Merge neptunus.(none):/home/msvensson/mysql/tmp/tmp_merge

into neptunus.(none):/home/msvensson/mysql/mysql-5.1 BitKeeper/deleted/.del-client-req.pem~efd482e1d290d4d8: Auto merged BitKeeper/deleted/.del-server-req.pem~16301893cacf1be4: Auto merged client/mysql.cc: Auto merged client/mysqldump.c: Auto merged client/mysqlimport.c: Auto merged BitKeeper/deleted/.del-Makefile.am~de166d6fcac3b9b6: Auto merged BitKeeper/deleted/.del-NOTES~e926d3e6929ac052: Auto merged client/mysqltest.c: Auto merged include/mysql.h: Auto merged libmysql/libmysql.c: Auto merged mysql-test/mysql-test-run.pl: Auto merged mysql-test/r/information_schema.result: Auto merged mysql-test/std_data/cacert.pem: Auto merged mysql-test/std_data/client-cert.pem: Auto merged mysql-test/std_data/client-key.pem: Auto merged mysql-test/std_data/server-cert.pem: Auto merged mysql-test/std_data/server-key.pem: Auto merged mysql-test/t/information_schema.test: Auto merged sql/item_func.cc: Auto merged sql-common/client.c: Auto merged sql/mysql_priv.h: Auto merged sql/sql_acl.cc: Auto merged storage/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp: Auto merged vio/vio.c: Auto merged client/client_priv.h: Merge 5.0 -> 5.1 include/violite.h: Merge 5.0 -> 5.1 mysql-test/Makefile.am: Merge 5.0 -> 5.1 mysql-test/t/disabled.def: Merge 5.0 -> 5.1 sql/mysqld.cc: Merge 5.0 -> 5.1 vio/viossl.c: Merge 5.0 -> 5.1 vio/viosslfactories.c: Merge 5.0 -> 5.1
2026-05-15 19:37:16 +02:00 · 2006-05-12 08:45:22 +02:00 · 2006-05-12 08:45:22 +02:00 · 16d46c9cba
commit 16d46c9cba
parent 060454516c d6c2616c3f
87 changed files with 1789 additions and 854 deletions
--- a/include/mysql.h
+++ b/include/mysql.h
@ -149,7 +149,8 @@ enum mysql_option
  MYSQL_OPT_WRITE_TIMEOUT, MYSQL_OPT_USE_RESULT,
  MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION,
  MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH,
-  MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT
+  MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT,
+  MYSQL_OPT_SSL_VERIFY_SERVER_CERT
 };

 struct st_mysql_options {
@ -164,6 +165,7 @@ struct st_mysql_options {
  char *ssl_ca;					/* PEM CA file */
  char *ssl_capath;				/* PEM directory of CA-s? */
  char *ssl_cipher;				/* cipher to use */
+  my_bool ssl_verify_server_cert;		/* if to verify server cert */
  char *shared_memory_base_name;
  unsigned long max_allowed_packet;
  my_bool use_ssl;				/* if to use SSL or not */
--- a/include/sslopt-longopts.h
+++ b/include/sslopt-longopts.h
@ -37,5 +37,10 @@
  {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",
   (gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
-
+#ifdef MYSQL_CLIENT
+  {"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT,
+   "Verify servers \"Common Name\" in it's cert against hostname used when connecting. This option is disabled by default.",
+   (gptr*) &opt_ssl_verify_server_cert, (gptr*) &opt_ssl_verify_server_cert,
+    0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
+#endif
 #endif /* HAVE_OPENSSL */
--- a/include/sslopt-vars.h
+++ b/include/sslopt-vars.h
@ -21,4 +21,7 @@ static char *opt_ssl_cert   = 0;
 static char *opt_ssl_ca     = 0;
 static char *opt_ssl_capath = 0;
 static char *opt_ssl_cipher = 0;
+#ifdef MYSQL_CLIENT
+static my_bool opt_ssl_verify_server_cert= 0;
+#endif
 #endif
--- a/include/violite.h
+++ b/include/violite.h
@ -105,33 +105,22 @@ void	vio_timeout(Vio *vio,uint which, uint timeout);
 #include <openssl/ssl.h>
 #include <openssl/err.h>

-struct st_VioSSLAcceptorFd 
+struct st_VioSSLFd
 {
  SSL_CTX *ssl_context;
-  SSL_METHOD *ssl_method;
-  struct st_VioSSLAcceptorFd *session_id_context;
 };

-/* One copy for client */
-struct st_VioSSLConnectorFd
-{
-  SSL_CTX *ssl_context;
-  /* function pointers which are only once for SSL client */ 
-  SSL_METHOD *ssl_method;
-};
+int sslaccept(struct st_VioSSLFd*, Vio *, long timeout);
+int sslconnect(struct st_VioSSLFd*, Vio *, long timeout);

-int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout);
-int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout);
-
-struct st_VioSSLConnectorFd
+struct st_VioSSLFd
 *new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
 		       const char *ca_file,  const char *ca_path,
 		       const char *cipher);
-struct st_VioSSLAcceptorFd
+struct st_VioSSLFd
 *new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
 		      const char *ca_file,const char *ca_path,
 		      const char *cipher);
-Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state);
 void free_vio_ssl_acceptor_fd(struct st_VioSSLAcceptorFd *fd);
 #endif /* HAVE_OPENSSL */

@ -141,6 +130,8 @@ int vio_write_shared_memory(Vio *vio, const gptr buf, int size);
 int vio_close_shared_memory(Vio * vio);
 #endif

+void vio_end(void);
+
 #ifdef	__cplusplus
 }
 #endif
@ -205,7 +196,9 @@ struct st_vio
  my_bool (*was_interrupted)(Vio*);
  int     (*vioclose)(Vio*);
  void	  (*timeout)(Vio*, unsigned int which, unsigned int timeout);
+#ifdef HAVE_OPENSSL
  void	  *ssl_arg;
+#endif
 #ifdef HAVE_SMEM
  HANDLE  handle_file_map;
  char    *handle_map;