mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

OpenSSL fixes. Should not affect anything else.

Browse source 
Makefile.am:
  Moved bio dir into server_dirs in acinclude.in
client/Makefile.am:
  We need OpenSSL includes here
include/global.h:
  Workaround for OPENSSL librar bug with defining crypt()
include/violite.h:
  small fixes
libmysql/Makefile.am:
  We need OpenSSL includes here
libmysql/Makefile.shared:
  Yes, we need to compile more programs whtn --with-openssl is used
libmysql/libmysql.c:
  Make it work! (openssl)
libmysql_r/Makefile.am:
  We need OpenSSL includes here
sql/mysqld.cc:
  Memory was not freed before
sql/sql_parse.cc:
  fix
vio/Makefile.am:
  Added testprogram compilation and openssl libraries linking
vio/viossl.c:
  Cleanups, fixes, etc...
vio/viosslfactories.c:
  Copyright was missing. Fixed renamed macros for newer OpenSSL
vio/viotest-ssl.c:
  Made testprogram work again
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted
This commit is contained in:
unknown 2001-07-24 14:07:46 +08:00
parent ce77251db6
commit 2ec8dce13d
21 changed files with 513 additions and 156 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
BitKeeper/etc/logging_ok
View file

@ -21,3 +21,4 @@ tim@work.mysql.com
tonu@hundin.mysql.fi tonu@hundin.mysql.fi
tonu@x3.internalnet tonu@x3.internalnet
tim@white.box tim@white.box
tonu@x153.internalnet

2
Makefile.am
View file

@ -22,7 +22,7 @@ TAR = gtar
EXTRA_DIST = INSTALL-SOURCE README \ EXTRA_DIST = INSTALL-SOURCE README \
COPYING COPYING.LIB MIRRORS COPYING COPYING.LIB MIRRORS
SUBDIRS = include @docs_dirs@ @readline_dir@ \ SUBDIRS = include @docs_dirs@ @readline_dir@ \
@thread_dirs@ @pstack_dirs@ vio @sql_client_dirs@ \ @thread_dirs@ @pstack_dirs@ @sql_client_dirs@ \
@sql_server_dirs@ @libmysqld_dirs@ scripts tests man \ @sql_server_dirs@ @libmysqld_dirs@ scripts tests man \
@bench_dirs@ support-files @fs_dirs@ @bench_dirs@ support-files @fs_dirs@

21
SSL/cacert.pem Normal file
View file

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDaDCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTU0MzE4WhcNMDIwNjI0
MTU0MzE4WjCBhTELMAkGA1UEBhMCRkkxEzARBgNVBAgTClNvbWUtU3RhdGUxETAP
BgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQKExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYD
VQQDEwtUb251IFNhbXVlbDEdMBsGCSqGSIb3DQEJARYOdG9udUBteXNxbC5jb20w
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJz9FCvWX8c+Xr6mxzfZvPainIPT
ODNsQ0f2kAs0epP+peUn4LHxLybp2dkUHTtJLXyUyk7cXfnUd+0fRazK2/Vz48bZ
swGwg9Rhg3P02Ku+CMWYulHzN6uVRzfrDUSkDoky2DGL3A6B8P4JRc2qcr+kjhh5
6r1VJlXs9N3DqeEdAgMBAAGjgeUwgeIwHQYDVR0OBBYEFKUK1nK13+TCK3sHXtNN
Ugfhg2t/MIGyBgNVHSMEgaowgaeAFKUK1nK13+TCK3sHXtNNUgfhg2t/oYGLpIGI
MIGFMQswCQYDVQQGEwJGSTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMI
SGVsc2lua2kxGTAXBgNVBAoTEE15U1FMIEZpbmxhbmQgQUIxFDASBgNVBAMTC1Rv
bnUgU2FtdWVsMR0wGwYJKoZIhvcNAQkBFg50b251QG15c3FsLmNvbYIBADAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAI+YJKoa+IP3WYr8iLcVk5j7lZ9D
GS8reuALafnE7VX1xMlXP5EnJjT7YYYmtiB2tYj7+eQ+ajRXWWyY5NtO5ob+dm8z
OBX43v08C5vNSAFpwZWTutzb0nSd8kOABGJ04MBDJZk8QNkTfU6C7c3ZJ/gW8Guv
I+cxfz6oCYEfKLBN
-----END CERTIFICATE-----

67
SSL/client-cert.pem Normal file
View file

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu Samuel/Email=tonu@mysql.com
Validity
Not Before: Jun 24 16:03:20 2001 GMT
Not After : Jun 24 16:03:20 2002 GMT
Subject: C=EE, ST=Some-State, L=Tallinn, O=MySQL demo client certificate, CN=Tonu Samuel/Email=tonu@mysql.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:e8:d4:52:cd:4e:bb:96:16:3a:f0:89:6b:90:4c:
db:e0:30:75:5a:02:72:62:bf:ed:da:be:09:e8:80:
db:80:54:30:d6:75:ed:e3:10:a5:15:44:5b:29:91:
12:fe:0c:b7:76:4d:e9:5f:56:5c:45:3c:ad:b2:71:
2d:6a:7a:cb:bc:04:80:08:74:d6:7d:f6:7c:5c:76:
db:35:c4:f6:f5:d8:d4:89:9f:9d:cc:3f:4e:3f:73:
c1:3e:41:7e:4e:09:bf:ea:1a:d9:a2:13:0d:d1:0c:
da:d8:f4:9b:b8:54:21:17:ae:d7:b3:02:61:87:a9:
01:ff:f4:fe:9c:7a:fc:67:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
BC:FB:BB:8F:C4:85:BA:5F:A8:F2:C3:3D:C9:0F:DB:16:E7:13:BC:B2
X509v3 Authority Key Identifier:
keyid:A5:0A:D6:72:B5:DF:E4:C2:2B:7B:07:5E:D3:4D:52:07:E1:83:6B:7F
DirName:/C=FI/ST=Some-State/L=Helsinki/O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@mysql.com
serial:00
Signature Algorithm: md5WithRSAEncryption
1c:e0:87:2c:2f:b3:a4:39:44:7f:96:7b:2f:c9:1f:91:84:0b:
9f:d0:0a:f8:40:70:d0:dd:bd:91:0a:c6:d5:ac:8f:51:77:9c:
35:28:e8:b6:5f:57:9e:5c:b5:9b:ae:5d:3d:7c:05:45:2e:89:
3a:03:e1:f2:00:cb:c1:ed:3e:48:3b:5f:4e:50:d2:b4:a5:36:
0f:1a:dc:79:49:1e:03:2f:27:c1:e4:62:d6:ef:3f:ab:2e:ab:
dd:e5:bc:cb:20:a3:dd:ab:81:69:26:9c:03:42:1b:4c:b7:aa:
57:6d:2a:de:c0:5e:6e:74:d0:83:90:ec:ad:bb:ba:f0:cc:cf:
41:3d
-----BEGIN CERTIFICATE-----
MIIDoTCCAwqgAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTYwMzIwWhcNMDIwNjI0
MTYwMzIwWjCBkTELMAkGA1UEBhMCRUUxEzARBgNVBAgTClNvbWUtU3RhdGUxEDAO
BgNVBAcTB1RhbGxpbm4xJjAkBgNVBAoTHU15U1FMIGRlbW8gY2xpZW50IGNlcnRp
ZmljYXRlMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqGSIb3DQEJARYOdG9u
dUBteXNxbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOjUUs1Ou5YW
OvCJa5BM2+AwdVoCcmK/7dq+CeiA24BUMNZ17eMQpRVEWymREv4Mt3ZN6V9WXEU8
rbJxLWp6y7wEgAh01n32fFx22zXE9vXY1Imfncw/Tj9zwT5Bfk4Jv+oa2aITDdEM
2tj0m7hUIReu17MCYYepAf/0/px6/GdDAgMBAAGjggERMIIBDTAJBgNVHRMEAjAA
MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUvPu7j8SFul+o8sM9yQ/bFucTvLIwgbIGA1UdIwSBqjCBp4AUpQrW
crXf5MIrewde001SB+GDa3+hgYukgYgwgYUxCzAJBgNVBAYTAkZJMRMwEQYDVQQI
EwpTb21lLVN0YXRlMREwDwYDVQQHEwhIZWxzaW5raTEZMBcGA1UEChMQTXlTUUwg
RmlubGFuZCBBQjEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
DnRvbnVAbXlzcWwuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBABzghywvs6Q5RH+W
ey/JH5GEC5/QCvhAcNDdvZEKxtWsj1F3nDUo6LZfV55ctZuuXT18BUUuiToD4fIA
y8HtPkg7X05Q0rSlNg8a3HlJHgMvJ8HkYtbvP6suq93lvMsgo92rgWkmnANCG0y3
qldtKt7AXm500IOQ7K27uvDMz0E9
-----END CERTIFICATE-----

30
SSL/client-req.pem Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8CE2AB38FB50D4B9
rrnYZLUKlzV4U7+wqe5CWzTd4RLJb5h4M77aBRQfuHGejSaRsskN2ffpO8uQEAYM
WTJSRC+NO+jDMBZhzt1ktWqCs8d6l6azHoBybIrMJsbUhwybm+OiOfp23RrbNoS/
S4fsgNdAAGhsRvKDdsItCyYvdH8nTzn+g9r/z2V4tOOXd6MYuT42XA6Uz2tis2SZ
GWEGa7mAweApzSiibE+pzjPS+fdX4E12n6NCVYLhn1JuvzVva/KFSebs4Wh75miC
WvRgkt/5eDQn+vkV67hE3I6p9pPcLh1+PMfaQ25U8VM/r7ejnVFWm7teGH6GKPKJ
cU+PYfblyWcgtiO/fwfGMIqSyNtHj/C3VFVie5D1MTJzBopiPGEcfz00LjBccjjh
j1meTRVN8pMZTgkxlnIFwbU6TPPvx8a9urFVQIJ4z8r2EMvYh5Cqpq87+lH9Pn0C
vzCl78Tz5QLghXNnMbbdD2aPP0PwPEXgh86iZxo06g85n0l26WUzYJlWzBYD4DrF
SbnEUAftTujEOm6MqJNLpJN6UPOtq/HvSaHl1bykGK+zU4gqHj0ur03HlF0l4xNg
OfsoNsJV+O9RUUJ0+D5eqUALJjN8TCV1wNMXOVzr/ue3QCVdlWVfZY4RPffwK9Yp
Fh52T7a2v+shhqZUQNtFDAg50Ac7deUthSWNmi5N680POnJg9KdtBdMhYLa1j3rP
D9oasSK0ugevHuQ6wUiD/95CzZlJXE9K4kTTYmaRk5MTWXhFQxdqHZo1v+pGtaNI
f+/E7q7BiNesSt31U/vkX0Tm3oJ1dgOnS8M2uxiYiKH2mJ/E32tZKw==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkVFMRMwEQYDVQQIEwpTb21lLVN0YXRl
MRAwDgYDVQQHEwdUYWxsaW5uMSYwJAYDVQQKEx1NeVNRTCBkZW1vIGNsaWVudCBj
ZXJ0aWZpY2F0ZTEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
DnRvbnVAbXlzcWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo1FLN
TruWFjrwiWuQTNvgMHVaAnJiv+3avgnogNuAVDDWde3jEKUVRFspkRL+DLd2Telf
VlxFPK2ycS1qesu8BIAIdNZ99nxcdts1xPb12NSJn53MP04/c8E+QX5OCb/qGtmi
Ew3RDNrY9Ju4VCEXrtezAmGHqQH/9P6cevxnQwIDAQABoAAwDQYJKoZIhvcNAQEE
BQADgYEAvENK1JAQfC8xnrFGw2IxfUmUwlRidiRtYTgtVfTr7vA+m4WaaKioni6E
PQXjcvl6kfyRoxc4qWsGi3T7QM2RnvCtbwR2NGSIKX1cBTS31RMr12NSAeXn6Twz
ZwSZ55EHj9N2hArTPNlVjxvDQX3D6/ZBi6JnHAxXigzDqhArgjU=
-----END CERTIFICATE REQUEST-----

67
SSL/server-cert.pem Normal file
View file

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu Samuel/Email=tonu@mysql.com
Validity
Not Before: Jun 24 16:02:28 2001 GMT
Not After : Jun 24 16:02:28 2002 GMT
Subject: C=EE, ST=Some-State, L=Tallinn, O=MySQL server demo certificate, CN=Tonu Samuel/Email=tonu@mysql.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9e:ac:8d:d8:1d:9c:b2:fd:88:96:2c:ba:42:53:
fa:5d:bd:85:8a:e5:ca:d3:0f:c0:01:3c:f2:92:46:
4f:d9:80:ae:2a:89:cf:ef:e8:d4:65:fc:f6:f5:3a:
26:4c:29:db:06:fa:34:a1:87:f3:97:b5:3c:94:f1:
84:05:ac:ad:57:25:d9:02:db:00:71:e0:a9:aa:b4:
1d:29:36:5e:a9:a4:0d:f2:45:b9:83:74:2b:45:f3:
e2:23:bc:e7:5c:e6:11:b6:f6:dd:c4:ac:ed:65:42:
2c:39:47:2a:c9:eb:5f:45:03:10:ab:23:bc:ca:5c:
82:9a:b7:b3:6d:67:18:d2:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
94:68:BF:DA:F6:E2:09:EF:3A:C8:27:AE:D7:B7:02:F0:DC:4B:C1:3B
X509v3 Authority Key Identifier:
keyid:A5:0A:D6:72:B5:DF:E4:C2:2B:7B:07:5E:D3:4D:52:07:E1:83:6B:7F
DirName:/C=FI/ST=Some-State/L=Helsinki/O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@mysql.com
serial:00
Signature Algorithm: md5WithRSAEncryption
8c:1a:90:70:f6:1a:70:0e:c9:28:93:74:e2:2b:b8:2a:d0:ce:
40:15:e8:af:44:f8:89:16:20:f5:c2:b9:ed:aa:4e:3c:40:e2:
9c:62:aa:48:98:ac:17:84:ef:35:72:59:43:09:35:17:c5:9a:
3e:3d:ef:97:bf:57:f2:2a:f6:56:5d:a4:7c:68:58:b9:d6:9b:
0f:57:0e:55:22:17:b0:b7:77:27:4f:da:b3:88:c1:6d:d6:8f:
31:ec:0d:a2:25:60:66:2f:0f:86:8a:d6:08:b8:71:b1:b5:70:
60:04:56:96:ff:bd:5e:ed:94:bc:44:bd:24:e0:2f:90:e5:23:
51:4e
-----BEGIN CERTIFICATE-----
MIIDoTCCAwqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTYwMjI4WhcNMDIwNjI0
MTYwMjI4WjCBkTELMAkGA1UEBhMCRUUxEzARBgNVBAgTClNvbWUtU3RhdGUxEDAO
BgNVBAcTB1RhbGxpbm4xJjAkBgNVBAoTHU15U1FMIHNlcnZlciBkZW1vIGNlcnRp
ZmljYXRlMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqGSIb3DQEJARYOdG9u
dUBteXNxbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6sjdgdnLL9
iJYsukJT+l29hYrlytMPwAE88pJGT9mAriqJz+/o1GX89vU6Jkwp2wb6NKGH85e1
PJTxhAWsrVcl2QLbAHHgqaq0HSk2XqmkDfJFuYN0K0Xz4iO851zmEbb23cSs7WVC
LDlHKsnrX0UDEKsjvMpcgpq3s21nGNLHAgMBAAGjggERMIIBDTAJBgNVHRMEAjAA
MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
BgNVHQ4EFgQUlGi/2vbiCe86yCeu17cC8NxLwTswgbIGA1UdIwSBqjCBp4AUpQrW
crXf5MIrewde001SB+GDa3+hgYukgYgwgYUxCzAJBgNVBAYTAkZJMRMwEQYDVQQI
EwpTb21lLVN0YXRlMREwDwYDVQQHEwhIZWxzaW5raTEZMBcGA1UEChMQTXlTUUwg
RmlubGFuZCBBQjEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
DnRvbnVAbXlzcWwuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIwakHD2GnAOySiT
dOIruCrQzkAV6K9E+IkWIPXCue2qTjxA4pxiqkiYrBeE7zVyWUMJNRfFmj4975e/
V/Iq9lZdpHxoWLnWmw9XDlUiF7C3dydP2rOIwW3WjzHsDaIlYGYvD4aK1gi4cbG1
cGAEVpb/vV7tlLxEvSTgL5DlI1FO
-----END CERTIFICATE-----

30
SSL/server-req.pem Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,6CBD09E71246DC01
byRzq5+j3r8FX2kQerTUZT5Bw/N6zrN3cmH6NHGJcrqD+vcPdtWf+Rk+mpNXgSQn
ldkfmniU/htzJ0cUV+KE229Qx10Hx9mIJIbf0Y/rBCUBuaXWVrQB36W9w3rkNPFA
EEuRMkreOJF42RD16+NBJv+RcHIGzGejXecJKUGF5DKlN0U8YHXnkXTQl54kIdr0
H7rTrvJygwPk9/ik0M9/vmwduAMvTaHDmvgeolpMlJkxwz8vYkbUnFFJZhB6XNCb
1w3lJ0EmRJicK5BnZmCEmgt8xiv0PAtg00jBbwddQbn1reAyViBtBT9iXdusHXS5
Po63rSt7r3MO8aetcMQ6FkklH+ChuS/vFoNY57AwrzF4uEI4GSoZP0ESrRC5Ar5W
Lzg/HrQAWbPCRlb6Jj3db1woRzFS8joOashROsZdeV/5P4Emhc6J7QMTvB1OHAhQ
ugOJazJtxjg0DN8+9cM1wtHI7N89PLHhOg13LZNLeeehzIlPwKI2JLqXUc6oR407
i+S7GCqu7wU+if0Enux8Dj7yrvnTUiqVCL2dyKTS3sBq0Cm2UhbecHclor13y6no
y1o50TKKD6Zig2hZmSpqKznMxGMVIT36BE0aOMQUmk+aVnRuROclwTTL0ZNLzA+g
QRTRfQ6iNMf34ypqAMdAMPzDGLPycKuFdxVQxFEVaM2/mrdWFwVAqFsLvzyGvdrh
nkNyRgTWR/pfH9b3mXLqf6gMPNs764WhFIcZIDk9a4XBBUm2YDb2CxDzDCo/EUMA
jvIiU0Jt132SEHHF/wAka6d2DnwZ3vexRp6Tebv/uy9IlMLPE+68dw==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkVFMRMwEQYDVQQIEwpTb21lLVN0YXRl
MRAwDgYDVQQHEwdUYWxsaW5uMSYwJAYDVQQKEx1NeVNRTCBzZXJ2ZXIgZGVtbyBj
ZXJ0aWZpY2F0ZTEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
DnRvbnVAbXlzcWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCerI3Y
HZyy/YiWLLpCU/pdvYWK5crTD8ABPPKSRk/ZgK4qic/v6NRl/Pb1OiZMKdsG+jSh
h/OXtTyU8YQFrK1XJdkC2wBx4KmqtB0pNl6ppA3yRbmDdCtF8+IjvOdc5hG29t3E
rO1lQiw5RyrJ619FAxCrI7zKXIKat7NtZxjSxwIDAQABoAAwDQYJKoZIhvcNAQEE
BQADgYEAlrUnGX4LYIiVjztHA4gUcOSVeEHCci2qEUq+7yY1JhAw54YDa2MLTTwa
cH+rXLHjN0MTNfv9tRxdSX+trk3pyvhgFjssD100dJkF83RfVv2tKg9kscVOGQp7
MkwOnJjfAjQBlTbTOQM46BTjv2FgvsppkO3ViryI//YxKvj/628=
-----END CERTIFICATE REQUEST-----

2
client/Makefile.am
View file

@ -16,7 +16,7 @@
# This file is public domain and comes with NO WARRANTY of any kind # This file is public domain and comes with NO WARRANTY of any kind
INCLUDES = -I$(srcdir)/../include \ INCLUDES = -I$(srcdir)/../include $(openssl_includes) \
-I../include -I$(srcdir)/.. -I$(top_srcdir) \ -I../include -I$(srcdir)/.. -I$(top_srcdir) \
-I.. -I..
LIBS = @CLIENT_LIBS@ LIBS = @CLIENT_LIBS@

6
include/global.h
View file

@ -189,7 +189,13 @@
# endif # endif
#endif /* TIME_WITH_SYS_TIME */ #endif /* TIME_WITH_SYS_TIME */
#ifdef HAVE_UNISTD_H #ifdef HAVE_UNISTD_H
#ifdef HAVE_OPENSSL
#define crypt dummy
#endif
#include <unistd.h> #include <unistd.h>
#ifdef HAVE_OPENSSL
#undef crypt
#endif
#endif #endif
#if defined(__cplusplus) && defined(NO_CPLUSPLUS_ALLOCA) #if defined(__cplusplus) && defined(NO_CPLUSPLUS_ALLOCA)
#undef HAVE_ALLOCA #undef HAVE_ALLOCA

16
include/violite.h
View file

@ -137,11 +137,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/x509.h> #define HEADER_DES_LOCL_H dummy_something
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/asn1.h>
#include "my_net.h" /* needed because of struct in_addr */ #include "my_net.h" /* needed because of struct in_addr */
@ -184,10 +182,9 @@ struct st_VioSSLAcceptorFd
state_connect = 1, state_connect = 1,
state_accept = 2 state_accept = 2
}; };
BIO* bio_; // BIO* bio_;
char *ssl_cip_; // char desc_[100];
char desc_[100]; // Vio* sd_;
Vio* sd_;
/* function pointers which are only once for SSL server /* function pointers which are only once for SSL server
Vio*(*sslaccept)(struct st_VioSSLAcceptorFd*,Vio*); */ Vio*(*sslaccept)(struct st_VioSSLAcceptorFd*,Vio*); */
@ -200,8 +197,8 @@ struct st_VioSSLConnectorFd
SSL_METHOD* ssl_method_; SSL_METHOD* ssl_method_;
/* function pointers which are only once for SSL client */ /* function pointers which are only once for SSL client */
}; };
Vio *sslaccept(struct st_VioSSLAcceptorFd*, Vio*); void sslaccept(struct st_VioSSLAcceptorFd*, Vio*);
Vio *sslconnect(struct st_VioSSLConnectorFd*, Vio*); void sslconnect(struct st_VioSSLConnectorFd*, Vio*);
#else /* HAVE_OPENSSL */ #else /* HAVE_OPENSSL */
/* This dummy is required to maintain proper size of st_mysql in mysql.h */ /* This dummy is required to maintain proper size of st_mysql in mysql.h */
@ -250,6 +247,7 @@ struct st_vio
BIO* bio_; BIO* bio_;
SSL* ssl_; SSL* ssl_;
my_bool open_; my_bool open_;
char *ssl_cip_;
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
#endif /* HAVE_VIO */ #endif /* HAVE_VIO */
}; };

2
libmysql/Makefile.am
View file

@ -21,7 +21,7 @@ target = libmysqlclient.la
target_defs = -DUNDEF_THREADS_HACK target_defs = -DUNDEF_THREADS_HACK
LIBS = @CLIENT_LIBS@ LIBS = @CLIENT_LIBS@
INCLUDES = -I$(srcdir)/../include -I../include \ INCLUDES = -I$(srcdir)/../include -I../include \
-I$(srcdir)/.. -I$(top_srcdir) -I.. -I$(srcdir)/.. -I$(top_srcdir) -I.. $(openssl_includes)
include $(srcdir)/Makefile.shared include $(srcdir)/Makefile.shared

2
libmysql/Makefile.shared
View file

@ -62,7 +62,7 @@ mysysobjects = $(mysysobjects1) $(mysysobjects2)
target_libadd = $(mysysobjects) $(mystringsobjects) $(dbugobjects) \ target_libadd = $(mysysobjects) $(mystringsobjects) $(dbugobjects) \
$(vio_objects) $(vio_objects)
target_ldflags = -version-info @SHARED_LIB_VERSION@ target_ldflags = -version-info @SHARED_LIB_VERSION@
vio_objects= vio.lo viosocket.lo vio_objects= vio.lo viosocket.lo viossl.lo viosslfactories.lo
CLEANFILES = $(target_libadd) $(SHLIBOBJS) \ CLEANFILES = $(target_libadd) $(SHLIBOBJS) \
$(target) $(target)
DEFS = -DDEFAULT_CHARSET_HOME="\"$(MYSQLBASEdir)\"" \ DEFS = -DDEFAULT_CHARSET_HOME="\"$(MYSQLBASEdir)\"" \

13
libmysql/libmysql.c
View file

@ -1380,7 +1380,7 @@ mysql_ssl_cipher(MYSQL *mysql)
** Free strings in the SSL structure and clear 'use_ssl' flag. ** Free strings in the SSL structure and clear 'use_ssl' flag.
** NB! Errors are not reported until you do mysql_real_connect. ** NB! Errors are not reported until you do mysql_real_connect.
************************************************************************** **************************************************************************
*/
int STDCALL int STDCALL
mysql_ssl_clear(MYSQL *mysql) mysql_ssl_clear(MYSQL *mysql)
{ {
@ -1392,11 +1392,11 @@ mysql_ssl_clear(MYSQL *mysql)
mysql->options.ssl_cert = 0; mysql->options.ssl_cert = 0;
mysql->options.ssl_ca = 0; mysql->options.ssl_ca = 0;
mysql->options.ssl_capath = 0; mysql->options.ssl_capath = 0;
mysql->options.use_ssl = false; mysql->options.use_ssl = FALSE;
mysql->connector_fd->delete(); my_free(mysql->connector_fd,MYF(MY_ALLOW_ZERO_PTR));
mysql->connector_fd = 0; mysql->connector_fd = 0;
return 0; return 0;
}*/ }
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
/************************************************************************** /**************************************************************************
@ -1788,7 +1788,7 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
/* Do the SSL layering. */ /* Do the SSL layering. */
DBUG_PRINT("info", ("IO layer change in progress...")); DBUG_PRINT("info", ("IO layer change in progress..."));
DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_)); DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_));
mysql->net.vio = sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio); sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio);
DBUG_PRINT("info", ("IO layer change done!")); DBUG_PRINT("info", ("IO layer change done!"));
} }
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
@ -1972,8 +1972,7 @@ mysql_close(MYSQL *mysql)
bzero((char*) &mysql->options,sizeof(mysql->options)); bzero((char*) &mysql->options,sizeof(mysql->options));
mysql->net.vio = 0; mysql->net.vio = 0;
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
/* ((VioConnectorFd*)(mysql->connector_fd))->delete(); mysql_ssl_clear(mysql);
mysql->connector_fd = 0;*/
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
/* free/close slave list */ /* free/close slave list */

2
libmysql_r/Makefile.am
View file

@ -22,7 +22,7 @@ target_defs =
## LIBS = @LIBS@ ## LIBS = @LIBS@
INCLUDES = @MT_INCLUDES@ -I$(srcdir)/../include -I../include \ INCLUDES = @MT_INCLUDES@ -I$(srcdir)/../include -I../include \
-I$(srcdir)/.. -I$(top_srcdir) -I.. -I$(srcdir)/.. -I$(top_srcdir) -I.. $(openssl_includes)
## automake barfs if you don't use $(srcdir) or $(top_srcdir) in include ## automake barfs if you don't use $(srcdir) or $(top_srcdir) in include
include $(top_srcdir)/libmysql/Makefile.shared include $(top_srcdir)/libmysql/Makefile.shared

22
sql/mysqld.cc
View file

@ -692,6 +692,28 @@ void clean_up(bool print_message)
#ifdef USE_RAID #ifdef USE_RAID
end_raid(); end_raid();
#endif #endif
#ifdef HAVE_OPENSSL
if(opt_ssl_key) {
my_free(opt_ssl_key,MYF(0));
opt_ssl_key=0;
}
if(opt_ssl_cert) {
my_free(opt_ssl_cert,MYF(0));
opt_ssl_cert=0;
}
if(opt_ssl_ca) {
my_free(opt_ssl_ca,MYF(0));
opt_ssl_ca=0;
}
if(opt_ssl_capath) {
my_free(opt_ssl_capath,MYF(0));
opt_ssl_capath=0;
}
if(ssl_acceptor_fd) {
my_free((gptr)ssl_acceptor_fd,MYF(0));
ssl_acceptor_fd=0;
}
#endif /* HAVE_OPENSSL */
free_defaults(defaults_argv); free_defaults(defaults_argv);
my_free(charsets_list, MYF(MY_ALLOW_ZERO_PTR)); my_free(charsets_list, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql_tmpdir,MYF(0)); my_free(mysql_tmpdir,MYF(0));

2
sql/sql_parse.cc
View file

@ -425,7 +425,7 @@ check_connections(THD *thd)
DBUG_PRINT("info", ("Agreed to change IO layer to SSL") ); DBUG_PRINT("info", ("Agreed to change IO layer to SSL") );
/* Do the SSL layering. */ /* Do the SSL layering. */
DBUG_PRINT("info", ("IO layer change in progress...")); DBUG_PRINT("info", ("IO layer change in progress..."));
net->vio = sslaccept(ssl_acceptor_fd, net->vio); sslaccept(ssl_acceptor_fd, net->vio);
DBUG_PRINT("info", ("Reading user information over SSL layer")); DBUG_PRINT("info", ("Reading user information over SSL layer"));
if ((pkt_len=my_net_read(net)) == packet_error || if ((pkt_len=my_net_read(net)) == packet_error ||
pkt_len < NORMAL_HANDSHAKE_SIZE) pkt_len < NORMAL_HANDSHAKE_SIZE)

7
vio/Makefile.am
View file

@ -15,10 +15,13 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
INCLUDES = -I$(srcdir)/../include -I../include $(openssl_includes) INCLUDES = -I$(srcdir)/../include -I../include $(openssl_includes)
LDADD = libvio.a $(openssl_libs) LDADD = libvio.a $(openssl_libs)
pkglib_LIBRARIES = libvio.a pkglib_LIBRARIES = libvio.a
noinst_PROGRAMS = noinst_PROGRAMS = viotest-ssl
noinst_HEADERS = noinst_HEADERS =
viotest_ssl_SOURCES = viotest-ssl.c
viotest_ssl_LDADD = ../dbug/libdbug.a libvio.a ../mysys/libmysys.a ../strings/libmystrings.a \
libvio.a $(openssl_libs)
libvio_a_SOURCES = vio.c viosocket.c viossl.c viosslfactories.c libvio_a_SOURCES = vio.c viosocket.c viossl.c viosslfactories.c
OMIT_DEPENDENCIES = pthread.h stdio.h __stdio.h stdlib.h __stdlib.h math.h\ OMIT_DEPENDENCIES = pthread.h stdio.h __stdio.h stdlib.h __stdlib.h math.h\

98
vio/viossl.c
View file

@ -23,6 +23,9 @@
*/ */
#include <global.h> #include <global.h>
#ifdef HAVE_OPENSSL
#include <mysql_com.h> #include <mysql_com.h>
#include <errno.h> #include <errno.h>
@ -61,9 +64,6 @@
#define HANDLE void * #define HANDLE void *
#endif #endif
#ifdef HAVE_OPENSSL
static void static void
report_errors() report_errors()
{ {
@ -105,8 +105,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
{ {
int r; int r;
DBUG_ENTER("vio_ssl_read"); DBUG_ENTER("vio_ssl_read");
DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p", vio->sd, buf, size, vio->ssl_));
assert(vio->ssl_!= 0); assert(vio->ssl_!= 0);
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'",SSL_get_cipher_name(vio->ssl_)));
r = SSL_read(vio->ssl_, buf, size); r = SSL_read(vio->ssl_, buf, size);
#ifndef DBUG_OFF #ifndef DBUG_OFF
if ( r< 0) if ( r< 0)
@ -123,6 +126,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
DBUG_ENTER("vio_ssl_write"); DBUG_ENTER("vio_ssl_write");
DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));
assert(vio->ssl_!=0); assert(vio->ssl_!=0);
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'",SSL_get_cipher_name(vio->ssl_)));
r = SSL_write(vio->ssl_, buf, size); r = SSL_write(vio->ssl_, buf, size);
#ifndef DBUG_OFF #ifndef DBUG_OFF
if (r<0) if (r<0)
@ -204,6 +208,7 @@ int vio_ssl_close(Vio * vio)
if (r) if (r)
{ {
DBUG_PRINT("error", ("close() failed, error: %d",errno)); DBUG_PRINT("error", ("close() failed, error: %d",errno));
report_errors();
/* FIXME: error handling (not critical for MySQL) */ /* FIXME: error handling (not critical for MySQL) */
} }
vio->type= VIO_CLOSED; vio->type= VIO_CLOSED;
@ -289,12 +294,14 @@ my_bool vio_ssl_poll_read(Vio *vio,uint timeout)
/* FIXME: There are some duplicate code in /* FIXME: There are some duplicate code in
* sslaccept()/sslconnect() which maybe can be eliminated * sslaccept()/sslconnect() which maybe can be eliminated
*/ */
Vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd) void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
{ {
X509* client_cert;
char *str;
DBUG_ENTER("sslaccept"); DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd=%s ptr=%p", sd->desc,ptr)); DBUG_PRINT("enter", ("sd=%s ptr=%p", sd->sd,ptr));
vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE); vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE);
ptr->bio_=0; // ptr->bio_=0;
sd->ssl_=0; sd->ssl_=0;
sd->open_=FALSE; sd->open_=FALSE;
assert(sd != 0); assert(sd != 0);
@ -304,9 +311,12 @@ Vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
{ {
DBUG_PRINT("error", ("SSL_new failure")); DBUG_PRINT("error", ("SSL_new failure"));
report_errors(); report_errors();
DBUG_RETURN(sd); DBUG_VOID_RETURN;
} }
if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE))) DBUG_PRINT("info", ("ssl_=%p",sd->ssl_));
SSL_set_fd(sd->ssl_,sd->sd);
// SSL_accept(sd->ssl_);
/* if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))
{ {
DBUG_PRINT("error", ("BIO_new_socket failure")); DBUG_PRINT("error", ("BIO_new_socket failure"));
report_errors(); report_errors();
@ -314,18 +324,42 @@ Vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
sd->ssl_=0; sd->ssl_=0;
DBUG_RETURN(sd); DBUG_RETURN(sd);
} }
SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_); SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_);*/
SSL_set_accept_state(sd->ssl_); SSL_set_accept_state(sd->ssl_);
sprintf(ptr->desc_, "VioSSL(%d)", sd->sd); // sprintf(ptr->desc_, "VioSSL(%d)", sd->sd);
/* sd->ssl_cip_ = SSL_get_cipher(sd->ssl_); */ // sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);
sd->open_ = TRUE; sd->open_ = TRUE;
DBUG_RETURN(sd);
client_cert = SSL_get_peer_certificate (sd->ssl_);
if (client_cert != NULL) {
DBUG_PRINT("info",("Client certificate:"));
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
//CHK_NULL(str);
DBUG_PRINT("info",("\t subject: %s", str));
free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
//CHK_NULL(str);
DBUG_PRINT("info",("\t issuer: %s", str));
free (str);
/* We could do all sorts of certificate verification stuff here before
* deallocating the certificate. */
X509_free (client_cert);
} else
DBUG_PRINT("info",("Client does not have certificate."));
DBUG_VOID_RETURN;
} }
Vio *sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd) void sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
{ {
char *str;
X509* server_cert;
DBUG_ENTER("sslconnect"); DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd=%s ptr=%p ctx: %p", sd->desc,ptr,ptr->ssl_context_)); DBUG_PRINT("enter", ("sd=%s ptr=%p ctx: %p", sd->sd,ptr,ptr->ssl_context_));
vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE); vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE);
sd->bio_=0; sd->bio_=0;
@ -339,9 +373,11 @@ Vio *sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
{ {
DBUG_PRINT("error", ("SSL_new failure")); DBUG_PRINT("error", ("SSL_new failure"));
report_errors(); report_errors();
DBUG_RETURN(sd); DBUG_VOID_RETURN;
} }
if (!(sd->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE))) DBUG_PRINT("info", ("ssl_=%p",sd->ssl_));
printf("ssl_=%p\n",sd->ssl_);
/* if (!(sd->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))
{ {
DBUG_PRINT("error", ("BIO_new_socket failure")); DBUG_PRINT("error", ("BIO_new_socket failure"));
report_errors(); report_errors();
@ -349,12 +385,32 @@ Vio *sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
sd->ssl_=0; sd->ssl_=0;
DBUG_RETURN(sd); DBUG_RETURN(sd);
} }
SSL_set_bio(sd->ssl_, sd->bio_, sd->bio_); SSL_set_bio(sd->ssl_, sd->bio_, sd->bio_);*/
SSL_set_fd (sd->ssl_, sd->sd);
SSL_set_connect_state(sd->ssl_); SSL_set_connect_state(sd->ssl_);
/* sprintf(ptr->desc_, "VioSSL(%d)", sd->sd);
sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);*/ server_cert = SSL_get_peer_certificate (sd->ssl_);
if (server_cert != NULL) {
DBUG_PRINT("info",("Server certificate:"));
str = X509_NAME_oneline (X509_get_subject_name (server_cert), 0, 0);
DBUG_PRINT("info",("\t subject: %s", str));
free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert), 0, 0);
DBUG_PRINT("info",("\t issuer: %s\n", str));
free (str);
/* We could do all sorts of certificate verification stuff here before
* deallocating the certificate. */
X509_free(server_cert);
} else
DBUG_PRINT("info",("Server does not have certificate."));
// sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);
sd->open_ = TRUE; sd->open_ = TRUE;
DBUG_RETURN(sd); DBUG_VOID_RETURN;
} }

35
vio/viosslfactories.c
View file

@ -1,11 +1,29 @@
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with this library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111-1307, USA */
#include <global.h> #include <global.h>
#ifdef HAVE_OPENSSL
#include <my_sys.h> #include <my_sys.h>
#include <mysql_com.h> #include <mysql_com.h>
#include <violite.h> #include <violite.h>
#ifdef HAVE_OPENSSL
static bool ssl_algorithms_added = FALSE; static bool ssl_algorithms_added = FALSE;
static bool ssl_error_strings_loaded= FALSE; static bool ssl_error_strings_loaded= FALSE;
@ -142,9 +160,9 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
if (!ssl_algorithms_added) if (!ssl_algorithms_added)
{ {
DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()")); DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
ssl_algorithms_added = TRUE; ssl_algorithms_added = TRUE;
SSLeay_add_ssl_algorithms(); OpenSSL_add_all_algorithms();
} }
if (!ssl_error_strings_loaded) if (!ssl_error_strings_loaded)
{ {
@ -152,7 +170,7 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
ssl_error_strings_loaded = TRUE; ssl_error_strings_loaded = TRUE;
SSL_load_error_strings(); SSL_load_error_strings();
} }
ptr->ssl_method_ = SSLv3_client_method(); ptr->ssl_method_ = SSLv23_client_method();
ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_)); DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_));
if (ptr->ssl_context_ == 0) if (ptr->ssl_context_ == 0)
@ -186,6 +204,7 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
DBUG_RETURN(ptr); DBUG_RETURN(ptr);
ctor_failure: ctor_failure:
DBUG_PRINT("exit", ("there was an error")); DBUG_PRINT("exit", ("there was an error"));
my_free((gptr)ptr,MYF(0));
DBUG_RETURN(0); DBUG_RETURN(0);
} }
@ -216,9 +235,10 @@ new_VioSSLAcceptorFd(const char* key_file,
if (!ssl_algorithms_added) if (!ssl_algorithms_added)
{ {
DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()")); DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
ssl_algorithms_added = TRUE; ssl_algorithms_added = TRUE;
SSLeay_add_ssl_algorithms(); OpenSSL_add_all_algorithms();
} }
if (!ssl_error_strings_loaded) if (!ssl_error_strings_loaded)
{ {
@ -226,7 +246,7 @@ new_VioSSLAcceptorFd(const char* key_file,
ssl_error_strings_loaded = TRUE; ssl_error_strings_loaded = TRUE;
SSL_load_error_strings(); SSL_load_error_strings();
} }
ptr->ssl_method_ = SSLv3_server_method(); ptr->ssl_method_ = SSLv23_server_method();
ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
if (ptr->ssl_context_==0) if (ptr->ssl_context_==0)
{ {
@ -267,6 +287,7 @@ new_VioSSLAcceptorFd(const char* key_file,
DBUG_RETURN(ptr); DBUG_RETURN(ptr);
ctor_failure: ctor_failure:
DBUG_PRINT("exit", ("there was an error")); DBUG_PRINT("exit", ("there was an error"));
my_free((gptr)ptr,MYF(0));
DBUG_RETURN(0); DBUG_RETURN(0);
} }

140
vio/viotest-ssl.c Normal file
View file

@ -0,0 +1,140 @@
#include <global.h>
#ifdef HAVE_OPENSSL
#include <my_sys.h>
#include <m_string.h>
#include <m_ctype.h>
#include "mysql.h"
#include "errmsg.h"
#include <my_dir.h>
#ifndef __GNU_LIBRARY__
#define __GNU_LIBRARY__ // Skip warnings in getopt.h
#endif
#include <getopt.h>
//#include "my_readline.h"
#include <signal.h>
#include <violite.h>
const char *VER="0.1";
#ifndef DBUG_OFF
const char *default_dbug_option="d:t:O,/tmp/viotest-ssl.trace";
#endif
void
fatal_error( const char* r)
{
perror(r);
exit(0);
}
void
print_usage()
{
printf("viossl-test: testing SSL virtual IO. Usage:\n");
printf("viossl-test server-key server-cert client-key client-cert [CAfile] [CApath]\n");
}
int
main( int argc,
char** argv)
{
char* server_key = 0;
char* server_cert = 0;
char* client_key = 0;
char* client_cert = 0;
char* ca_file = 0;
char* ca_path = 0;
int child_pid,sv[2];
struct st_VioSSLAcceptorFd* ssl_acceptor=0;
struct st_VioSSLConnectorFd* ssl_connector=0;
Vio* client_vio=0;
Vio* server_vio=0;
MY_INIT(argv[0]);
// DBUG_ENTER("main");
DBUG_PROCESS(argv[0]);
DBUG_PUSH(default_dbug_option);
if (argc<5)
{
print_usage();
return 1;
}
server_key = argv[1];
server_cert = argv[2];
client_key = argv[3];
client_cert = argv[4];
if (argc>5)
ca_file = argv[5];
if (argc>6)
ca_path = argv[6];
printf("Server key/cert : %s/%s\n", server_key, server_cert);
printf("Client key/cert : %s/%s\n", client_key, client_cert);
if (ca_file!=0)
printf("CAfile : %s\n", ca_file);
if (ca_path!=0)
printf("CApath : %s\n", ca_path);
if (socketpair(PF_UNIX, SOCK_STREAM, IPPROTO_IP, sv)==-1)
fatal_error("socketpair");
ssl_acceptor = new_VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
ssl_connector = new_VioSSLConnectorFd(client_key, client_cert, ca_file, ca_path);
client_vio = (Vio*)my_malloc(sizeof(struct st_vio),MYF(0));
client_vio->sd = sv[0];
sslconnect(ssl_connector,client_vio);
server_vio = (Vio*)my_malloc(sizeof(struct st_vio),MYF(0));
server_vio->sd = sv[1];
sslaccept(ssl_acceptor,server_vio);
printf("Socketpair: %d , %d\n", client_vio->sd, server_vio->sd);
child_pid = fork();
if (child_pid==-1) {
my_free((gptr)ssl_acceptor,MYF(0));
my_free((gptr)ssl_connector,MYF(0));
fatal_error("fork");
}
if (child_pid==0) {
//child, therefore, client
char xbuf[100];
int r = vio_ssl_read(client_vio,xbuf, sizeof(xbuf));
if (r<=0) {
my_free((gptr)ssl_acceptor,MYF(0));
my_free((gptr)ssl_connector,MYF(0));
fatal_error("client:SSL_read");
}
// printf("*** client cipher %s\n",client_vio->cipher_description());
xbuf[r] = 0;
printf("client:got %s\n", xbuf);
my_free((gptr)client_vio,MYF(0));
my_free((gptr)ssl_acceptor,MYF(0));
my_free((gptr)ssl_connector,MYF(0));
sleep(1);
} else {
const char* s = "Huhuhuh";
int r = vio_ssl_write(server_vio,(gptr)s, strlen(s));
if (r<=0) {
my_free((gptr)ssl_acceptor,MYF(0));
my_free((gptr)ssl_connector,MYF(0));
fatal_error("server:SSL_write");
}
// printf("*** server cipher %s\n",server_vio->cipher_description());
my_free((gptr)server_vio,MYF(0));
my_free((gptr)ssl_acceptor,MYF(0));
my_free((gptr)ssl_connector,MYF(0));
sleep(1);
}
return 0;
}
#else /* HAVE_OPENSSL */
int main() {
return 0;
}
#endif /* HAVE_OPENSSL */

104
vio/viotest-ssl.cc
View file

@ -1,104 +0,0 @@
#include "all.h"
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <unistd.h>
void
fatal_error( const char* r)
{
perror(r);
exit(0);
}
void
print_usage()
{
printf("viossltest: testing SSL virtual IO. Usage:\n");
printf("viossltest server-key server-cert client-key client-cert [CAfile] [CApath]\n");
}
int
main( int argc,
char** argv)
{
char* server_key = 0;
char* server_cert = 0;
char* client_key = 0;
char* client_cert = 0;
char* ca_file = 0;
char* ca_path = 0;
int sv[2];
if (argc<5)
{
print_usage();
return 1;
}
if (socketpair(PF_UNIX, SOCK_STREAM, IPPROTO_IP, sv)==-1)
fatal_error("socketpair");
server_key = argv[1];
server_cert = argv[2];
client_key = argv[3];
client_cert = argv[4];
if (argc>5)
ca_file = argv[5];
if (argc>6)
ca_path = argv[6];
printf("Server key/cert : %s/%s\n", server_key, server_cert);
printf("Client key/cert : %s/%s\n", client_key, client_cert);
if (ca_file!=0)
printf("CAfile : %s\n", ca_file);
if (ca_path!=0)
printf("CApath : %s\n", ca_path);
VIO_NS::VioSSLAcceptorFd* ssl_acceptor = new VIO_NS::VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
VIO_NS::VioSSLConnectorFd* ssl_connector = new VIO_NS::VioSSLConnectorFd(client_key, client_cert, ca_file, ca_path);
printf("Socketpair: %d , %d\n", sv[0], sv[1]);
VIO_NS::VioSSL* client_vio = ssl_connector->connect(sv[0]);
VIO_NS::VioSSL* server_vio = ssl_acceptor->accept(sv[1]);
int child_pid = fork();
if (child_pid==-1) {
delete ssl_acceptor;
delete ssl_connector;
fatal_error("fork");
}
if (child_pid==0) {
//child, therefore, client
char xbuf[100];
int r = client_vio->read(xbuf, sizeof(xbuf));
if (r<=0) {
delete ssl_acceptor;
delete ssl_connector;
fatal_error("client:SSL_read");
}
printf("*** client cipher %s\n",client_vio->cipher_description());
xbuf[r] = 0;
printf("client:got %s\n", xbuf);
delete client_vio;
delete ssl_acceptor;
delete ssl_connector;
sleep(1);
} else {
const char* s = "Huhuhuh";
int r = server_vio->write((void *)s, strlen(s));
if (r<=0) {
delete ssl_acceptor;
delete ssl_connector;
fatal_error("server:SSL_write");
}
printf("*** server cipher %s\n",server_vio->cipher_description());
delete server_vio;
delete ssl_acceptor;
delete ssl_connector;
sleep(1);
}
}