From aec7927c8e688ecb42683714f095deb6e95f1384 Mon Sep 17 00:00:00 2001
From: "msvensson@pilot.blaudden" <>
Date: Wed, 28 Mar 2007 12:23:55 +0200
Subject: [PATCH 1/3] Bug#25309 SSL connections without CA certificate broken
 since MySQL 5.0.23  - Turn off verification of peer if both ca_path and
 ca_file is null    i.e from only passing --ssl-key=<client_key> and
 --ssl-cert=<client_cert>    to the mysql utility programs.    The server will
 authenticate the client accoring to GRANT tables    but the client won't
 authenticate the server

---
 mysql-test/r/openssl_1.result | 2 ++
 mysql-test/t/openssl_1.test   | 9 ++++++++-
 vio/viosslfactories.c         | 8 ++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result
index 34d8e3ab768..92900ac1a83 100644
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -51,3 +51,5 @@ SSL error: Unable to get private key from ''
 mysqltest: Could not open connection 'default': 2026 SSL connection error
 SSL error: Unable to get certificate from ''
 mysqltest: Could not open connection 'default': 2026 SSL connection error
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test
index 3d614514de3..2eb3251c862 100644
--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -95,4 +95,11 @@ drop table t1;
 --error 1
 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 
-
+#
+# Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
+#
+# Test that we can open encrypted connection to server without
+# verification of servers certificate by setting both ca certificate
+# and ca path to NULL
+#
+--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 55d3792365f..a12a45df648 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -301,6 +301,14 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
 {
   struct st_VioSSLFd *ssl_fd;
   int verify= SSL_VERIFY_PEER;
+
+  /*
+    Turn off verification of servers certificate if both
+    ca_file and ca_path is set to NULL
+  */
+  if (ca_file == 0 && ca_path == 0)
+    verify= SSL_VERIFY_NONE;
+
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
                              ca_path, cipher, TLSv1_client_method())))
   {

From f79cd0537da7c1b4c0f494ae4605e03c931d4757 Mon Sep 17 00:00:00 2001
From: "msvensson@pilot.blaudden" <>
Date: Wed, 28 Mar 2007 19:10:18 +0200
Subject: [PATCH 2/3] Import yaSSL

---
 extra/yassl/src/ssl.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 5ccc45ded2a..86dfa1c6ebd 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -58,6 +58,9 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
     if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
         return SSL_BAD_FILETYPE;
 
+    if (file == NULL || !file[0])
+      return SSL_BAD_FILE;
+
     FILE* input = fopen(file, "rb");
     if (!input)
         return SSL_BAD_FILE;

From 0e04aec960036020951725526c29be1486e273b3 Mon Sep 17 00:00:00 2001
From: "msvensson@pilot.blaudden" <>
Date: Thu, 29 Mar 2007 11:31:50 +0200
Subject: [PATCH 3/3] Make the script detect --default-storage-engine=x and
 mark the test as requiring that storage engine(if we need to do that) Make
 --ndb and --with-ndbcluster and alias for
 --mysqld=--default-storage-engine=ndbcluster

---
 mysql-test/lib/mtr_cases.pl  | 11 +++++++++++
 mysql-test/mysql-test-run.pl | 29 +++++++++++++++++++++++------
 2 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/mysql-test/lib/mtr_cases.pl b/mysql-test/lib/mtr_cases.pl
index 22290a88d39..28c78fbffeb 100644
--- a/mysql-test/lib/mtr_cases.pl
+++ b/mysql-test/lib/mtr_cases.pl
@@ -498,6 +498,17 @@ sub collect_one_test_case($$$$$$$) {
   {
     mtr_options_from_test_file($tinfo,"$testdir/${tname}.test");
 
+    if ( defined $::used_default_engine )
+    {
+      # Different default engine is used
+      # tag test to require that engine
+      $tinfo->{'ndb_test'}= 1
+	if ( $::used_default_engine =~ /^ndb/i );
+
+      $tinfo->{'innodb_test'}= 1
+	if ( $::used_default_engine =~ /^innodb/i );
+    }
+
     if ( $tinfo->{'big_test'} and ! $::opt_big_test )
     {
       $tinfo->{'skip'}= 1;
diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl
index 9187e3d23ec..3166672dd89 100755
--- a/mysql-test/mysql-test-run.pl
+++ b/mysql-test/mysql-test-run.pl
@@ -304,6 +304,7 @@ our $path_sql_dir;
 our @data_dir_lst;
 
 our $used_binlog_format;
+our $used_default_engine;
 our $debug_compiled_binaries;
 our $glob_tot_real_time= 0;
 
@@ -519,7 +520,7 @@ sub command_line_setup () {
              'compress'                 => \$opt_compress,
              'bench'                    => \$opt_bench,
              'small-bench'              => \$opt_small_bench,
-             'with-ndbcluster'          => \$opt_with_ndbcluster,
+             'with-ndbcluster|ndb'      => \$opt_with_ndbcluster,
              'vs-config'            => \$opt_vs_config,
 
              # Control what test suites or cases to run
@@ -776,6 +777,26 @@ sub command_line_setup () {
     mtr_report("Using binlog format '$used_binlog_format'");
   }
 
+
+  # --------------------------------------------------------------------------
+  # Find out default storage engine being used(if any)
+  # --------------------------------------------------------------------------
+  if ( $opt_with_ndbcluster )
+  {
+    # --ndb or --with-ndbcluster turns on --default-storage-engine=ndbcluster
+    push(@opt_extra_mysqld_opt, "--default-storage-engine=ndbcluster");
+  }
+
+  foreach my $arg ( @opt_extra_mysqld_opt )
+  {
+    if ( $arg =~ /default-storage-engine=(\S+)/ )
+    {
+      $used_default_engine= $1;
+    }
+  }
+  mtr_report("Using default engine '$used_default_engine'")
+    if defined $used_default_engine;
+
   # --------------------------------------------------------------------------
   # Check if we should speed up tests by trying to run on tmpfs
   # --------------------------------------------------------------------------
@@ -901,10 +922,6 @@ sub command_line_setup () {
   # --------------------------------------------------------------------------
   # Ndb cluster flags
   # --------------------------------------------------------------------------
-  if ( $opt_with_ndbcluster and !$opt_bench)
-  {
-    mtr_error("Can only use --with-ndbcluster togheter with --bench");
-  }
 
   if ( $opt_ndbconnectstring )
   {
@@ -5015,7 +5032,7 @@ Options to control what engine/variation to run
   skip-ssl              Dont start server with support for ssl connections
   bench                 Run the benchmark suite
   small-bench           Run the benchmarks with --small-tests --small-tables
-  with-ndbcluster       Use cluster as default table type for benchmark
+  ndb|with-ndbcluster   Use cluster as default table type
   vs-config             Visual Studio configuration used to create executables
                         (default: MTR_VS_CONFIG environment variable)