHwuDcUlNAkEA/76zVremngNL
+tBgdC0p6tyUMdwIgKuHAWzTJbu28UolVxQgLaFZmVCZ/ZzIAfnrWsLZ2a1kCIBq/
-DlekM9NPn/8E/TXBHN1b1jdUKd7WymSJykdcm3viU98dFNZFWF8B0jiTcuBKXgpR
+ywJ2cpyFlgazu8AH6KCQa0ok9s70ElaB6FEC85Al
-vTShNab/swJBAOnCGp554BLhioTyyk8qjRLt3xEsjsDljJULHVLYWcUqIkMf97GL
-VLBhl6ZEI9i0WduqvgZ+Bacd0uHqIHz1Yb8CQQDm1CjqTDiGxlIoT9JVNJTZxEOs
-h6gVdXY+kxHT+N3FL5luiZp8fAR7zxVgiUVtzdLG+2madfapiobcT3RyCJkhAkBI
-64AaR7KasTjg2Ew7/e4cJZAcb2XozrLYG6t+GHeIhehCQEqoW+qDSy5fc4orI7eU
-SuMUa2OgCjGqv7p6wKFJAkEAznmum/MbVOBpC4FsdnIGkxyFKIbh2OLY2aUb2KkK
-Ouf4S8Y5Ldgszi0fnDPRaxWJzewwZKvcff2zj+mYZeAXbA==
 -----END RSA PRIVATE KEY-----

SSL/server-req.pem

@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBvDCCASUCAQAwfDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP
-BgNVBAoTCE15U1FMIEFCMRUwEwYDVQQDEwxNeVNRTCBTZXJ2ZXIxMTAvBgkqhkiG
-9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAOmGelWEiEy+pPiSczASSQt6hYc5NDkNfQuN
-GMIXlRNS0j9VEFfIP1r1svqL0GdJzKqC/J/OALRz8zbSOtPCsA4Uw9SyIXSh8DGB
-YIeYc1wQwbEaTfHzsJg/8NeXmyv91SF5si/rZBXJm538ni3U+ARb6ql1S0LDPQ5N
-Kqi4ypmNAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCagJxGHBC+G5aSh3OguFn6
-z+qAC7u3B181kPBgNv20zMgLeq7YiAh3iNx4XO2+QXRGzMznFKx1tFr/mavCpgLs
-p3+dCvQt5FHEFFK1D1pDeXy4146X07hOTtC9jc/jSWeVnH4ujuX5gMtZqisOyYWV
-/gpw6dBtkTYlhS+y86kM/Q==
------END CERTIFICATE REQUEST-----

client/client_priv.h

@@ -51,5 +51,5 @@ enum options_client
 #endif
   OPT_TRIGGERS,
   OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE,
-  OPT_TZ_UTC, OPT_AUTO_CLOSE
+  OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT
 };

client/mysql.cc

@@ -448,6 +448,14 @@ int main(int argc,char *argv[])
 				 MYF(MY_WME));
       if (histfile)
 	sprintf(histfile,"%s/.mysql_history",getenv("HOME"));
+      char link_name[FN_REFLEN];
+      if (my_readlink(link_name, histfile, 0) == 0 &&
+          strncmp(link_name, "/dev/null", 10) == 0)
+      {
+        /* The .mysql_history file is a symlink to /dev/null, don't use it */
+        my_free(histfile, MYF(MY_ALLOW_ZERO_PTR));
+        histfile= 0;
+      }
     }
     if (histfile)
     {
@@ -484,7 +492,7 @@ sig_handler mysql_end(int sig)
 {
   mysql_close(&mysql);
 #ifdef HAVE_READLINE
-  if (!status.batch && !quick && !opt_html && !opt_xml)
+  if (!status.batch && !quick && !opt_html && !opt_xml && histfile)
   {
     /* write-history */
     if (verbose)
@@ -2319,7 +2327,7 @@ print_table_data(MYSQL_RES *result)
       uint extra_padding;
 
       /* If this column may have a null value, use "NULL" for empty.  */
-      if (! not_null_flag[off] && (lengths[off] == 0))
+      if (! not_null_flag[off] && (cur[off] == NULL))
       {
         buffer= "NULL";
         data_length= 4;
@@ -3118,6 +3126,8 @@ sql_real_connect(char *host,char *database,char *user,char *password,
   if (opt_use_ssl)
     mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+  mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
   if (opt_protocol)
     mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

client/mysqladmin.cc

@@ -340,6 +340,8 @@ int main(int argc,char *argv[])
   if (opt_use_ssl)
     mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+  mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
   if (opt_protocol)
     mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

client/mysqldump.c

@@ -905,6 +905,8 @@ static int dbConnect(char *host, char *user,char *passwd)
   if (opt_use_ssl)
     mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+  mysql_options(&mysql_connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
   if (opt_protocol)
     mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

client/mysqlimport.c

@@ -384,6 +384,8 @@ static MYSQL *db_connect(char *host, char *database, char *user, char *passwd)
   if (opt_use_ssl)
     mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+  mysql_options(&mysql_connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
   if (opt_protocol)
     mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

client/mysqlshow.c

@@ -109,6 +109,8 @@ int main(int argc, char **argv)
   if (opt_use_ssl)
     mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+  mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
   if (opt_protocol)
     mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

client/mysqltest.c

@@ -87,14 +87,6 @@
 #endif
 #define MAX_SERVER_ARGS 64
 
-/*
-  Sometimes in a test the client starts before
-  the server - to solve the problem, we try again
-  after some sleep if connection fails the first
-  time
-*/
-#define CON_RETRY_SLEEP 2
-#define MAX_CON_TRIES	5
 
 #define SLAVE_POLL_INTERVAL 300000 /* 0.3 of a sec */
 #define DEFAULT_DELIMITER ";"
@@ -108,7 +100,7 @@ enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD,
       OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC,
       OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH,
       OPT_SSL_CIPHER,OPT_PS_PROTOCOL,OPT_SP_PROTOCOL,OPT_CURSOR_PROTOCOL,
-      OPT_VIEW_PROTOCOL};
+      OPT_VIEW_PROTOCOL, OPT_SSL_VERIFY_SERVER_CERT, OPT_MAX_CONNECT_RETRIES};
 
 /* ************************************************************************ */
 /*
@@ -157,6 +149,7 @@ static int record= 0, opt_sleep= -1;
 static char *db = 0, *pass=0;
 const char *user = 0, *host = 0, *unix_sock = 0, *opt_basedir="./";
 static int port = 0;
+static int opt_max_connect_retries;
 static my_bool opt_big_test= 0, opt_compress= 0, silent= 0, verbose = 0;
 static my_bool tty_password= 0;
 static my_bool ps_protocol= 0, ps_protocol_enabled= 0;
@@ -2126,9 +2119,16 @@ void init_manager()
       db, port, sock
 
   NOTE
-    This function will try to connect to the given server MAX_CON_TRIES
+
-    times and sleep CON_RETRY_SLEEP seconds between attempts before
+    Sometimes in a test the client starts before
-    finally giving up. This helps in situation when the client starts
+    the server - to solve the problem, we try again
+    after some sleep if connection fails the first
+    time
+
+    This function will try to connect to the given server
+    "opt_max_connect_retries" times and sleep "connection_retry_sleep"
+    seconds between attempts before finally giving up.
+    This helps in situation when the client starts
     before the server (which happens sometimes).
     It will ignore any errors during these retries. One should use
     connect_n_handle_errors() if he expects a connection error and wants
@@ -2143,8 +2143,9 @@ int safe_connect(MYSQL* mysql, const char *host, const char *user,
 {
   int con_error= 1;
   my_bool reconnect= 1;
+  static int connection_retry_sleep= 2; /* Seconds */
   int i;
-  for (i= 0; i < MAX_CON_TRIES; ++i)
+  for (i= 0; i < opt_max_connect_retries; i++)
   {
     if (mysql_real_connect(mysql, host,user, pass, db, port, sock,
 			   CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS))
@@ -2152,7 +2153,7 @@ int safe_connect(MYSQL* mysql, const char *host, const char *user,
       con_error= 0;
       break;
     }
-    sleep(CON_RETRY_SLEEP);
+    sleep(connection_retry_sleep);
   }
   /*
    TODO: change this to 0 in future versions, but the 'kill' test relies on
@@ -2379,8 +2380,12 @@ int do_connect(struct st_query *q)
 
 #ifdef HAVE_OPENSSL
   if (opt_use_ssl || con_ssl)
+  {
     mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+    mysql_options(&next_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                  &opt_ssl_verify_server_cert);
+  }
 #endif
   if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR)
     con_sock=fn_format(buff, con_sock, TMPDIR, "",0);
@@ -2912,6 +2917,10 @@ static struct my_option my_long_options[] =
   {"manager-wait-timeout", OPT_MANAGER_WAIT_TIMEOUT,
    "Undocumented: Used for debugging.", (gptr*) &manager_wait_timeout,
    (gptr*) &manager_wait_timeout, 0, GET_INT, REQUIRED_ARG, 3, 0, 0, 0, 0, 0},
+  {"max-connect-retries", OPT_MAX_CONNECT_RETRIES,
+   "Max number of connection attempts when connecting to server",
+   (gptr*) &opt_max_connect_retries, (gptr*) &opt_max_connect_retries, 0,
+   GET_INT, REQUIRED_ARG, 5, 1, 10, 0, 0, 0},
   {"password", 'p', "Password to use when connecting to server.",
    0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
   {"port", 'P', "Port number to use for connection.", (gptr*) &port,
@@ -4605,9 +4614,14 @@ int main(int argc, char **argv)
   mysql_options(&cur_con->mysql, MYSQL_SET_CHARSET_NAME, charset_name);
 
 #ifdef HAVE_OPENSSL
+  opt_ssl_verify_server_cert= TRUE; /* Always on in mysqltest */
   if (opt_use_ssl)
+  {
     mysql_ssl_set(&cur_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+    mysql_options(&cur_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                  &opt_ssl_verify_server_cert);
+  }
 #endif
 
   if (!(cur_con->name = my_strdup("default", MYF(MY_WME))))

extra/yassl/README

@@ -1,4 +1,37 @@
-yaSSL Release notes, version 1.2.2 (03/27/06)
+yaSSL Release notes, version 1.3.0 (04/26/06)
+
+
+    This release of yaSSL contains minor bug fixes, portability enhancements,
+    and libcurl support.
+
+See normal build instructions below under 1.0.6.
+
+
+--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
+
+  To build for libcurl the library needs to be built without C++ globals since
+  the linker will be called in a C context, also libcurl configure will expect
+  OpenSSL library names so some symbolic links are created.
+
+    ./configure --enable-pure-c
+    make
+    make openssl-links
+
+    (then go to your libcurl home and tell libcurl about yaSSL)
+    ./configure --with-ssl=/yaSSL-HomeDir
+    make
+
+
+--To build for libcurl on Win32:
+
+    Simply add the yaSSL project as a dependency to libcurl, add 
+    yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and
+    define USE_SSLEAY and USE_OPENSSL
+
+    please email todd@yassl.com if you have any questions.
+    
+
+*******************yaSSL Release notes, version 1.2.2 (03/27/06)
 
 
     This release of yaSSL contains minor bug fixes and portability enhancements.

extra/yassl/certs/ca-cert.pem

@@ -0,0 +1,53 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 20:12:32 2005 GMT
+            Not After : Oct 15 20:12:32 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6:
+                    90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26:
+                    c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7:
+                    6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34:
+                    7d:79:97:5e:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
+            X509v3 Authority Key Identifier: 
+                keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
+                DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d:
+        28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29:
+        a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47:
+        03:ea:0b:4c:67:45:4b:ab:f3:39
+-----BEGIN CERTIFICATE-----
+MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
+d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
+BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3
+MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
+BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
+LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
+c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy
+W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h
+AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV
+HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG
+EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
+ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
+bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21
+86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk=
+-----END CERTIFICATE-----

extra/yassl/certs/client-cert.pem

@@ -0,0 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 19:33:15 2005 GMT
+            Not After : Oct 15 19:33:15 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86:
+                    36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2:
+                    26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28:
+                    65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd:
+                    46:2a:a0:45:71
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
+            X509v3 Authority Key Identifier: 
+                keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        c5:82:26:0c:1f:61:01:14:b0:ce:18:99:64:91:0e:f1:f8:90:
+        3e:a3:0e:be:38:7c:97:ba:05:c9:2a:dc:dd:62:2d:12:61:79:
+        7a:86:b1:97:5d:1e:e8:f7:e8:32:34:f7:8f:b1:08:3d:13:71:
+        a6:3c:15:91:85:12:35:6e:78:87
+-----BEGIN CERTIFICATE-----
+MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP
+MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT
+U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
+eWFzc2wuY29tMB4XDTA1MDExODE5MzMxNVoXDTA3MTAxNTE5MzMxNVoweDELMAkG
+A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM
+BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
+AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH
++LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA
+ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC
+wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4
+MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu
+ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
+hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEEBQADQQDFgiYMH2EBFLDOGJlkkQ7x+JA+ow6+OHyXugXJKtzdYi0SYXl6
+hrGXXR7o9+gyNPePsQg9E3GmPBWRhRI1bniH
+-----END CERTIFICATE-----

extra/yassl/certs/client-key.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz
+Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l
+n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg
+QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT
+8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP
+YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA
+uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L
+-----END RSA PRIVATE KEY-----

extra/yassl/certs/dh1024.dat

@@ -0,0 +1 @@
+30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102

extra/yassl/certs/dsa-cert.pem

@@ -0,0 +1,68 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: dsaWithSHA1
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 23 22:54:51 2005 GMT
+            Not After : Oct 20 22:54:51 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
+                    ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
+                    47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
+                    f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
+                    ef:bb:b9:82
+                P:   
+                    00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
+                    95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
+                    df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
+                    cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
+                    b9:42:fd:1b:11
+                Q:   
+                    00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
+                    a6:b7:dd:4d:03:09
+                G:   
+                    12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
+                    b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
+                    71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
+                    04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
+                    10:46:19:31
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
+            X509v3 Authority Key Identifier: 
+                keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: dsaWithSHA1
+        30:2b:02:14:74:46:9f:91:7b:24:17:3b:ee:0f:10:e3:76:62:
+        f4:dc:81:e6:fd:fe:02:13:08:f4:87:0a:ab:ba:9c:de:3a:69:
+        72:59:b8:ec:e9:57:f4:bf:37
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD
+VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE
+U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz
+bC5jb20wHhcNMDUwMTIzMjI1NDUxWhcNMDcxMDIwMjI1NDUxWjB4MQswCQYDVQQG
+EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE
+ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW
+DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+
+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5
+Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l
+jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA
+AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z
+JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK
+IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow
+eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh
+bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG
+SM44BAMDLgAwKwIUdEafkXskFzvuDxDjdmL03IHm/f4CEwj0hwqrupzeOmlyWbjs
+6Vf0vzc=
+-----END CERTIFICATE-----

extra/yassl/certs/dsa512.pem

@@ -0,0 +1,8 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
+m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
+AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
+1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
+VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
+E2V27tjDFY02uA==
+-----END DSA PRIVATE KEY-----

extra/yassl/certs/server-cert.pem

@@ -0,0 +1,38 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 20:50:59 2005 GMT
+            Not After : Oct 15 20:50:59 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9:
+                    95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0:
+                    a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be:
+                    6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd:
+                    f2:25:93:22:e7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        08:36:07:8c:3a:7f:f9:91:0a:82:d1:6a:c1:34:be:bc:2d:b2:
+        20:98:dc:45:50:53:9c:66:e6:26:71:bd:fa:d2:b4:91:d3:53:
+        c0:20:05:c0:b6:84:9a:5f:3f:61:75:f5:fd:c6:ec:e2:f6:9f:
+        a2:13:17:a9:b7:83:60:cc:cb:eb
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD
+VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290
+aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAxMTgyMDUwNTlaFw0wNzEwMTUy
+MDUwNTlaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
+EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh
+b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G
+CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg
+0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI
+hvcNAQEEBQADQQAINgeMOn/5kQqC0WrBNL68LbIgmNxFUFOcZuYmcb360rSR01PA
+IAXAtoSaXz9hdfX9xuzi9p+iExept4NgzMvr
+-----END CERTIFICATE-----

extra/yassl/certs/server-key.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU
+ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC
+1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI
+2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE
+B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw
+7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL
+WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI=
+-----END RSA PRIVATE KEY-----

extra/yassl/certs/taoCert.txt

@@ -0,0 +1,50 @@
+
+***** Create a self signed cert ************
+
+1) openssl genrsa 512 > client-key.pem
+
+2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
+
+-- adding metadata to beginning
+
+3) openssl x509 -in client-cert.pem -text > tmp.pem
+
+4) mv tmp.pem client-cert.pem
+
+
+***** Create a CA, signing authority **********
+
+same as self signed, use ca prefix instead of client
+
+
+***** Create a cert signed by CA **************
+
+1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
+
+2) copy ca-key.pem ca-cert.srl   (why ????)
+
+3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+
+
+
+***** To create a dsa cert ********************
+
+1) openssl dsaparam 512 > dsa512.param       # creates group params
+
+2) openssl gendsa dsa512.param > dsa512.pem  # creates private key
+
+3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem 
+
+
+
+
+***** To convert from PEM to DER **************
+
+a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+
+to convert rsa private PEM to DER :
+
+b) openssl rsa -in key.pem -outform DER -out key.der
+
+
+

extra/yassl/examples/client/client.cpp

@@ -33,10 +33,10 @@ void client_test(void* args)
     const char* cipher = 0;
     int index = 0;
     char list[1024];
-    strcpy(list, "cipherlist");
+    strncpy(list, "cipherlist", 11);
     while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) {
-        strcat(list, ":");
+        strncat(list, ":", 2);
-        strcat(list, cipher);
+        strncat(list, cipher, strlen(cipher) + 1);
     }
     printf("%s\n", list);
     printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl));
@@ -89,6 +89,8 @@ void client_test(void* args)
         args.argv = argv;
 
         client_test(&args);
+        yaSSL_CleanUp();
+
         return args.return_code;
     }
 

extra/yassl/examples/echoclient/echoclient.cpp

@@ -82,6 +82,7 @@ void echoclient_test(void* args)
         args.argv = argv;
 
         echoclient_test(&args);
+        yaSSL_CleanUp();
 
         return args.return_code;
     }

extra/yassl/examples/echoserver/echoserver.cpp

@@ -15,6 +15,8 @@
         args.argv = argv;
 
         echoserver_test(&args);
+        yaSSL_CleanUp();
+
         return args.return_code;
     }
 

extra/yassl/examples/server/server.cpp

@@ -67,6 +67,8 @@ THREAD_RETURN YASSL_API server_test(void* args)
         args.argv = argv;
 
         server_test(&args);
+        yaSSL_CleanUp();
+
         return args.return_code;
     }
 

extra/yassl/include/openssl/err.h

@@ -1,6 +1,6 @@
 /* err.h for openssl */
 
-#ifndef ysSSL_err_h__
+#ifndef yaSSL_err_h__
 #define yaSSL_err_h__
 
 

extra/yassl/include/openssl/md4.h

@@ -0,0 +1 @@
+/* md4.h for libcurl */

extra/yassl/include/openssl/md5.h

@@ -1 +1,4 @@
 /* md5.h for openssl */
+
+#include "ssl.h"   /* in there for now */
+

extra/yassl/include/openssl/pem.h

@@ -0,0 +1 @@
+/* pem.h  for libcurl */

extra/yassl/include/openssl/ssl.h

@@ -29,8 +29,22 @@
 #define yaSSL_openssl_h__
 
 #include <stdio.h>   /* ERR_print fp */
+#include "opensslv.h" /* for version number */
 #include "rsa.h"
 
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+ void yaSSL_CleanUp();   /* call once at end of application use to
+                                      free static singleton memory holders,
+                                      not a leak per se, but helpful when 
+                                      looking for them                      */
+
+#if defined(__cplusplus)
+} // extern
+#endif
+
 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
 namespace yaSSL {
 extern "C" {
@@ -102,7 +116,6 @@ void X509_free(X509*);
 typedef struct BIO BIO;
 
 /* ASN stuff */
-typedef struct ASN1_TIME ASN1_TIME;
 
 
 
@@ -345,8 +358,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
 long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
 
 void OpenSSL_add_all_algorithms(void);
-void SSL_library_init();
+int  SSL_library_init();
-void SSLeay_add_ssl_algorithms(void);
+int  SSLeay_add_ssl_algorithms(void);
 
 
 SSL_CIPHER* SSL_get_current_cipher(SSL*);
@@ -371,6 +384,10 @@ typedef unsigned char DES_cblock[8];
 typedef const  DES_cblock const_DES_cblock;
 typedef DES_cblock DES_key_schedule;
                                                           
+enum {
+    DES_ENCRYPT = 1,
+    DES_DECRYPT = 0
+};
                                                              
 const EVP_MD*     EVP_md5(void);
 const EVP_CIPHER* EVP_des_ede3_cbc(void);
@@ -392,6 +409,108 @@ int         RAND_write_file(const char*);
 int         RAND_load_file(const char*, long);
 
 
+/* for libcurl */
+int  RAND_status(void);
+
+int  DES_set_key(const_DES_cblock*, DES_key_schedule*);
+void DES_set_odd_parity(DES_cblock*);
+void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
+void SSL_SESSION_free(SSL_SESSION* session);
+
+X509*     SSL_get_certificate(SSL* ssl);
+EVP_PKEY* SSL_get_privatekey(SSL* ssl);
+EVP_PKEY* X509_get_pubkey(X509* x);
+
+int  EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from);
+void EVP_PKEY_free(EVP_PKEY* pkey);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+void ERR_free_strings(void);
+void EVP_cleanup(void);
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx);
+
+#define GEN_IPADD 7
+#define NID_subject_alt_name 85
+#define STACK_OF(x) x
+
+
+/* defined here because libcurl dereferences */
+typedef struct ASN1_STRING {
+    int type;
+    int length;
+    unsigned char* data;
+} ASN1_STRING;
+
+
+typedef struct GENERAL_NAME {
+    int type;
+    union {
+        ASN1_STRING* ia5;
+    } d;
+} GENERAL_NAME;
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x);
+
+int           sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x);
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i);
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x);
+int            ASN1_STRING_length(ASN1_STRING* x);
+int            ASN1_STRING_type(ASN1_STRING *x);
+
+typedef ASN1_STRING X509_NAME_ENTRY;
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos);
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne);
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc);
+
+#define OPENSSL_malloc(x) malloc(x)
+#define OPENSSL_free(x)   free(x)
+
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in);
+
+SSL_METHOD* SSLv23_client_method(void);  /* doesn't actually roll back */
+SSL_METHOD* SSLv2_client_method(void);   /* will never work, no v 2    */
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl);  /* what's ref count */
+
+
+#define CRYPTO_free(x) free(x)
+#define ASN1_TIME ASN1_STRING
+
+ASN1_TIME* X509_get_notBefore(X509* x);
+ASN1_TIME* X509_get_notAfter(X509* x);
+
+
+#define ASN1_UTCTIME ASN1_STRING
+#define NID_commonName    13
+#define V_ASN1_UTF8STRING 12
+#define GEN_DNS            2
+
+
+typedef struct MD4_CTX {
+    void* ptr;
+} MD4_CTX;
+
+void MD4_Init(MD4_CTX*);
+void MD4_Update(MD4_CTX*, const void*, unsigned long);
+void MD4_Final(unsigned char*, MD4_CTX*);
+
+
+typedef struct MD5_CTX {
+    int buffer[32];       /* big enough to hold, check size in Init */
+} MD5_CTX;
+
+void MD5_Init(MD5_CTX*);
+void MD5_Update(MD5_CTX*, const void*, unsigned long);
+void MD5_Final(unsigned char*, MD5_CTX*);
+
+
 #define SSL_DEFAULT_CIPHER_LIST ""   /* default all */
 
 

extra/yassl/include/openssl/x509.h

@@ -0,0 +1 @@
+/* x509.h  for libcurl */

extra/yassl/include/openssl/x509v3.h

@@ -0,0 +1 @@
+/* x509v3.h  for libcurl */

extra/yassl/include/yassl_int.hpp

@@ -34,6 +34,7 @@
 #include "cert_wrapper.hpp"
 #include "log.hpp"
 #include "lock.hpp"
+#include "openssl/ssl.h"  // ASN1_STRING and DH
 
 
 namespace yaSSL {
@@ -126,32 +127,70 @@ private:
 };
 
 
+// hold add crypt references provided to callers
+class CryptProvider {
+    mySTL::list<Digest*>     digestList_;
+    mySTL::list<BulkCipher*> cipherList_;
+    CryptProvider() {}                         // only GetCryptProvider creates
+public:
+    ~CryptProvider();
+
+    Digest*     NewMd5();
+    BulkCipher* NewDesEde();
+
+    friend CryptProvider& GetCryptProvider();
+private:
+    CryptProvider(const CryptProvider&);            // hide copy
+    CryptProvider& operator=(const CryptProvider&); // and assign
+};
+
+CryptProvider& GetCryptProvider();
+
 #undef X509_NAME  // wincrypt.h clash
 
 // openSSL X509 names
 class X509_NAME {
     char* name_;
+    size_t      sz_;
+    ASN1_STRING entry_;
 public:
     X509_NAME(const char*, size_t sz);
     ~X509_NAME();
 
     char* GetName();
+    ASN1_STRING* GetEntry(int i);
 private:
     X509_NAME(const X509_NAME&);                // hide copy
     X509_NAME& operator=(const X509_NAME&);     // and assign
 };
 
 
+class StringHolder {
+    ASN1_STRING  asnString_;
+public:
+    StringHolder(const char* str, int sz);
+    ~StringHolder();
+
+    ASN1_STRING* GetString();
+};
+
+
 // openSSL X509
 class X509 {
     X509_NAME issuer_;
     X509_NAME subject_;
+    StringHolder beforeDate_;   // not valid before
+    StringHolder afterDate_;    // not valid after
 public:
-    X509(const char* i, size_t, const char* s, size_t);
+    X509(const char* i, size_t, const char* s, size_t,
+         const char* b, int, const char* a, int);
     ~X509() {}
 
     X509_NAME* GetIssuer();
     X509_NAME* GetSubject();
+
+    ASN1_STRING* GetBefore();
+    ASN1_STRING* GetAfter();
 private:
     X509(const X509&);              // hide copy
     X509& operator=(const X509&);   // and assign

extra/yassl/include/yassl_types.hpp

@@ -35,10 +35,6 @@
 namespace yaSSL {
 
 
-// Delete static singleton memory holders
-void CleanUp();
-
-
 #ifdef YASSL_PURE_C
 
     // library allocation

extra/yassl/lib/dummy

@@ -0,0 +1 @@
+// this is a dummy file

extra/yassl/mySTL/helpers.hpp

@@ -44,6 +44,11 @@
         return static_cast<void*>(d);
     }
 
+    // for compilers that want matching delete
+    inline void operator delete(void* ptr, Dummy* d) 
+    { 
+    }
+
     typedef Dummy* yassl_pointer;
 
 namespace mySTL {

extra/yassl/src/cert_wrapper.cpp

@@ -271,10 +271,13 @@ int CertManager::Validate()
         else
             peerKeyType_ = dsa_sa_algo;
 
-        int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0;
+        int iSz = strlen(cert.GetIssuer()) + 1;
-        int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0;
+        int sSz = strlen(cert.GetCommonName()) + 1;
+        int bSz = strlen(cert.GetBeforeDate()) + 1;
+        int aSz = strlen(cert.GetAfterDate()) + 1;
         peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
-                                  sSz);
+                                sSz, cert.GetBeforeDate(), bSz,
+                                cert.GetAfterDate(), aSz);
     }
     return 0;
 }

extra/yassl/src/make.bat

@@ -1,4 +1,4 @@
-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
 setlocal 
 
 set myFLAGS= /I../include /I../mySTL /I../taocrypt/include /W3 /c /ZI

extra/yassl/src/ssl.cpp

@@ -1,4 +1,4 @@
-/* ssl.cpp                                
+ /* ssl.cpp                                
  *
  * Copyright (C) 2003 Sawtooth Consulting Ltd.
  *
@@ -36,6 +36,7 @@
 #include "openssl/ssl.h"
 #include "handshake.hpp"
 #include "yassl_int.hpp"
+#include "md5.hpp"              // for TaoCrypt MD5 size assert
 #include <stdio.h>
 
 #ifdef _WIN32
@@ -52,6 +53,53 @@ namespace yaSSL {
 using mySTL::min;
 
 
+int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
+{
+    if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
+        return SSL_BAD_FILETYPE;
+
+    FILE* input = fopen(file, "rb");
+    if (!input)
+        return SSL_BAD_FILE;
+
+    if (type == CA) {
+        x509* ptr = PemToDer(file, Cert);
+        if (!ptr) {
+            fclose(input);
+            return SSL_BAD_FILE;
+        }
+        ctx->AddCA(ptr);  // takes ownership
+    }
+    else {
+        x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
+
+        if (format == SSL_FILETYPE_ASN1) {
+            fseek(input, 0, SEEK_END);
+            long sz = ftell(input);
+            rewind(input);
+            x = NEW_YS x509(sz); // takes ownership
+            size_t bytes = fread(x->use_buffer(), sz, 1, input);
+            if (bytes != 1) {
+                fclose(input);
+                return SSL_BAD_FILE;
+            }
+        }
+        else {
+            x = PemToDer(file, type);
+            if (!x) {
+                fclose(input);
+                return SSL_BAD_FILE;
+            }
+        }
+    }
+    fclose(input);
+    return SSL_SUCCESS;
+}
+
+
+extern "C" {
+
+
 SSL_METHOD* SSLv3_method()
 {
     return SSLv3_client_method();
@@ -448,50 +496,6 @@ long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh)
 }
 
 
-int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
-{
-    if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
-        return SSL_BAD_FILETYPE;
-
-    FILE* input = fopen(file, "rb");
-    if (!input)
-        return SSL_BAD_FILE;
-
-    if (type == CA) {
-        x509* ptr = PemToDer(file, Cert);
-        if (!ptr) {
-            fclose(input);
-            return SSL_BAD_FILE;
-        }
-        ctx->AddCA(ptr);  // takes ownership
-    }
-    else {
-        x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
-
-        if (format == SSL_FILETYPE_ASN1) {
-            fseek(input, 0, SEEK_END);
-            long sz = ftell(input);
-            rewind(input);
-            x = NEW_YS x509(sz); // takes ownership
-            size_t bytes = fread(x->use_buffer(), sz, 1, input);
-            if (bytes != 1) {
-                fclose(input);
-                return SSL_BAD_FILE;
-            }
-        }
-        else {
-            x = PemToDer(file, type);
-            if (!x) {
-                fclose(input);
-                return SSL_BAD_FILE;
-            }
-        }
-    }
-    fclose(input);
-    return SSL_SUCCESS;
-}
-
-
 int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
 {
     return read_file(ctx, file, format, Cert);
@@ -723,8 +727,10 @@ void OpenSSL_add_all_algorithms()  // compatibility only
 {}
 
 
-void SSL_library_init()  // compatiblity only
+int SSL_library_init()  // compatiblity only
-{}
+{
+    return 1;
+}
 
 
 DH* DH_new(void)
@@ -804,15 +810,13 @@ const char* X509_verify_cert_error_string(long /* error */)
 
 const EVP_MD* EVP_md5(void)
 {
-    // TODO: FIX add to some list for destruction
+    return GetCryptProvider().NewMd5();
-    return NEW_YS MD5;
 }
 
 
 const EVP_CIPHER* EVP_des_ede3_cbc(void)
 {
-    // TODO: FIX add to some list for destruction
+    return GetCryptProvider().NewDesEde();
-    return NEW_YS DES_EDE;
 }
 
 
@@ -897,6 +901,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
 }
 
 
+// functions for libcurl
+int RAND_status()
+{
+    return 1;  /* TaoCrypt provides enough seed */
+}
+
+
+int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
+{
+    memcpy(schedule, key, sizeof(const_DES_cblock));
+    return 1;
+}
+
+
+void DES_set_odd_parity(DES_cblock* key)
+{
+    // not needed now for TaoCrypt
+}
+
+
+void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
+                     DES_key_schedule* key, int enc)
+{
+    DES  des;
+
+    if (enc) {
+        des.set_encryptKey(*key, 0);
+        des.encrypt(*output, *input, DES_BLOCK);
+    }
+    else {
+        des.set_decryptKey(*key, 0);
+        des.decrypt(*output, *input, DES_BLOCK);
+    }
+}
+
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata)
+{
+    // yaSSL doesn't support yet, unencrypt your PEM file with userdata
+    // before handing off to yaSSL
+}
+
+
+X509* SSL_get_certificate(SSL* ssl)
+{
+    // only used to pass to get_privatekey which isn't used
+    return 0;
+}
+
+
+EVP_PKEY* SSL_get_privatekey(SSL* ssl)
+{
+    // only called, not used
+    return 0;
+}
+
+
+void SSL_SESSION_free(SSL_SESSION* session)
+{
+    // managed by singleton
+}
+
+
+
+EVP_PKEY* X509_get_pubkey(X509* x)
+{
+    // called, not used though
+    return 0;
+}
+
+
+int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from)
+{
+    // called, not used though
+    return 0;
+}
+
+
+void EVP_PKEY_free(EVP_PKEY* pkey)
+{
+    // never allocated from above
+}
+
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+    if (len) ERR_error_string(e, buf);
+}
+
+
+void ERR_free_strings(void)
+{
+    // handled internally
+}
+
+
+void EVP_cleanup(void)
+{
+    // nothing to do yet
+}
+
+
+ASN1_TIME* X509_get_notBefore(X509* x)
+{
+    if (x) return x->GetBefore();
+    return 0;
+}
+
+
+ASN1_TIME* X509_get_notAfter(X509* x)
+{
+    if (x) return x->GetAfter();
+    return 0;
+}
+
+
+SSL_METHOD* SSLv23_client_method(void)  /* doesn't actually roll back */
+{
+    return SSLv3_client_method();
+}
+
+
+SSL_METHOD* SSLv2_client_method(void)   /* will never work, no v 2    */
+{
+    return 0;
+}
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl)  /* what's ref count */
+{
+    return SSL_get_session(ssl);
+}
+
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x)
+{
+    // no extension names supported yet
+}
+
+
+int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x)
+{
+    // no extension names supported yet
+    return 0;
+}
+
+
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i)
+{
+    // no extension names supported yet
+    return 0;
+}
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x)
+{
+    if (x) return x->data;
+    return 0;
+}
+
+
+int ASN1_STRING_length(ASN1_STRING* x)
+{
+    if (x) return x->length;
+    return 0;
+}
+
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{
+    if (x) return x->type;
+    return 0;
+}
+
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
+{
+    int idx = -1;  // not found
+    const char* start = &name->GetName()[lastpos + 1];
+
+    switch (nid) {
+    case NID_commonName:
+        const char* found = strstr(start, "/CN=");
+        if (found) {
+            found += 4;  // advance to str
+            idx = found - start + lastpos + 1;
+        }
+        break;
+    }
+
+    return idx;
+}
+
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne)
+{
+    // the same in yaSSL
+    return ne;
+}
+
+
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc)
+{
+    return name->GetEntry(loc);
+}
+
+
+// already formatted, caller responsible for freeing *out
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in)
+{
+    if (!in) return 0;
+
+    *out = (unsigned char*)malloc(in->length + 1);
+    if (*out) {
+        memcpy(*out, in->data, in->length);
+        (*out)[in->length] = 0;
+    }
+    return in->length;
+}
+
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx)
+{
+    // no extensions supported yet
+    return 0;
+}
+
+
+void MD4_Init(MD4_CTX* md4)
+{
+    assert(0);  // not yet supported, build compat. only
+}
+
+
+void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz)
+{
+}
+
+
+void MD4_Final(unsigned char* hash, MD4_CTX* md4)
+{
+}
+
+
+void MD5_Init(MD5_CTX* md5)
+{
+    // make sure we have a big enough buffer
+    typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1];
+    (void) sizeof(ok);
+
+    // using TaoCrypt since no dynamic memory allocated
+    // and no destructor will be called
+    new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5();
+}
+
+
+void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz)
+{
+    reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update(
+                static_cast<const byte*>(data), static_cast<unsigned int>(sz));
+}
+
+
+void MD5_Final(unsigned char* hash, MD5_CTX* md5)
+{
+    reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash);
+}
+
+
     // functions for stunnel
 
     void RAND_screen()
@@ -1098,8 +1371,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
     }
 
 
-    void SSLeay_add_ssl_algorithms()  // compatibility only
+    int SSLeay_add_ssl_algorithms()  // compatibility only
-    {}
+    {
+        return 1;
+    }
 
 
     void ERR_remove_state(unsigned long)
@@ -1129,4 +1404,5 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
     // end stunnel needs
 
 
+} // extern "C"
 } // namespace

extra/yassl/src/template_instnt.cpp

@@ -31,7 +31,6 @@
 #include "hmac.hpp"
 #include "md5.hpp"
 #include "sha.hpp"
-#include "ripemd.hpp"
 #include "openssl/ssl.h"
 
 #ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
@@ -51,12 +50,16 @@ template class list<yaSSL::SSL_SESSION*>;
 template class list<yaSSL::input_buffer*>;
 template class list<yaSSL::output_buffer*>;
 template class list<yaSSL::x509*>;
+template class list<yaSSL::Digest*>;
+template class list<yaSSL::BulkCipher*>;
 template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
 template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero);
 template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero);
 }
 
 namespace yaSSL {
@@ -82,6 +85,7 @@ template void ysDelete<X509>(X509*);
 template void ysDelete<Message>(Message*);
 template void ysDelete<sslFactory>(sslFactory*);
 template void ysDelete<Sessions>(Sessions*);
+template void ysDelete<CryptProvider>(CryptProvider*);
 template void ysArrayDelete<unsigned char>(unsigned char*);
 template void ysArrayDelete<char>(char*);
 }

extra/yassl/src/yassl_imp.cpp

@@ -1975,7 +1975,9 @@ Connection::Connection(ProtocolVersion v, RandomPool& ran)
     : pre_master_secret_(0), sequence_number_(0), peer_sequence_number_(0),
       pre_secret_len_(0), send_server_key_(false), master_clean_(false),
       TLS_(v.major_ >= 3 && v.minor_ >= 1), version_(v), random_(ran) 
-{}
+{
+    memset(sessionID_, 0, sizeof(sessionID_));
+}
 
 
 Connection::~Connection() 

extra/yassl/src/yassl_int.cpp

@@ -28,7 +28,6 @@
 #include "yassl_int.hpp"
 #include "handshake.hpp"
 #include "timer.hpp"
-#include "openssl/ssl.h"  // for DH
 
 
 #ifdef YASSL_PURE_C
@@ -1375,16 +1374,51 @@ Sessions& GetSessions()
 
 static sslFactory* sslFactoryInstance = 0;
 
-sslFactory& GetSSL_Factory(){
+sslFactory& GetSSL_Factory()
+{  
     if (!sslFactoryInstance)
         sslFactoryInstance = NEW_YS sslFactory;
     return *sslFactoryInstance;
 }
 
 
-void CleanUp()
+static CryptProvider* cryptProviderInstance = 0;
+
+CryptProvider& GetCryptProvider()
+{
+    if (!cryptProviderInstance)
+        cryptProviderInstance = NEW_YS CryptProvider;
+    return *cryptProviderInstance;
+}
+
+
+CryptProvider::~CryptProvider()
+{
+    mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
+    mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
+}
+
+
+Digest* CryptProvider::NewMd5()
+{
+    Digest* ptr = NEW_YS MD5();
+    digestList_.push_back(ptr);
+    return ptr;
+}
+
+
+BulkCipher* CryptProvider::NewDesEde()
+{
+    BulkCipher* ptr = NEW_YS DES_EDE();
+    cipherList_.push_back(ptr);
+    return ptr;
+}
+
+
+extern "C" void yaSSL_CleanUp()
 {
     TaoCrypt::CleanUp();
+    ysDelete(cryptProviderInstance);
     ysDelete(sslFactoryInstance);
     ysDelete(sessionsInstance);
 }
@@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b)
 
 
 X509_NAME::X509_NAME(const char* n, size_t sz)
-    : name_(0)
+    : name_(0), sz_(sz)
 {
     if (sz) {
         name_ = NEW_YS char[sz];
         memcpy(name_, n, sz);
     }
+    entry_.data = 0;
 }
 
 
 X509_NAME::~X509_NAME()
 {
     ysArrayDelete(name_);
+    ysArrayDelete(entry_.data);
 }
 
 
@@ -1999,8 +2035,10 @@ char* X509_NAME::GetName()
 }
 
 
-X509::X509(const char* i, size_t iSz, const char* s, size_t sSz)
+X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
-    : issuer_(i, iSz), subject_(s, sSz)
+           const char* b, int bSz, const char* a, int aSz)
+    : issuer_(i, iSz), subject_(s, sSz),
+      beforeDate_(b, bSz), afterDate_(a, aSz)
 {}
    
 
@@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject()
 }
 
 
+ASN1_STRING* X509::GetBefore()
+{
+    return beforeDate_.GetString();
+}
+
+
+ASN1_STRING* X509::GetAfter()
+{
+    return afterDate_.GetString();
+}
+
+
+ASN1_STRING* X509_NAME::GetEntry(int i)
+{
+    if (i < 0 || i >= int(sz_))
+        return 0;
+
+    if (entry_.data)
+        ysArrayDelete(entry_.data);
+    entry_.data = NEW_YS byte[sz_];       // max size;
+
+    memcpy(entry_.data, &name_[i], sz_ - i);
+    if (entry_.data[sz_ -i - 1]) {
+        entry_.data[sz_ - i] = 0;
+        entry_.length = sz_ - i;
+    }
+    else
+        entry_.length = sz_ - i - 1;
+    entry_.type = 0;
+
+    return &entry_;
+}
+
+
+StringHolder::StringHolder(const char* str, int sz)
+{
+    asnString_.length = sz;
+    asnString_.data = NEW_YS byte[sz + 1];
+    memcpy(asnString_.data, str, sz);
+    asnString_.type = 0;  // not used for now
+}
+
+
+StringHolder::~StringHolder()
+{
+    ysArrayDelete(asnString_.data);
+}
+
+
+ASN1_STRING* StringHolder::GetString()
+{
+    return &asnString_;
+}
+
+
 
 } // namespace
 

extra/yassl/taocrypt/benchmark/make.bat

@@ -1,10 +1,9 @@
-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
 setlocal 
 
 set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2
-#set myFLAGS= /I../include /I../../mySTL /c /W3 
 
 cl %myFLAGS% benchmark.cpp
 
-link.exe  /out:benchmark.exe ../src/taocrypt.lib benchmark.obj
+link.exe  /out:benchmark.exe ../src/taocrypt.lib benchmark.obj advapi32.lib
 

extra/yassl/taocrypt/include/asn.hpp

@@ -79,20 +79,27 @@ enum ASNIdFlag
 
 enum DNTags
 {
-    COMMON_NAME         = 0x03
+    COMMON_NAME         = 0x03,  // CN
+    SUR_NAME            = 0x04,  // SN
+    COUNTRY_NAME        = 0x06,  // C
+    LOCALITY_NAME       = 0x07,  // L
+    STATE_NAME          = 0x08,  // ST
+    ORG_NAME            = 0x0a,  // O
+    ORGUNIT_NAME        = 0x0b   // OU
 };
 
 
 enum Constants
 {
     MIN_DATE_SZ   = 13,
-    MAX_DATE_SZ   = 15,
+    MAX_DATE_SZ   = 16,
     MAX_ALGO_SZ   = 16,
     MAX_LENGTH_SZ =  5,    
     MAX_SEQ_SZ    =  5,    // enum(seq|con) + length(4)
     MAX_ALGO_SIZE =  9,
     MAX_DIGEST_SZ = 25,    // SHA + enum(Bit or Octet) + length(4)
-    DSA_SIG_SZ    = 40
+    DSA_SIG_SZ    = 40,
+    NAME_MAX      = 512    // max total of all included names
 };
 
 
@@ -205,14 +212,14 @@ enum { SHA_SIZE = 20 };
 // A Signing Authority
 class Signer {
     PublicKey key_;
-    char*     name_;
+    char      name_[NAME_MAX];
     byte      hash_[SHA_SIZE];
 public:
     Signer(const byte* k, word32 kSz, const char* n, const byte* h);
     ~Signer();
 
     const PublicKey& GetPublicKey()  const { return key_; }
-    const char*      GetCommonName() const { return name_; }
+    const char*      GetName()       const { return name_; }
     const byte*      GetHash()       const { return hash_; }
 
 private:
@@ -245,6 +252,8 @@ public:
     const char*      GetIssuer()     const { return issuer_; }
     const char*      GetCommonName() const { return subject_; }
     const byte*      GetHash()       const { return subjectHash_; }
+    const char*      GetBeforeDate() const { return beforeDate_; }
+    const char*      GetAfterDate()  const { return afterDate_; }
 
     void DecodeToKey();
 private:
@@ -257,8 +266,10 @@ private:
     byte      subjectHash_[SHA_SIZE];   // hash of all Names
     byte      issuerHash_[SHA_SIZE];    // hash of all Names
     byte*     signature_;
-    char*     issuer_;                  // CommonName
+    char      issuer_[NAME_MAX];        // Names
-    char*     subject_;                 // CommonName
+    char      subject_[NAME_MAX];       // Names
+    char      beforeDate_[MAX_DATE_SZ]; // valid before date
+    char      afterDate_[MAX_DATE_SZ];  // valid after date
     bool      verify_;                  // Default to yes, but could be off
 
     void   ReadHeader();

extra/yassl/taocrypt/src/asn.cpp

@@ -213,21 +213,17 @@ void PublicKey::AddToEnd(const byte* data, word32 len)
 
 
 Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h)
-    : key_(k, kSz), name_(0)
+    : key_(k, kSz)
 {
-    if (n) {
         int sz = strlen(n);
-        name_ = NEW_TC char[sz + 1];
         memcpy(name_, n, sz);
         name_[sz] = 0;
-    }
 
     memcpy(hash_, h, SHA::DIGEST_SIZE);
 }
 
 Signer::~Signer()
 {
-    tcArrayDelete(name_);
 }
 
 
@@ -424,17 +420,19 @@ void DH_Decoder::Decode(DH& key)
 CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
                          bool noVerify, CertType ct)
     : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
-      signature_(0), issuer_(0), subject_(0), verify_(!noVerify)
+      signature_(0), verify_(!noVerify)
 { 
+    issuer_[0] = 0;
+    subject_[0] = 0;
+
     if (decode)
         Decode(signers, ct); 
+
 }
 
 
 CertDecoder::~CertDecoder()
 {
-    tcArrayDelete(subject_);
-    tcArrayDelete(issuer_);
     tcArrayDelete(signature_);
 }
 
@@ -672,8 +670,12 @@ void CertDecoder::GetName(NameType nt)
 
     SHA    sha;
     word32 length = GetSequence();  // length of all distinguished names
+    assert (length < NAME_MAX);
     length += source_.get_index();
 
+    char*  ptr = (nt == ISSUER) ? issuer_ : subject_;
+    word32 idx = 0;
+
     while (source_.get_index() < length) {
         GetSet();
         GetSequence();
@@ -694,13 +696,49 @@ void CertDecoder::GetName(NameType nt)
             byte   id      = source_.next();  
             b              = source_.next();    // strType
             word32 strLen  = GetLength(source_);
+            bool   copy    = false;
 
             if (id == COMMON_NAME) {
-                char*& ptr = (nt == ISSUER) ? issuer_ : subject_;
+                memcpy(&ptr[idx], "/CN=", 4);
-                ptr = NEW_TC char[strLen + 1];
+                idx += 4;
-                memcpy(ptr, source_.get_current(), strLen);
+                copy = true;
-                ptr[strLen] = 0;
             }
+            else if (id == SUR_NAME) {
+                memcpy(&ptr[idx], "/SN=", 4);
+                idx += 4;
+                copy = true;
+            }
+            else if (id == COUNTRY_NAME) {
+                memcpy(&ptr[idx], "/C=", 3);
+                idx += 3;
+                copy = true;
+            }
+            else if (id == LOCALITY_NAME) {
+                memcpy(&ptr[idx], "/L=", 3);
+                idx += 3;
+                copy = true;
+            }
+            else if (id == STATE_NAME) {
+                memcpy(&ptr[idx], "/ST=", 4);
+                idx += 4;
+                copy = true;
+            }
+            else if (id == ORG_NAME) {
+                memcpy(&ptr[idx], "/O=", 3);
+                idx += 3;
+                copy = true;
+            }
+            else if (id == ORGUNIT_NAME) {
+                memcpy(&ptr[idx], "/OU=", 4);
+                idx += 4;
+                copy = true;
+            }
+
+            if (copy) {
+                memcpy(&ptr[idx], source_.get_current(), strLen);
+                idx += strLen;
+            }
+
             sha.Update(source_.get_current(), strLen);
             source_.advance(strLen);
         }
@@ -711,6 +749,8 @@ void CertDecoder::GetName(NameType nt)
             source_.advance(length);
         }
     }
+    ptr[idx++] = 0;
+
     if (nt == ISSUER)
         sha.Final(issuerHash_);
     else
@@ -744,6 +784,16 @@ void CertDecoder::GetDate(DateType dt)
             source_.SetError(BEFORE_DATE_E);
         else
             source_.SetError(AFTER_DATE_E);
+
+    // save for later use
+    if (dt == BEFORE) {
+        memcpy(beforeDate_, date, length);
+        beforeDate_[length] = 0;
+    }
+    else {  // after
+        memcpy(afterDate_, date, length);
+        afterDate_[length] = 0;
+    }       
 }
 
 

extra/yassl/taocrypt/src/integer.cpp

@@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b)
     product.reg_.CleanNew(RoundupSize(aSize + bSize));
     product.sign_ = Integer::POSITIVE;
 
-    WordBlock workspace(aSize + bSize);
+    AlignedWordBlock workspace(aSize + bSize);
     AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(),
                        a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize);
 }
@@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient,
     quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2));
     quotient.sign_ = Integer::POSITIVE;
 
-    WordBlock T(aSize+2*bSize+4);
+    AlignedWordBlock T(aSize+2*bSize+4);
     Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(),
            T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(),
            bSize);
@@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const
         return !u ? Zero() : (m*(*this-u)+1)/(*this);
     }
 
-    WordBlock T(m.reg_.size() * 4);
+    AlignedWordBlock T(m.reg_.size() * 4);
     Integer r((word)0, m.reg_.size());
     unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(),
                                reg_.get_buffer(), reg_.size(),

extra/yassl/taocrypt/src/make.bat

@@ -1,8 +1,7 @@
-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
 setlocal 
 
 set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 
-#set myFLAGS= /I../include /I../../mySTL /c /W3 /O1
 
 cl %myFLAGS% aes.cpp
 cl %myFLAGS% aestables.cpp

extra/yassl/taocrypt/src/misc.cpp

@@ -25,6 +25,15 @@
 #include "runtime.hpp"
 #include "misc.hpp"
 
+
+extern "C" {
+
+    // for libcurl configure test, these are the signatures they use
+    // locking handled internally by library
+    char CRYPTO_lock() { return 0;}
+    char CRYPTO_add_lock() { return 0;}
+}  // extern "C"
+
 #ifdef YASSL_PURE_C
 
     void* operator new(size_t sz, TaoCrypt::new_t)

extra/yassl/taocrypt/src/template_instnt.cpp

@@ -30,11 +30,11 @@
 #include "sha.hpp"
 #include "md5.hpp"
 #include "hmac.hpp"
-#include "ripemd.hpp"
 #include "pwdbased.hpp"
 #include "algebra.hpp"
 #include "vector.hpp"
 #include "hash.hpp"
+#include "ripemd.hpp"
 
 #ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
 namespace TaoCrypt {

extra/yassl/taocrypt/taocrypt.dsp

@@ -64,7 +64,8 @@ LIB32=link.exe -lib
 # PROP Intermediate_Dir "Debug"
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
+# SUBTRACT CPP /Fr
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
 BSC32=bscmake.exe

extra/yassl/taocrypt/test/make.bat

@@ -1,4 +1,4 @@
-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
 setlocal 
 
 set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2

extra/yassl/testsuite/make.bat

@@ -1,4 +1,4 @@
-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
 setlocal 
 
 set myFLAGS= /I../include /I../taocrypt/include /I../mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER"

extra/yassl/testsuite/test.hpp

@@ -27,7 +27,7 @@
 #endif /* _WIN32 */
 
 
-#if defined(__MACH__) || defined(_WIN32)
+#if !defined(_SOCKLEN_T) && (defined(__MACH__) || defined(_WIN32))
     typedef int socklen_t;
 #endif
 
@@ -305,8 +305,8 @@ inline void showPeer(SSL* ssl)
         char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
 
         printf("peer's cert info:\n");
-        printf("issuer  is: %s\n", issuer);
+        printf("issuer : %s\n", issuer);
-        printf("subject is: %s\n", subject);
+        printf("subject: %s\n", subject);
 
         free(subject);
         free(issuer);

extra/yassl/testsuite/testsuite.cpp

@@ -91,6 +91,7 @@ int main(int argc, char** argv)
     assert(memcmp(input, output, sizeof(input)) == 0);
 
     printf("\nAll tests passed!\n");
+    yaSSL_CleanUp();
 
     return 0;
 }
@@ -146,10 +147,10 @@ int test_openSSL_des()
                    (byte*)key, iv);
 
     byte cipher[16];
-    DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[8],
+    DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[1],
-                         &key[16], &iv, true);
+                         &key[2], &iv, true);
     byte plain[16];
-    DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[8], &key[16],
+    DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[1], &key[2],
                          &iv, false);
     return 0;
 }

extra/yassl/testsuite/testsuite.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX- /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
+# ADD CPP /nologo /MT /W3 /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -67,7 +67,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX- /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
 BSC32=bscmake.exe

include/mysql.h

@@ -149,7 +149,8 @@ enum mysql_option
   MYSQL_OPT_WRITE_TIMEOUT, MYSQL_OPT_USE_RESULT,
   MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION,
   MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH,
-  MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT
+  MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT,
+  MYSQL_OPT_SSL_VERIFY_SERVER_CERT
 };
 
 struct st_mysql_options {
@@ -164,6 +165,7 @@ struct st_mysql_options {
   char *ssl_ca;					/* PEM CA file */
   char *ssl_capath;				/* PEM directory of CA-s? */
   char *ssl_cipher;				/* cipher to use */
+  my_bool ssl_verify_server_cert;		/* if to verify server cert */
   char *shared_memory_base_name;
   unsigned long max_allowed_packet;
   my_bool use_ssl;				/* if to use SSL or not */

include/sslopt-longopts.h

@@ -37,5 +37,10 @@
   {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",
    (gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,
    0, 0, 0, 0, 0, 0},
-
+#ifdef MYSQL_CLIENT
+  {"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT,
+   "Verify server's \"Common Name\" in its cert against hostname used when connecting. This option is disabled by default.",
+   (gptr*) &opt_ssl_verify_server_cert, (gptr*) &opt_ssl_verify_server_cert,
+    0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
+#endif
 #endif /* HAVE_OPENSSL */

include/sslopt-vars.h

@@ -21,4 +21,7 @@ static char *opt_ssl_cert   = 0;
 static char *opt_ssl_ca     = 0;
 static char *opt_ssl_capath = 0;
 static char *opt_ssl_cipher = 0;
+#ifdef MYSQL_CLIENT
+static my_bool opt_ssl_verify_server_cert= 0;
+#endif
 #endif

include/violite.h

@@ -105,33 +105,22 @@ void	vio_timeout(Vio *vio,uint which, uint timeout);
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
-struct st_VioSSLAcceptorFd 
+struct st_VioSSLFd
 {
   SSL_CTX *ssl_context;
-  SSL_METHOD *ssl_method;
-  struct st_VioSSLAcceptorFd *session_id_context;
 };
 
-/* One copy for client */
+int sslaccept(struct st_VioSSLFd*, Vio *, long timeout);
-struct st_VioSSLConnectorFd
+int sslconnect(struct st_VioSSLFd*, Vio *, long timeout);
-{
-  SSL_CTX *ssl_context;
-  /* function pointers which are only once for SSL client */ 
-  SSL_METHOD *ssl_method;
-};
 
-int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout);
+struct st_VioSSLFd
-int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout);
-
-struct st_VioSSLConnectorFd
 *new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
 		       const char *ca_file,  const char *ca_path,
 		       const char *cipher);
-struct st_VioSSLAcceptorFd
+struct st_VioSSLFd
 *new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
 		      const char *ca_file,const char *ca_path,
 		      const char *cipher);
-Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state);
 #endif /* HAVE_OPENSSL */
 
 #ifdef HAVE_SMEM
@@ -140,6 +129,8 @@ int vio_write_shared_memory(Vio *vio, const gptr buf, int size);
 int vio_close_shared_memory(Vio * vio);
 #endif
 
+void vio_end(void);
+
 #ifdef	__cplusplus
 }
 #endif
@@ -204,7 +195,9 @@ struct st_vio
   my_bool (*was_interrupted)(Vio*);
   int     (*vioclose)(Vio*);
   void	  (*timeout)(Vio*, unsigned int which, unsigned int timeout);
+#ifdef HAVE_OPENSSL
   void	  *ssl_arg;
+#endif
 #ifdef HAVE_SMEM
   HANDLE  handle_file_map;
   char    *handle_map;

libmysql/libmysql.c

@@ -188,6 +188,7 @@ void STDCALL mysql_server_end()
     mysql_thread_end();
   finish_client_errs();
   free_charsets();
+  vio_end();
   mysql_client_init= org_my_init_done= 0;
 #ifdef EMBEDDED_SERVER
   if (stderror_file)

mysql-test/Makefile.am

@@ -100,15 +100,15 @@ install-data-local:
 uninstall-local:
 	@RM@ -f -r $(DESTDIR)$(testdir)
 
-std_data/client-key.pem:
+std_data/client-key.pem: $(top_srcdir)/SSL/$(@F)
 	@CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data
-std_data/client-cert.pem:
+std_data/client-cert.pem: $(top_srcdir)/SSL/$(@F)
 	@CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data
-std_data/cacert.pem:
+std_data/cacert.pem: $(top_srcdir)/SSL/$(@F)
 	@CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data
-std_data/server-cert.pem:
+std_data/server-cert.pem: $(top_srcdir)/SSL/$(@F)
 	@CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data
-std_data/server-key.pem:
+std_data/server-key.pem: $(top_srcdir)/SSL/$(@F)
 	@CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data
 
 SUFFIXES = .sh

mysql-test/mysql-test-run.pl

@@ -134,7 +134,6 @@ our $glob_win32=                  0; # OS and native Win32 executables
 our $glob_win32_perl=             0; # ActiveState Win32 Perl
 our $glob_cygwin_perl=            0; # Cygwin Perl
 our $glob_cygwin_shell=           undef;
-our $glob_use_libtool=            1;
 our $glob_mysql_test_dir=         undef;
 our $glob_mysql_bench_dir=        undef;
 our $glob_hostname=               undef;
@@ -189,6 +188,7 @@ our $exe_slave_mysqld;
 our $exe_im;
 our $exe_my_print_defaults;
 our $lib_udf_example;
+our $exe_libtool;
 
 our $opt_bench= 0;
 our $opt_small_bench= 0;
@@ -376,7 +376,6 @@ sub main () {
 
   check_ndbcluster_support(); # We check whether to actually use it later
   check_ssl_support();
-  check_running_as_root();
 
   environment_setup();
   signal_setup();
@@ -443,12 +442,6 @@ sub initial_setup () {
   $glob_cygwin_perl= ($^O eq "cygwin");
   $glob_win32=       ($glob_win32_perl or $glob_cygwin_perl);
 
-  # Use libtool on all platforms except windows
-  if ( $glob_win32 )
-  {
-    $glob_use_libtool= 0;
-  }
-
   # We require that we are in the "mysql-test" directory
   # to run mysql-test-run
 
@@ -1000,6 +993,21 @@ sub snapshot_setup () {
 
 sub executable_setup () {
 
+  #
+  # Check if libtool is available in this distribution/clone
+  # we need it when valgrinding or debugging non installed binary
+  # Otherwise valgrind will valgrind the libtool wrapper or bash
+  # and gdb will not find the real executable to debug
+  #
+  if ( -x "../libtool")
+  {
+    $exe_libtool= "../libtool";
+    if ($opt_valgrind or $glob_debugger)
+    {
+      mtr_report("Using \"$exe_libtool\" when running valgrind or debugger");
+    }
+  }
+
   if ( $opt_source_dist )
   {
     if ( $glob_win32 )
@@ -1336,7 +1344,7 @@ sub kill_and_cleanup () {
 sub  check_running_as_root () {
   # Check if running as root
   # i.e a file can be read regardless what mode we set it to
-  my $test_file= "test_running_as_root.txt";
+  my $test_file= "$opt_vardir/test_running_as_root.txt";
   mtr_tofile($test_file, "MySQL");
   chmod(oct("0000"), $test_file);
 
@@ -1653,6 +1661,7 @@ sub initialize_servers () {
 	save_installed_db();
       }
     }
+    check_running_as_root();
   }
 }
 
@@ -2625,6 +2634,15 @@ sub mysqld_start ($$$$$) {
     $exe= undef;
   }
 
+  if ($exe_libtool and $opt_valgrind)
+  {
+    # Add "libtool --mode-execute"
+    # if running in valgrind(to avoid valgrinding bash)
+    unshift(@$args, "--mode=execute", $exe);
+    $exe= $exe_libtool;
+  }
+
+
   if ( $type eq 'master' )
   {
     if ( ! defined $exe or
@@ -3122,12 +3140,12 @@ sub run_mysqltest ($) {
     debugger_arguments(\$args, \$exe, "client");
   }
 
-  if ($glob_use_libtool and $opt_valgrind)
+  if ($exe_libtool and $opt_valgrind)
   {
     # Add "libtool --mode-execute" before the test to execute
     # if running in valgrind(to avoid valgrinding bash)
     unshift(@$args, "--mode=execute", $exe);
-    $exe= "libtool";
+    $exe= $exe_libtool;
   }
 
   if ( $opt_check_testcases )
@@ -3197,9 +3215,9 @@ sub gdb_arguments {
   mtr_add_arg($$args, "$type");
   mtr_add_arg($$args, "-e");
 
-  if ( $glob_use_libtool )
+  if ( $exe_libtool )
   {
-    mtr_add_arg($$args, "libtool");
+    mtr_add_arg($$args, $exe_libtool);
     mtr_add_arg($$args, "--mode=execute");
   }
 
@@ -3259,9 +3277,9 @@ sub ddd_arguments {
 
   my $save_exe= $$exe;
   $$args= [];
-  if ( $glob_use_libtool )
+  if ( $exe_libtool )
   {
-    $$exe= "libtool";
+    $$exe= $exe_libtool;
     mtr_add_arg($$args, "--mode=execute");
     mtr_add_arg($$args, "ddd");
   }
@@ -3282,6 +3300,8 @@ sub debugger_arguments {
   my $exe=  shift;
   my $debugger= $opt_debugger || $opt_client_debugger;
 
+  # FIXME Need to change the below "eq"'s to
+  # "case unsensitive string contains"
   if ( $debugger eq "vcexpress" or $debugger eq "vc")
   {
     # vc[express] /debugexe exe arg1 .. argn

mysql-test/r/blackhole.result

@@ -123,3 +123,11 @@ master-bin.000001	#	Query	1	#	use `test`; create table t3 like t1
 master-bin.000001	#	Query	1	#	use `test`; insert into t1 select * from t3
 master-bin.000001	#	Query	1	#	use `test`; replace into t1 select * from t3
 drop table t1,t2,t3;
+drop table if exists t1;
+Warnings:
+Note	1051	Unknown table 't1'
+create table t1 (c char(20)) engine=MyISAM;
+insert into t1 values ("Monty"),("WAX"),("Walrus");
+alter table t1 engine=blackhole;
+ERROR HY000: Table storage engine for 't1' doesn't have this option
+drop table t1;

mysql-test/r/distinct.result

@@ -533,3 +533,15 @@ select count(distinct concat(x,y)) from t1;
 count(distinct concat(x,y))
 2
 drop table t1;
+CREATE TABLE t1 (a INT, b INT, PRIMARY KEY (a,b));
+INSERT INTO t1 VALUES (1, 101);
+INSERT INTO t1 SELECT a + 1, a + 101 FROM t1;
+INSERT INTO t1 SELECT a + 2, a + 102 FROM t1;
+INSERT INTO t1 SELECT a + 4, a + 104 FROM t1;
+INSERT INTO t1 SELECT a + 8, a + 108 FROM t1;
+EXPLAIN SELECT DISTINCT a,a FROM t1 WHERE b < 12 ORDER BY a;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	index	NULL	PRIMARY	8	NULL	16	Using where; Using index
+SELECT DISTINCT a,a FROM t1 WHERE b < 12 ORDER BY a;
+a	a
+DROP TABLE t1;

mysql-test/r/func_str.result

@@ -1017,6 +1017,13 @@ t
 1000000
 1      
 drop table t1;
+select load_file("lkjlkj");
+load_file("lkjlkj")
+NULL
+select ifnull(load_file("lkjlkj"),"it's null");
+ifnull(load_file("lkjlkj"),"it's null")
+it's null
+End of 4.1 tests
 create table t1 (d decimal default null);
 insert into t1 values (null);
 select format(d, 2) from t1;

mysql-test/r/func_time.result

@@ -732,6 +732,25 @@ SELECT count(*) FROM t1 WHERE d>FROM_DAYS(TO_DAYS(@TMP)) AND d<=FROM_DAYS(TO_DAY
 count(*)
 3
 DROP TABLE t1;
+select last_day('2005-00-00');
+last_day('2005-00-00')
+NULL
+Warnings:
+Warning	1292	Truncated incorrect datetime value: '2005-00-00'
+select last_day('2005-00-01');
+last_day('2005-00-01')
+NULL
+Warnings:
+Warning	1292	Truncated incorrect datetime value: '2005-00-01'
+select last_day('2005-01-00');
+last_day('2005-01-00')
+NULL
+Warnings:
+Warning	1292	Truncated incorrect datetime value: '2005-01-00'
+select monthname(str_to_date(null, '%m')), monthname(str_to_date(null, '%m')),
+monthname(str_to_date(1, '%m')), monthname(str_to_date(0, '%m'));
+monthname(str_to_date(null, '%m'))	monthname(str_to_date(null, '%m'))	monthname(str_to_date(1, '%m'))	monthname(str_to_date(0, '%m'))
+NULL	NULL	January	NULL
 explain extended select timestampdiff(SQL_TSI_WEEK, '2001-02-01', '2001-05-01') as a1,
 timestampdiff(SQL_TSI_FRAC_SECOND, '2001-02-01 12:59:59.120000', '2001-05-01 12:58:58.119999') as a2;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra

mysql-test/r/group_min_max.result

@@ -2116,3 +2116,25 @@ COUNT(DISTINCT a)
 1
 DROP TABLE t1;
 DROP PROCEDURE a;
+CREATE TABLE t1 (a varchar(64) NOT NULL default '', PRIMARY KEY(a));
+INSERT INTO t1 (a) VALUES 
+(''), ('CENTRAL'), ('EASTERN'), ('GREATER LONDON'),
+('NORTH CENTRAL'), ('NORTH EAST'), ('NORTH WEST'), ('SCOTLAND'),
+('SOUTH EAST'), ('SOUTH WEST'), ('WESTERN');
+EXPLAIN SELECT DISTINCT a,a FROM t1 ORDER BY a;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	range	NULL	PRIMARY	66	NULL	12	Using index for group-by
+SELECT DISTINCT a,a FROM t1 ORDER BY a;
+a	a
+	
+CENTRAL	CENTRAL
+EASTERN	EASTERN
+GREATER LONDON	GREATER LONDON
+NORTH CENTRAL	NORTH CENTRAL
+NORTH EAST	NORTH EAST
+NORTH WEST	NORTH WEST
+SCOTLAND	SCOTLAND
+SOUTH EAST	SOUTH EAST
+SOUTH WEST	SOUTH WEST
+WESTERN	WESTERN
+DROP TABLE t1;

mysql-test/r/information_schema.result

@@ -1083,11 +1083,6 @@ DROP TABLE t1;
 DROP VIEW v1;
 DROP FUNCTION func1;
 DROP FUNCTION func2;
-create database mysqltest;
-create table mysqltest.t1(a int);
-select table_schema from information_schema.tables where table_schema='mysqltest';
-table_schema
-drop database mysqltest;
 select column_type, group_concat(table_schema, '.', table_name), count(*) as num
 from information_schema.columns where
 table_schema='information_schema' and
@@ -1096,3 +1091,20 @@ group by column_type order by num;
 column_type	group_concat(table_schema, '.', table_name)	num
 varchar(20)	information_schema.COLUMNS	1
 varchar(7)	information_schema.ROUTINES,information_schema.VIEWS	2
+create table t1(f1 char(1) not null, f2 char(9) not null)
+default character set utf8;
+select CHARACTER_MAXIMUM_LENGTH, CHARACTER_OCTET_LENGTH from
+information_schema.columns where table_schema='test' and table_name = 't1';
+CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH
+1	3
+9	27
+drop table t1;
+use mysql;
+INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL',
+'NO','DEFINER','','','BEGIN\r\n  \r\nEND','root@%','2006-03-02 18:40:03',
+'2006-03-02 18:40:03','','');
+select routine_name from information_schema.routines;
+routine_name
+
+delete from proc where name='';
+use test;

mysql-test/r/information_schema_chmod.result

@@ -0,0 +1,5 @@
+create database mysqltest;
+create table mysqltest.t1(a int);
+select table_schema from information_schema.tables where table_schema='mysqltest';
+table_schema
+drop database mysqltest;

mysql-test/r/join.result

@@ -700,8 +700,8 @@ ERROR 42S22: Unknown column 't1.b' in 'on clause'
 select * from information_schema.statistics join information_schema.columns
 using(table_name,column_name) where table_name='user';
 TABLE_NAME	COLUMN_NAME	TABLE_CATALOG	TABLE_SCHEMA	NON_UNIQUE	INDEX_SCHEMA	INDEX_NAME	SEQ_IN_INDEX	COLLATION	CARDINALITY	SUB_PART	PACKED	NULLABLE	INDEX_TYPE	COMMENT	TABLE_CATALOG	TABLE_SCHEMA	ORDINAL_POSITION	COLUMN_DEFAULT	IS_NULLABLE	DATA_TYPE	CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH	NUMERIC_PRECISION	NUMERIC_SCALE	CHARACTER_SET_NAME	COLLATION_NAME	COLUMN_TYPE	COLUMN_KEY	EXTRA	PRIVILEGES	COLUMN_COMMENT
-user	Host	NULL	mysql	0	mysql	PRIMARY	1	A	NULL	NULL	NULL		BTREE		NULL	mysql	1		NO	char	20	60	NULL	NULL	utf8	utf8_bin	char(60)	PRI		select,insert,update,references	
+user	Host	NULL	mysql	0	mysql	PRIMARY	1	A	NULL	NULL	NULL		BTREE		NULL	mysql	1		NO	char	60	180	NULL	NULL	utf8	utf8_bin	char(60)	PRI		select,insert,update,references	
-user	User	NULL	mysql	0	mysql	PRIMARY	2	A	5	NULL	NULL		BTREE		NULL	mysql	2		NO	char	5	16	NULL	NULL	utf8	utf8_bin	char(16)	PRI		select,insert,update,references	
+user	User	NULL	mysql	0	mysql	PRIMARY	2	A	5	NULL	NULL		BTREE		NULL	mysql	2		NO	char	16	48	NULL	NULL	utf8	utf8_bin	char(16)	PRI		select,insert,update,references	
 drop table t1;
 drop table t2;
 drop table t3;

mysql-test/r/merge.result

@@ -768,3 +768,11 @@ Table	Op	Msg_type	Msg_text
 test.t1	check	status	OK
 test.t2	check	status	OK
 drop table t1, t2, t3;
+drop table if exists t1;
+Warnings:
+Note	1051	Unknown table 't1'
+create table t1 (c char(20)) engine=MyISAM;
+insert into t1 values ("Monty"),("WAX"),("Walrus");
+alter table t1 engine=MERGE;
+ERROR HY000: Table storage engine for 't1' doesn't have this option
+drop table t1;

mysql-test/r/mysql.result

@@ -74,7 +74,7 @@ c_cp932
 +----------------------+------------+--------+
 | >a   <               | b          | 123421 | 
 | >a   <               | 0123456789 |      4 | 
-| >abcd<               | NULL       |      4 | 
+| >abcd<               |            |      4 | 
 +----------------------+------------+--------+
 +------+------+---------------------------+
 | i    | j    | k                         |
@@ -94,6 +94,14 @@ c_cp932
 | Field | Type    | Null | Key | Default | Extra |
 +-------+---------+------+-----+---------+-------+
 | i     | int(11) | YES  |     | NULL    |       | 
-| j     | int(11) | NO   |     | NULL    |       | 
+| j     | int(11) | NO   |     |         |       | 
 | k     | int(11) | YES  |     | NULL    |       | 
 +-------+---------+------+-----+---------+-------+
++------+------+
+| i    | s1   |
++------+------+
+|    1 | x    | 
+|    2 | NULL | 
+|    3 |      | 
++------+------+
+End of 5.0 tests

mysql-test/r/ndb_autodiscover3.result

@@ -0,0 +1,45 @@
+drop table if exists t1, t2;
+create table t1 (a int key) engine=ndbcluster;
+begin;
+insert into t1 values (1);
+insert into t1 values (2);
+ERROR HY000: Got temporary error 4025 'Node failure caused abort of transaction' from ndbcluster
+commit;
+ERROR HY000: Got error 4350 'Transaction already aborted' from ndbcluster
+drop table t1;
+create table t2 (a int, b int, primary key(a,b)) engine=ndbcluster;
+insert into t2 values (1,1),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1);
+select * from t2 order by a limit 3;
+a	b
+1	1
+2	1
+3	1
+create table t2 (a int key) engine=ndbcluster;
+insert into t2 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
+select * from t2 order by a limit 3;
+a
+1
+2
+3
+select * from t2 order by a limit 3;
+ERROR HY000: Can't lock file (errno: 241)
+select * from t2 order by a limit 3;
+a
+1
+2
+3
+show tables;
+Tables_in_test
+create table t2 (a int key) engine=ndbcluster;
+insert into t2 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
+select * from t2 order by a limit 3;
+a
+1
+2
+3
+select * from t2 order by a limit 3;
+a
+1
+2
+3
+drop table t2;

mysql-test/r/openssl_1.result

@@ -3,8 +3,8 @@ create table t1(f1 int);
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
 flush privileges;
 SHOW STATUS LIKE 'Ssl_cipher';
 Variable_name	Value
@@ -41,3 +41,10 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1
 drop user ssl_user1@localhost, ssl_user2@localhost,
 ssl_user3@localhost, ssl_user4@localhost;
 drop table t1;
+mysqltest: Could not open connection 'default': 2026 SSL connection error
+mysqltest: Could not open connection 'default': 2026 SSL connection error
+mysqltest: Could not open connection 'default': 2026 SSL connection error
+Error when connection to server using SSL:Unable to get private key from ''
+mysqltest: Could not open connection 'default': 2026 SSL connection error
+Error when connection to server using SSL:Unable to get certificate from ''
+mysqltest: Could not open connection 'default': 2026 SSL connection error

mysql-test/r/rpl_temporary.result

@@ -109,8 +109,6 @@ create temporary table t102 (id int);
 set @session.pseudo_thread_id=200;
 create temporary table t201 (id int);
 create temporary table `#not_user_table_prefixed_with_hash_sign_no_harm` (id int);
-set @con1_id=connection_id();
-kill @con1_id;
 create table t1(f int);
 insert into t1 values (1);
 select * from t1 /* must be 1 */;

mysql-test/r/select.result

@@ -3411,3 +3411,38 @@ SELECT * FROM t1;
 i
 255
 DROP TABLE t1;
+create table t1 (a int);
+insert into t1 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+create table t2 (a int, b int, c int, e int, primary key(a,b,c));
+insert into t2 select A.a, B.a, C.a, C.a from t1 A, t1 B, t1 C;
+analyze table t2;
+Table	Op	Msg_type	Msg_text
+test.t2	analyze	status	OK
+select 'In next EXPLAIN, B.rows must be exactly 10:' Z;
+Z
+In next EXPLAIN, B.rows must be exactly 10:
+explain select * from t2 A, t2 B where A.a=5 and A.b=5 and A.C<5
+and B.a=5 and B.b=A.e and (B.b =1 or B.b = 3 or B.b=5);
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	A	range	PRIMARY	PRIMARY	12	NULL	3	Using where
+1	SIMPLE	B	ref	PRIMARY	PRIMARY	8	const,test.A.e	10	
+drop table t1, t2;
+CREATE TABLE t1 (a int PRIMARY KEY, b int, INDEX(b));
+INSERT INTO t1 VALUES (1, 3), (9,4), (7,5), (4,5), (6,2),
+(3,1), (5,1), (8,9), (2,2), (0,9);
+CREATE TABLE t2 (c int, d int, f int, INDEX(c,f));
+INSERT INTO t2 VALUES
+(1,0,0), (1,0,1), (2,0,0), (2,0,1), (3,0,0), (4,0,1),
+(5,0,0), (5,0,1), (6,0,0), (0,0,1), (7,0,0), (7,0,1),
+(0,0,0), (0,0,1), (8,0,0), (8,0,1), (9,0,0), (9,0,1);
+EXPLAIN
+SELECT a, c, d, f FROM t1,t2 WHERE a=c AND b BETWEEN 4 AND 6;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	range	PRIMARY,b	b	5	NULL	3	Using where
+1	SIMPLE	t2	ref	c	c	5	test.t1.a	2	Using where
+EXPLAIN
+SELECT a, c, d, f FROM t1,t2 WHERE a=c AND b BETWEEN 4 AND 6 AND a > 0;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	range	PRIMARY,b	b	5	NULL	3	Using where
+1	SIMPLE	t2	ref	c	c	5	test.t1.a	2	Using where
+DROP TABLE t1, t2;

mysql-test/r/subselect.result

@@ -1480,7 +1480,7 @@ Note	1003	select `test`.`t1`.`s1` AS `s1`,not(<in_optimizer>(`test`.`t1`.`s1`,<e
 explain extended select s1, s1 NOT IN (SELECT s1 FROM t2 WHERE s1 < 'a2') from t1;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	PRIMARY	t1	index	NULL	s1	6	NULL	3	Using index
-2	DEPENDENT SUBQUERY	t2	index_subquery	s1	s1	6	func	1	Using index; Using where
+2	DEPENDENT SUBQUERY	t2	index_subquery	s1	s1	6	func	2	Using index; Using where
 Warnings:
 Note	1003	select `test`.`t1`.`s1` AS `s1`,not(<in_optimizer>(`test`.`t1`.`s1`,<exists>(<index_lookup>(<cache>(`test`.`t1`.`s1`) in t2 on s1 checking NULL where (`test`.`t2`.`s1` < _latin1'a2'))))) AS `s1 NOT IN (SELECT s1 FROM t2 WHERE s1 < 'a2')` from `test`.`t1`
 drop table t1,t2;

mysql-test/r/variables.result

@@ -1,4 +1,31 @@
 drop table if exists t1,t2;
+set @my_binlog_cache_size         =@@global.binlog_cache_size;
+set @my_connect_timeout           =@@global.connect_timeout;
+set @my_delayed_insert_timeout    =@@global.delayed_insert_timeout;
+set @my_delayed_queue_size        =@@global.delayed_queue_size;
+set @my_flush                     =@@global.flush;
+set @my_flush_time                =@@global.flush_time;
+set @my_key_buffer_size           =@@global.key_buffer_size;
+set @my_max_binlog_cache_size     =@@global.max_binlog_cache_size;
+set @my_max_binlog_size           =@@global.max_binlog_size;
+set @my_max_connect_errors        =@@global.max_connect_errors;
+set @my_max_delayed_threads       =@@global.max_delayed_threads;
+set @my_max_heap_table_size       =@@global.max_heap_table_size;
+set @my_max_insert_delayed_threads=@@global.max_insert_delayed_threads;
+set @my_max_join_size             =@@global.max_join_size;
+set @my_max_user_connections      =@@global.max_user_connections;
+set @my_max_write_lock_count      =@@global.max_write_lock_count;
+set @my_myisam_data_pointer_size  =@@global.myisam_data_pointer_size;
+set @my_net_buffer_length         =@@global.net_buffer_length;
+set @my_net_write_timeout         =@@global.net_write_timeout;
+set @my_net_read_timeout          =@@global.net_read_timeout;
+set @my_query_cache_limit         =@@global.query_cache_limit;
+set @my_query_cache_type          =@@global.query_cache_type;
+set @my_rpl_recovery_rank         =@@global.rpl_recovery_rank;
+set @my_server_id                 =@@global.server_id;
+set @my_slow_launch_time          =@@global.slow_launch_time;
+set @my_storage_engine            =@@global.storage_engine;
+set @my_thread_cache_size         =@@global.thread_cache_size;
 set @`test`=1;
 select @test, @`test`, @TEST, @`TEST`, @"teSt";
 @test	@`test`	@TEST	@`TEST`	@"teSt"
@@ -612,4 +639,31 @@ select @@version, @@version_comment, @@version_compile_machine,
 @@version_compile_os;
 @@version	@@version_comment	@@version_compile_machine	@@version_compile_os
 #	#	#	#
+set global binlog_cache_size         =@my_binlog_cache_size;
+set global connect_timeout           =@my_connect_timeout;
+set global delayed_insert_timeout    =@my_delayed_insert_timeout;
+set global delayed_queue_size        =@my_delayed_queue_size;
+set global flush                     =@my_flush;
+set global flush_time                =@my_flush_time;
+set global key_buffer_size           =@my_key_buffer_size;
+set global max_binlog_cache_size     =default;
+set global max_binlog_size           =@my_max_binlog_size;
+set global max_connect_errors        =@my_max_connect_errors;
+set global max_delayed_threads       =@my_max_delayed_threads;
+set global max_heap_table_size       =@my_max_heap_table_size;
+set global max_insert_delayed_threads=@my_max_insert_delayed_threads;
+set global max_join_size             =@my_max_join_size;
+set global max_user_connections      =@my_max_user_connections;
+set global max_write_lock_count      =@my_max_write_lock_count;
+set global myisam_data_pointer_size  =@my_myisam_data_pointer_size;
+set global net_buffer_length         =@my_net_buffer_length;
+set global net_write_timeout         =@my_net_write_timeout;
+set global net_read_timeout          =@my_net_read_timeout;
+set global query_cache_limit         =@my_query_cache_limit;
+set global query_cache_type          =@my_query_cache_type;
+set global rpl_recovery_rank         =@my_rpl_recovery_rank;
+set global server_id                 =@my_server_id;
+set global slow_launch_time          =@my_slow_launch_time;
+set global storage_engine            =@my_storage_engine;
+set global thread_cache_size         =@my_thread_cache_size;
 End of 5.0 tests

mysql-test/std_data/untrusted-cacert.pem

@@ -0,0 +1,53 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 20:12:32 2005 GMT
+            Not After : Oct 15 20:12:32 2007 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6:
+                    90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26:
+                    c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7:
+                    6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34:
+                    7d:79:97:5e:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
+            X509v3 Authority Key Identifier: 
+                keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
+                DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d:
+        28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29:
+        a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47:
+        03:ea:0b:4c:67:45:4b:ab:f3:39
+-----BEGIN CERTIFICATE-----
+MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
+DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
+d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
+BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3
+MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
+BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
+LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
+c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy
+W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h
+AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV
+HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG
+EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
+ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
+bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21
+86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk=
+-----END CERTIFICATE-----

mysql-test/t/blackhole.test

@@ -128,3 +128,15 @@ show binlog events;
 drop table t1,t2,t3;
 
 # End of 4.1 tests
+
+#
+# BUG#10952 - alter table ... lost data without errors and warnings
+#
+drop table if exists t1;
+create table t1 (c char(20)) engine=MyISAM;
+insert into t1 values ("Monty"),("WAX"),("Walrus");
+--error 1031
+alter table t1 engine=blackhole;
+drop table t1;
+
+# End of 5.0 tests

mysql-test/t/disabled.def

@@ -11,4 +11,3 @@
 ##############################################################################
 
 ndb_load        : Bug#17233
-udf             : Not yet            

mysql-test/t/distinct.test

@@ -382,3 +382,19 @@ INSERT INTO t1 VALUES
 select count(distinct x,y) from t1;
 select count(distinct concat(x,y)) from t1;
 drop table t1;
+
+#
+# Bug #18068: SELECT DISTINCT
+#
+CREATE TABLE t1 (a INT, b INT, PRIMARY KEY (a,b));
+
+INSERT INTO t1 VALUES (1, 101);
+INSERT INTO t1 SELECT a + 1, a + 101 FROM t1;
+INSERT INTO t1 SELECT a + 2, a + 102 FROM t1;
+INSERT INTO t1 SELECT a + 4, a + 104 FROM t1;
+INSERT INTO t1 SELECT a + 8, a + 108 FROM t1;
+
+EXPLAIN SELECT DISTINCT a,a FROM t1 WHERE b < 12 ORDER BY a;
+SELECT DISTINCT a,a FROM t1 WHERE b < 12 ORDER BY a;
+
+DROP TABLE t1;

mysql-test/t/func_str.test

@@ -666,7 +666,14 @@ select rpad(i, 7, ' ') as t from t1;
 --disable_metadata
 drop table t1;
 
-# End of 4.1 tests
+#
+# Bug #10418: LOAD_FILE does not behave like in manual if file does not exist
+#
+
+select load_file("lkjlkj");
+select ifnull(load_file("lkjlkj"),"it's null");
+
+--echo End of 4.1 tests
 
 #
 # Bug #13361: SELECT FORMAT(<decimal field with null>, 2) crashes

mysql-test/t/func_time.test

@@ -352,6 +352,20 @@ INSERT INTO t1 VALUES (NOW());
 SELECT count(*) FROM t1 WHERE d>FROM_DAYS(TO_DAYS(@TMP)) AND d<=FROM_DAYS(TO_DAYS(@TMP)+1);
 DROP TABLE t1;
 
+#
+# Bug #10568
+#
+
+select last_day('2005-00-00');
+select last_day('2005-00-01');
+select last_day('2005-01-00');
+
+#
+# Bug #18501: monthname and NULLs
+#
+
+select monthname(str_to_date(null, '%m')), monthname(str_to_date(null, '%m')),
+       monthname(str_to_date(1, '%m')), monthname(str_to_date(0, '%m'));
 
 # End of 4.1 tests
 

mysql-test/t/group_min_max.test

@@ -782,3 +782,19 @@ SELECT COUNT(DISTINCT a) FROM t1 WHERE a=0;
 
 DROP TABLE t1;
 DROP PROCEDURE a;
+
+#
+# Bug #18068: SELECT DISTINCT
+#
+
+CREATE TABLE t1 (a varchar(64) NOT NULL default '', PRIMARY KEY(a));
+
+INSERT INTO t1 (a) VALUES 
+  (''), ('CENTRAL'), ('EASTERN'), ('GREATER LONDON'),
+  ('NORTH CENTRAL'), ('NORTH EAST'), ('NORTH WEST'), ('SCOTLAND'),
+  ('SOUTH EAST'), ('SOUTH WEST'), ('WESTERN');
+
+EXPLAIN SELECT DISTINCT a,a FROM t1 ORDER BY a;  
+SELECT DISTINCT a,a FROM t1 ORDER BY a;  
+
+DROP TABLE t1;

mysql-test/t/information_schema.test

@@ -793,15 +793,6 @@ DROP VIEW v1;
 DROP FUNCTION func1;
 DROP FUNCTION func2;
 
-#
-# Bug #15851 Unlistable directories yield no info from information_schema
-#
-create database mysqltest;
-create table mysqltest.t1(a int);
---exec chmod -r $MYSQLTEST_VARDIR/master-data/mysqltest
-select table_schema from information_schema.tables where table_schema='mysqltest';
---exec chmod +r $MYSQLTEST_VARDIR/master-data/mysqltest
-drop database mysqltest;
 
 #
 # Bug#15307 GROUP_CONCAT() with ORDER BY returns empty set on information_schema
@@ -811,3 +802,23 @@ from information_schema.columns where
 table_schema='information_schema' and
 (column_type = 'varchar(7)' or column_type = 'varchar(20)')
 group by column_type order by num;
+
+#
+# Bug#19236 bad COLUMNS.CHARACTER_MAXIMUM_LENGHT and CHARACTER_OCTET_LENGTH
+#
+create table t1(f1 char(1) not null, f2 char(9) not null)
+default character set utf8;
+select CHARACTER_MAXIMUM_LENGTH, CHARACTER_OCTET_LENGTH from
+information_schema.columns where table_schema='test' and table_name = 't1';
+drop table t1;
+
+#
+# Bug#18177 any access to INFORMATION_SCHEMA.ROUTINES crashes
+#
+use mysql;
+INSERT INTO `proc` VALUES ('test','','PROCEDURE','','SQL','CONTAINS_SQL',
+'NO','DEFINER','','','BEGIN\r\n  \r\nEND','root@%','2006-03-02 18:40:03',
+'2006-03-02 18:40:03','','');
+select routine_name from information_schema.routines;
+delete from proc where name='';
+use test;

mysql-test/t/information_schema_chmod.test

@@ -0,0 +1,20 @@
+#
+# Due to "Bug#18474  Unlistable directories yield no info from
+# information_schema, part2" this test can't be run on Window with our
+# current test framework. When "chmod -r" is done within cygwin the
+# MySQL Server can still read the directory.
+# Manual testing shows the functionalty to skip unlistable directories
+# works on windows
+#
+--source include/not_windows.inc
+
+
+#
+# Bug #15851 Unlistable directories yield no info from information_schema
+#
+create database mysqltest;
+create table mysqltest.t1(a int);
+--exec chmod -r $MYSQLTEST_VARDIR/master-data/mysqltest
+select table_schema from information_schema.tables where table_schema='mysqltest';
+--exec chmod +r $MYSQLTEST_VARDIR/master-data/mysqltest
+drop database mysqltest;

mysql-test/t/merge.test

@@ -379,3 +379,15 @@ check table t1, t2;
 drop table t1, t2, t3;
 
 # End of 4.1 tests
+
+#
+# BUG#10952 - alter table ... lost data without errors and warnings
+#
+drop table if exists t1;
+create table t1 (c char(20)) engine=MyISAM;
+insert into t1 values ("Monty"),("WAX"),("Walrus");
+--error 1031
+alter table t1 engine=MERGE;
+drop table t1;
+
+# End of 5.0 tests

mysql-test/t/mysql.test

@@ -72,3 +72,11 @@ drop table t1;
 #
 --exec $MYSQL -t --default-character-set utf8 test -e "create table t1 (i int, j int not null, k int); insert into t1 values (null, 1, null); select * from t1; describe t1; drop table t1;"
 
+#
+# Bug#19564: mysql displays NULL instead of space
+#
+--exec $MYSQL -t test -e "create table b19564 (i int, s1 char(1)); insert into b19564 values (1, 'x'); insert into b19564 values (2, NULL); insert into b19564 values (3, ' '); select * from b19564 order by i; drop table b19564;" 
+
+--echo End of 5.0 tests
+
+

mysql-test/t/ndb_autodiscover3.test

@@ -0,0 +1,65 @@
+-- source include/have_ndb.inc
+-- source include/have_multi_ndb.inc
+-- source include/not_embedded.inc
+
+
+--disable_warnings
+drop table if exists t1, t2;
+--enable_warnings
+
+#
+# Transaction ongoing while cluster is restarted
+#
+--connection server1
+create table t1 (a int key) engine=ndbcluster;
+
+begin;
+insert into t1 values (1);
+
+--exec $NDB_MGM --no-defaults -e "all restart" >> $NDB_TOOLS_OUTPUT
+--exec $NDB_TOOLS_DIR/ndb_waiter --no-defaults >> $NDB_TOOLS_OUTPUT
+
+--error 1297
+insert into t1 values (2);
+--error 1296
+commit;
+
+drop table t1;
+
+#
+# Stale cache after restart -i
+#
+--connection server1
+create table t2 (a int, b int, primary key(a,b)) engine=ndbcluster;
+insert into t2 values (1,1),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1);
+select * from t2 order by a limit 3;
+
+--exec $NDB_MGM --no-defaults -e "all restart -i" >> $NDB_TOOLS_OUTPUT
+--exec $NDB_TOOLS_DIR/ndb_waiter --no-defaults >> $NDB_TOOLS_OUTPUT
+
+--connection server2
+create table t2 (a int key) engine=ndbcluster;
+insert into t2 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
+select * from t2 order by a limit 3;
+
+# server 1 should have a stale cache, and in this case wrong frm, transaction must be retried
+--connection server1
+--error 1015
+select * from t2 order by a limit 3;
+select * from t2 order by a limit 3;
+
+--exec $NDB_MGM --no-defaults -e "all restart -i" >> $NDB_TOOLS_OUTPUT
+--exec $NDB_TOOLS_DIR/ndb_waiter --no-defaults >> $NDB_TOOLS_OUTPUT
+
+--connection server1
+show tables;
+create table t2 (a int key) engine=ndbcluster;
+insert into t2 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
+select * from t2 order by a limit 3;
+
+# server 2 should have a stale cache, but with right frm, transaction need not be retried
+--connection server2
+select * from t2 order by a limit 3;
+
+drop table t2;
+# End of 4.1 tests

mysql-test/t/openssl_1.test

@@ -10,8 +10,8 @@ insert into t1 values (5);
 
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
 flush privileges;
 
 connect (con1,localhost,ssl_user1,,,,,SSL);
@@ -54,3 +54,41 @@ ssl_user3@localhost, ssl_user4@localhost;
 drop table t1;
 
 # End of 4.1 tests
+
+#
+# Test that we can't open connection to server if we are using
+# a different cacert
+#
+--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
+--error 1
+--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+#
+# Test that we can't open connection to server if we are using
+# a blank ca
+#
+--error 1
+--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+#
+# Test that we can't open connection to server if we are using
+# a nonexistent ca file
+#
+--error 1
+--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+#
+# Test that we can't open connection to server if we are using
+# a blank client-key
+#
+--error 1
+--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+#
+# Test that we can't open connection to server if we are using
+# a blank client-cert
+#
+--error 1
+--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+