mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 12:02:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge neptunus.(none):/home/msvensson/mysql/mysql-5.1-md

Browse source 
into  neptunus.(none):/home/msvensson/mysql/mysql-5.1
This commit is contained in:
msvensson@neptunus.(none) 2006-05-12 11:19:37 +02:00
commit 46f1f3ed2c
87 changed files with 1804 additions and 869 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
client/client_priv.h
View file

@ -58,5 +58,5 @@ enum options_client
OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE,
OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_CREATE_SLAP_SCHEMA,
OPT_MYSQL_REPLACE_INTO, OPT_BASE64_OUTPUT, OPT_SERVER_ID,
OPT_FIX_TABLE_NAMES, OPT_FIX_DB_NAMES
OPT_FIX_TABLE_NAMES, OPT_FIX_DB_NAMES, OPT_SSL_VERIFY_SERVER_CERT
};

2
client/mysql.cc
View file

@ -3144,6 +3144,8 @@ sql_real_connect(char *host,char *database,char *user,char *password,
if (opt_use_ssl)
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert);
#endif
if (opt_protocol)
mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

2
client/mysqladmin.cc
View file

@ -340,6 +340,8 @@ int main(int argc,char *argv[])
if (opt_use_ssl)
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert);
#endif
if (opt_protocol)
mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

2
client/mysqldump.c
View file

@ -918,6 +918,8 @@ static int dbConnect(char *host, char *user,char *passwd)
if (opt_use_ssl)
mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(&mysql_connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert);
#endif
if (opt_protocol)
mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

2
client/mysqlimport.c
View file

@ -406,6 +406,8 @@ static MYSQL *db_connect(char *host, char *database,
if (opt_use_ssl)
mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert);
#endif
if (opt_protocol)
mysql_options(mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

2
client/mysqlshow.c
View file

@ -109,6 +109,8 @@ int main(int argc, char **argv)
if (opt_use_ssl)
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
(char*)&opt_ssl_verify_server_cert);
#endif
if (opt_protocol)
mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);

42
client/mysqltest.c
View file

@ -87,14 +87,6 @@
#endif
#define MAX_SERVER_ARGS 64
/*
Sometimes in a test the client starts before
the server - to solve the problem, we try again
after some sleep if connection fails the first
time
*/
#define CON_RETRY_SLEEP 2
#define MAX_CON_TRIES 5
#define SLAVE_POLL_INTERVAL 300000 /* 0.3 of a sec */
#define DEFAULT_DELIMITER ";"
@ -108,7 +100,7 @@ enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD,
OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC,
OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH,
OPT_SSL_CIPHER,OPT_PS_PROTOCOL,OPT_SP_PROTOCOL,OPT_CURSOR_PROTOCOL,
OPT_VIEW_PROTOCOL};
OPT_VIEW_PROTOCOL, OPT_SSL_VERIFY_SERVER_CERT, OPT_MAX_CONNECT_RETRIES};
/* ************************************************************************ */
/*
@ -158,6 +150,7 @@ static char *db = 0, *pass=0;
const char *user = 0, *host = 0, *unix_sock = 0, *opt_basedir="./";
const char *opt_include= 0;
static int port = 0;
static int opt_max_connect_retries;
static my_bool opt_big_test= 0, opt_compress= 0, silent= 0, verbose = 0;
static my_bool tty_password= 0;
static my_bool ps_protocol= 0, ps_protocol_enabled= 0;
@ -2501,9 +2494,16 @@ void init_manager()
db, port, sock
NOTE
This function will try to connect to the given server MAX_CON_TRIES
times and sleep CON_RETRY_SLEEP seconds between attempts before
finally giving up. This helps in situation when the client starts
Sometimes in a test the client starts before
the server - to solve the problem, we try again
after some sleep if connection fails the first
time
This function will try to connect to the given server
"opt_max_connect_retries" times and sleep "connection_retry_sleep"
seconds between attempts before finally giving up.
This helps in situation when the client starts
before the server (which happens sometimes).
It will ignore any errors during these retries. One should use
connect_n_handle_errors() if he expects a connection error and wants
@ -2518,8 +2518,9 @@ int safe_connect(MYSQL* mysql, const char *host, const char *user,
{
int con_error= 1;
my_bool reconnect= 1;
static int connection_retry_sleep= 2; /* Seconds */
int i;
for (i= 0; i < MAX_CON_TRIES; ++i)
for (i= 0; i < opt_max_connect_retries; i++)
{
if (mysql_real_connect(mysql, host,user, pass, db, port, sock,
CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS))
@ -2527,7 +2528,7 @@ int safe_connect(MYSQL* mysql, const char *host, const char *user,
con_error= 0;
break;
}
sleep(CON_RETRY_SLEEP);
sleep(connection_retry_sleep);
}
/*
TODO: change this to 0 in future versions, but the 'kill' test relies on
@ -2755,8 +2756,12 @@ int do_connect(struct st_query *q)
#ifdef HAVE_OPENSSL
if (opt_use_ssl || con_ssl)
{
mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(&next_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
&opt_ssl_verify_server_cert);
}
#endif
if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR)
con_sock=fn_format(buff, con_sock, TMPDIR, "",0);
@ -3290,6 +3295,10 @@ static struct my_option my_long_options[] =
{"manager-wait-timeout", OPT_MANAGER_WAIT_TIMEOUT,
"Undocumented: Used for debugging.", (gptr*) &manager_wait_timeout,
(gptr*) &manager_wait_timeout, 0, GET_INT, REQUIRED_ARG, 3, 0, 0, 0, 0, 0},
{"max-connect-retries", OPT_MAX_CONNECT_RETRIES,
"Max number of connection attempts when connecting to server",
(gptr*) &opt_max_connect_retries, (gptr*) &opt_max_connect_retries, 0,
GET_INT, REQUIRED_ARG, 5, 1, 10, 0, 0, 0},
{"password", 'p', "Password to use when connecting to server.",
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
{"port", 'P', "Port number to use for connection.", (gptr*) &port,
@ -5207,9 +5216,14 @@ int main(int argc, char **argv)
mysql_options(&cur_con->mysql, MYSQL_SET_CHARSET_NAME, charset_name);
#ifdef HAVE_OPENSSL
opt_ssl_verify_server_cert= TRUE; /* Always on in mysqltest */
if (opt_use_ssl)
{
mysql_ssl_set(&cur_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
opt_ssl_capath, opt_ssl_cipher);
mysql_options(&cur_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
&opt_ssl_verify_server_cert);
}
#endif
if (!(cur_con->name = my_strdup("default", MYF(MY_WME))))

35
extra/yassl/README
View file

@ -1,4 +1,37 @@
yaSSL Release notes, version 1.2.2 (03/27/06)
yaSSL Release notes, version 1.3.0 (04/26/06)
This release of yaSSL contains minor bug fixes, portability enhancements,
and libcurl support.
See normal build instructions below under 1.0.6.
--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
To build for libcurl the library needs to be built without C++ globals since
the linker will be called in a C context, also libcurl configure will expect
OpenSSL library names so some symbolic links are created.
./configure --enable-pure-c
make
make openssl-links
(then go to your libcurl home and tell libcurl about yaSSL)
./configure --with-ssl=/yaSSL-HomeDir
make
--To build for libcurl on Win32:
Simply add the yaSSL project as a dependency to libcurl, add
yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and
define USE_SSLEAY and USE_OPENSSL
please email todd@yassl.com if you have any questions.
*******************yaSSL Release notes, version 1.2.2 (03/27/06)
This release of yaSSL contains minor bug fixes and portability enhancements.

53
extra/yassl/certs/ca-cert.pem Normal file
View file

@ -0,0 +1,53 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 20:12:32 2005 GMT
Not After : Oct 15 20:12:32 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6:
90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26:
c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7:
6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34:
7d:79:97:5e:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
X509v3 Authority Key Identifier:
keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d:
28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29:
a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47:
03:ea:0b:4c:67:45:4b:ab:f3:39
-----BEGIN CERTIFICATE-----
MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3
MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy
W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h
AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV
HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG
EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21
86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk=
-----END CERTIFICATE-----

BIN
extra/yassl/certs/client-cert.der Normal file
View file

Binary file not shown.

52
extra/yassl/certs/client-cert.pem Normal file
View file

@ -0,0 +1,52 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 19:33:15 2005 GMT
Not After : Oct 15 19:33:15 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86:
36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2:
26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28:
65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd:
46:2a:a0:45:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
X509v3 Authority Key Identifier:
keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
c5:82:26:0c:1f:61:01:14:b0:ce:18:99:64:91:0e:f1:f8:90:
3e:a3:0e:be:38:7c:97:ba:05:c9:2a:dc:dd:62:2d:12:61:79:
7a:86:b1:97:5d:1e:e8:f7:e8:32:34:f7:8f:b1:08:3d:13:71:
a6:3c:15:91:85:12:35:6e:78:87
-----BEGIN CERTIFICATE-----
MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP
MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT
U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMB4XDTA1MDExODE5MzMxNVoXDTA3MTAxNTE5MzMxNVoweDELMAkG
A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM
BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH
+LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA
ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC
wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu
ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQEEBQADQQDFgiYMH2EBFLDOGJlkkQ7x+JA+ow6+OHyXugXJKtzdYi0SYXl6
hrGXXR7o9+gyNPePsQg9E3GmPBWRhRI1bniH
-----END CERTIFICATE-----

BIN
extra/yassl/certs/client-key.der Normal file
View file

Binary file not shown.

9
extra/yassl/certs/client-key.pem Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz
Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l
n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg
QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT
8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP
YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA
uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L
-----END RSA PRIVATE KEY-----

1
extra/yassl/certs/dh1024.dat Normal file
View file

@ -0,0 +1 @@
30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102

68
extra/yassl/certs/dsa-cert.pem Normal file
View file

@ -0,0 +1,68 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: dsaWithSHA1
Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
Validity
Not Before: Jan 23 22:54:51 2005 GMT
Not After : Oct 20 22:54:51 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: dsaEncryption
DSA Public Key:
pub:
04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
ef:bb:b9:82
P:
00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
b9:42:fd:1b:11
Q:
00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
a6:b7:dd:4d:03:09
G:
12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
10:46:19:31
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
X509v3 Authority Key Identifier:
keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: dsaWithSHA1
30:2b:02:14:74:46:9f:91:7b:24:17:3b:ee:0f:10:e3:76:62:
f4:dc:81:e6:fd:fe:02:13:08:f4:87:0a:ab:ba:9c:de:3a:69:
72:59:b8:ec:e9:57:f4:bf:37
-----BEGIN CERTIFICATE-----
MIIDMTCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD
VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE
U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz
bC5jb20wHhcNMDUwMTIzMjI1NDUxWhcNMDcxMDIwMjI1NDUxWjB4MQswCQYDVQQG
EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE
ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW
DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+
Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5
Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l
jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA
AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z
JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK
IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow
eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh
bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ
KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG
SM44BAMDLgAwKwIUdEafkXskFzvuDxDjdmL03IHm/f4CEwj0hwqrupzeOmlyWbjs
6Vf0vzc=
-----END CERTIFICATE-----

BIN
extra/yassl/certs/dsa512.der Normal file
View file

Binary file not shown.

8
extra/yassl/certs/dsa512.pem Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN DSA PRIVATE KEY-----
MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
E2V27tjDFY02uA==
-----END DSA PRIVATE KEY-----

38
extra/yassl/certs/server-cert.pem Normal file
View file

@ -0,0 +1,38 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 20:50:59 2005 GMT
Not After : Oct 15 20:50:59 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9:
95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0:
a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be:
6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd:
f2:25:93:22:e7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
08:36:07:8c:3a:7f:f9:91:0a:82:d1:6a:c1:34:be:bc:2d:b2:
20:98:dc:45:50:53:9c:66:e6:26:71:bd:fa:d2:b4:91:d3:53:
c0:20:05:c0:b6:84:9a:5f:3f:61:75:f5:fd:c6:ec:e2:f6:9f:
a2:13:17:a9:b7:83:60:cc:cb:eb
-----BEGIN CERTIFICATE-----
MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD
VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290
aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI
hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAxMTgyMDUwNTlaFw0wNzEwMTUy
MDUwNTlaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh
b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G
CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg
0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI
hvcNAQEEBQADQQAINgeMOn/5kQqC0WrBNL68LbIgmNxFUFOcZuYmcb360rSR01PA
IAXAtoSaXz9hdfX9xuzi9p+iExept4NgzMvr
-----END CERTIFICATE-----

9
extra/yassl/certs/server-key.pem Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU
ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC
1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI
2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE
B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw
7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL
WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI=
-----END RSA PRIVATE KEY-----

50
extra/yassl/certs/taoCert.txt Normal file
View file

@ -0,0 +1,50 @@
***** Create a self signed cert ************
1) openssl genrsa 512 > client-key.pem
2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
-- adding metadata to beginning
3) openssl x509 -in client-cert.pem -text > tmp.pem
4) mv tmp.pem client-cert.pem
***** Create a CA, signing authority **********
same as self signed, use ca prefix instead of client
***** Create a cert signed by CA **************
1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
2) copy ca-key.pem ca-cert.srl (why ????)
3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
***** To create a dsa cert ********************
1) openssl dsaparam 512 > dsa512.param # creates group params
2) openssl gendsa dsa512.param > dsa512.pem # creates private key
3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem
***** To convert from PEM to DER **************
a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
to convert rsa private PEM to DER :
b) openssl rsa -in key.pem -outform DER -out key.der

8
extra/yassl/examples/client/client.cpp
View file

@ -33,10 +33,10 @@ void client_test(void* args)
const char* cipher = 0;
int index = 0;
char list[1024];
strcpy(list, "cipherlist");
strncpy(list, "cipherlist", 11);
while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) {
strcat(list, ":");
strcat(list, cipher);
strncat(list, ":", 2);
strncat(list, cipher, strlen(cipher) + 1);
}
printf("%s\n", list);
printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl));
@ -89,6 +89,8 @@ void client_test(void* args)
args.argv = argv;
client_test(&args);
yaSSL_CleanUp();
return args.return_code;
}

1
extra/yassl/examples/echoclient/echoclient.cpp
View file

@ -82,6 +82,7 @@ void echoclient_test(void* args)
args.argv = argv;
echoclient_test(&args);
yaSSL_CleanUp();
return args.return_code;
}

2
extra/yassl/examples/echoserver/echoserver.cpp
View file

@ -15,6 +15,8 @@
args.argv = argv;
echoserver_test(&args);
yaSSL_CleanUp();
return args.return_code;
}

2
extra/yassl/examples/server/server.cpp
View file

@ -67,6 +67,8 @@ THREAD_RETURN YASSL_API server_test(void* args)
args.argv = argv;
server_test(&args);
yaSSL_CleanUp();
return args.return_code;
}

2
extra/yassl/include/openssl/err.h
View file

@ -1,6 +1,6 @@
/* err.h for openssl */
#ifndef ysSSL_err_h__
#ifndef yaSSL_err_h__
#define yaSSL_err_h__

1
extra/yassl/include/openssl/md4.h Normal file
View file

@ -0,0 +1 @@
/* md4.h for libcurl */

3
extra/yassl/include/openssl/md5.h
View file

@ -1 +1,4 @@
/* md5.h for openssl */
#include "ssl.h" /* in there for now */

1
extra/yassl/include/openssl/pem.h Normal file
View file

@ -0,0 +1 @@
/* pem.h for libcurl */

125
extra/yassl/include/openssl/ssl.h
View file

@ -29,8 +29,22 @@
#define yaSSL_openssl_h__
#include <stdio.h> /* ERR_print fp */
#include "opensslv.h" /* for version number */
#include "rsa.h"
#if defined(__cplusplus)
extern "C" {
#endif
void yaSSL_CleanUp(); /* call once at end of application use to
free static singleton memory holders,
not a leak per se, but helpful when
looking for them */
#if defined(__cplusplus)
} // extern
#endif
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
namespace yaSSL {
extern "C" {
@ -102,7 +116,6 @@ void X509_free(X509*);
typedef struct BIO BIO;
/* ASN stuff */
typedef struct ASN1_TIME ASN1_TIME;
@ -345,8 +358,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
void OpenSSL_add_all_algorithms(void);
void SSL_library_init();
void SSLeay_add_ssl_algorithms(void);
int SSL_library_init();
int SSLeay_add_ssl_algorithms(void);
SSL_CIPHER* SSL_get_current_cipher(SSL*);
@ -371,6 +384,10 @@ typedef unsigned char DES_cblock[8];
typedef const DES_cblock const_DES_cblock;
typedef DES_cblock DES_key_schedule;
enum {
DES_ENCRYPT = 1,
DES_DECRYPT = 0
};
const EVP_MD* EVP_md5(void);
const EVP_CIPHER* EVP_des_ede3_cbc(void);
@ -392,6 +409,108 @@ int RAND_write_file(const char*);
int RAND_load_file(const char*, long);
/* for libcurl */
int RAND_status(void);
int DES_set_key(const_DES_cblock*, DES_key_schedule*);
void DES_set_odd_parity(DES_cblock*);
void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
void SSL_SESSION_free(SSL_SESSION* session);
X509* SSL_get_certificate(SSL* ssl);
EVP_PKEY* SSL_get_privatekey(SSL* ssl);
EVP_PKEY* X509_get_pubkey(X509* x);
int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from);
void EVP_PKEY_free(EVP_PKEY* pkey);
void ERR_error_string_n(unsigned long e, char *buf, size_t len);
void ERR_free_strings(void);
void EVP_cleanup(void);
void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx);
#define GEN_IPADD 7
#define NID_subject_alt_name 85
#define STACK_OF(x) x
/* defined here because libcurl dereferences */
typedef struct ASN1_STRING {
int type;
int length;
unsigned char* data;
} ASN1_STRING;
typedef struct GENERAL_NAME {
int type;
union {
ASN1_STRING* ia5;
} d;
} GENERAL_NAME;
void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x);
int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x);
GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i);
unsigned char* ASN1_STRING_data(ASN1_STRING* x);
int ASN1_STRING_length(ASN1_STRING* x);
int ASN1_STRING_type(ASN1_STRING *x);
typedef ASN1_STRING X509_NAME_ENTRY;
int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos);
ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne);
X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc);
#define OPENSSL_malloc(x) malloc(x)
#define OPENSSL_free(x) free(x)
int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in);
SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */
SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */
SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */
#define CRYPTO_free(x) free(x)
#define ASN1_TIME ASN1_STRING
ASN1_TIME* X509_get_notBefore(X509* x);
ASN1_TIME* X509_get_notAfter(X509* x);
#define ASN1_UTCTIME ASN1_STRING
#define NID_commonName 13
#define V_ASN1_UTF8STRING 12
#define GEN_DNS 2
typedef struct MD4_CTX {
void* ptr;
} MD4_CTX;
void MD4_Init(MD4_CTX*);
void MD4_Update(MD4_CTX*, const void*, unsigned long);
void MD4_Final(unsigned char*, MD4_CTX*);
typedef struct MD5_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} MD5_CTX;
void MD5_Init(MD5_CTX*);
void MD5_Update(MD5_CTX*, const void*, unsigned long);
void MD5_Final(unsigned char*, MD5_CTX*);
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */

1
extra/yassl/include/openssl/x509.h Normal file
View file

@ -0,0 +1 @@
/* x509.h for libcurl */

1
extra/yassl/include/openssl/x509v3.h Normal file
View file

@ -0,0 +1 @@
/* x509v3.h for libcurl */

41
extra/yassl/include/yassl_int.hpp
View file

@ -34,6 +34,7 @@
#include "cert_wrapper.hpp"
#include "log.hpp"
#include "lock.hpp"
#include "openssl/ssl.h" // ASN1_STRING and DH
namespace yaSSL {
@ -126,32 +127,70 @@ private:
};
// hold add crypt references provided to callers
class CryptProvider {
mySTL::list<Digest*> digestList_;
mySTL::list<BulkCipher*> cipherList_;
CryptProvider() {} // only GetCryptProvider creates
public:
~CryptProvider();
Digest* NewMd5();
BulkCipher* NewDesEde();
friend CryptProvider& GetCryptProvider();
private:
CryptProvider(const CryptProvider&); // hide copy
CryptProvider& operator=(const CryptProvider&); // and assign
};
CryptProvider& GetCryptProvider();
#undef X509_NAME // wincrypt.h clash
// openSSL X509 names
class X509_NAME {
char* name_;
size_t sz_;
ASN1_STRING entry_;
public:
X509_NAME(const char*, size_t sz);
~X509_NAME();
char* GetName();
ASN1_STRING* GetEntry(int i);
private:
X509_NAME(const X509_NAME&); // hide copy
X509_NAME& operator=(const X509_NAME&); // and assign
};
class StringHolder {
ASN1_STRING asnString_;
public:
StringHolder(const char* str, int sz);
~StringHolder();
ASN1_STRING* GetString();
};
// openSSL X509
class X509 {
X509_NAME issuer_;
X509_NAME subject_;
StringHolder beforeDate_; // not valid before
StringHolder afterDate_; // not valid after
public:
X509(const char* i, size_t, const char* s, size_t);
X509(const char* i, size_t, const char* s, size_t,
const char* b, int, const char* a, int);
~X509() {}
X509_NAME* GetIssuer();
X509_NAME* GetSubject();
ASN1_STRING* GetBefore();
ASN1_STRING* GetAfter();
private:
X509(const X509&); // hide copy
X509& operator=(const X509&); // and assign

4
extra/yassl/include/yassl_types.hpp
View file

@ -35,10 +35,6 @@
namespace yaSSL {
// Delete static singleton memory holders
void CleanUp();
#ifdef YASSL_PURE_C
// library allocation

1
extra/yassl/lib/dummy Normal file
View file

@ -0,0 +1 @@
// this is a dummy file

5
extra/yassl/mySTL/helpers.hpp
View file

@ -44,6 +44,11 @@
return static_cast<void*>(d);
}
// for compilers that want matching delete
inline void operator delete(void* ptr, Dummy* d)
{
}
typedef Dummy* yassl_pointer;
namespace mySTL {

9
extra/yassl/src/cert_wrapper.cpp
View file

@ -271,10 +271,13 @@ int CertManager::Validate()
else
peerKeyType_ = dsa_sa_algo;
int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0;
int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0;
int iSz = strlen(cert.GetIssuer()) + 1;
int sSz = strlen(cert.GetCommonName()) + 1;
int bSz = strlen(cert.GetBeforeDate()) + 1;
int aSz = strlen(cert.GetAfterDate()) + 1;
peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
sSz);
sSz, cert.GetBeforeDate(), bSz,
cert.GetAfterDate(), aSz);
}
return 0;
}

2
extra/yassl/src/make.bat
View file

@ -1,4 +1,4 @@
# quick and dirty build file for testing different MSDEVs
REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../mySTL /I../taocrypt/include /W3 /c /ZI

382
extra/yassl/src/ssl.cpp
View file

@ -1,4 +1,4 @@
/* ssl.cpp
/* ssl.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
@ -36,6 +36,7 @@
#include "openssl/ssl.h"
#include "handshake.hpp"
#include "yassl_int.hpp"
#include "md5.hpp" // for TaoCrypt MD5 size assert
#include <stdio.h>
#ifdef _WIN32
@ -52,6 +53,53 @@ namespace yaSSL {
using mySTL::min;
int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
{
if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
return SSL_BAD_FILETYPE;
FILE* input = fopen(file, "rb");
if (!input)
return SSL_BAD_FILE;
if (type == CA) {
x509* ptr = PemToDer(file, Cert);
if (!ptr) {
fclose(input);
return SSL_BAD_FILE;
}
ctx->AddCA(ptr); // takes ownership
}
else {
x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
if (format == SSL_FILETYPE_ASN1) {
fseek(input, 0, SEEK_END);
long sz = ftell(input);
rewind(input);
x = NEW_YS x509(sz); // takes ownership
size_t bytes = fread(x->use_buffer(), sz, 1, input);
if (bytes != 1) {
fclose(input);
return SSL_BAD_FILE;
}
}
else {
x = PemToDer(file, type);
if (!x) {
fclose(input);
return SSL_BAD_FILE;
}
}
}
fclose(input);
return SSL_SUCCESS;
}
extern "C" {
SSL_METHOD* SSLv3_method()
{
return SSLv3_client_method();
@ -448,50 +496,6 @@ long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh)
}
int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
{
if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
return SSL_BAD_FILETYPE;
FILE* input = fopen(file, "rb");
if (!input)
return SSL_BAD_FILE;
if (type == CA) {
x509* ptr = PemToDer(file, Cert);
if (!ptr) {
fclose(input);
return SSL_BAD_FILE;
}
ctx->AddCA(ptr); // takes ownership
}
else {
x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
if (format == SSL_FILETYPE_ASN1) {
fseek(input, 0, SEEK_END);
long sz = ftell(input);
rewind(input);
x = NEW_YS x509(sz); // takes ownership
size_t bytes = fread(x->use_buffer(), sz, 1, input);
if (bytes != 1) {
fclose(input);
return SSL_BAD_FILE;
}
}
else {
x = PemToDer(file, type);
if (!x) {
fclose(input);
return SSL_BAD_FILE;
}
}
}
fclose(input);
return SSL_SUCCESS;
}
int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
{
return read_file(ctx, file, format, Cert);
@ -723,8 +727,10 @@ void OpenSSL_add_all_algorithms() // compatibility only
{}
void SSL_library_init() // compatiblity only
{}
int SSL_library_init() // compatiblity only
{
return 1;
}
DH* DH_new(void)
@ -804,15 +810,13 @@ const char* X509_verify_cert_error_string(long /* error */)
const EVP_MD* EVP_md5(void)
{
// TODO: FIX add to some list for destruction
return NEW_YS MD5;
return GetCryptProvider().NewMd5();
}
const EVP_CIPHER* EVP_des_ede3_cbc(void)
{
// TODO: FIX add to some list for destruction
return NEW_YS DES_EDE;
return GetCryptProvider().NewDesEde();
}
@ -897,6 +901,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
}
// functions for libcurl
int RAND_status()
{
return 1; /* TaoCrypt provides enough seed */
}
int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
{
memcpy(schedule, key, sizeof(const_DES_cblock));
return 1;
}
void DES_set_odd_parity(DES_cblock* key)
{
// not needed now for TaoCrypt
}
void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
DES_key_schedule* key, int enc)
{
DES des;
if (enc) {
des.set_encryptKey(*key, 0);
des.encrypt(*output, *input, DES_BLOCK);
}
else {
des.set_decryptKey(*key, 0);
des.decrypt(*output, *input, DES_BLOCK);
}
}
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata)
{
// yaSSL doesn't support yet, unencrypt your PEM file with userdata
// before handing off to yaSSL
}
X509* SSL_get_certificate(SSL* ssl)
{
// only used to pass to get_privatekey which isn't used
return 0;
}
EVP_PKEY* SSL_get_privatekey(SSL* ssl)
{
// only called, not used
return 0;
}
void SSL_SESSION_free(SSL_SESSION* session)
{
// managed by singleton
}
EVP_PKEY* X509_get_pubkey(X509* x)
{
// called, not used though
return 0;
}
int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from)
{
// called, not used though
return 0;
}
void EVP_PKEY_free(EVP_PKEY* pkey)
{
// never allocated from above
}
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
if (len) ERR_error_string(e, buf);
}
void ERR_free_strings(void)
{
// handled internally
}
void EVP_cleanup(void)
{
// nothing to do yet
}
ASN1_TIME* X509_get_notBefore(X509* x)
{
if (x) return x->GetBefore();
return 0;
}
ASN1_TIME* X509_get_notAfter(X509* x)
{
if (x) return x->GetAfter();
return 0;
}
SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */
{
return SSLv3_client_method();
}
SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */
{
return 0;
}
SSL_SESSION* SSL_get1_session(SSL* ssl) /* what's ref count */
{
return SSL_get_session(ssl);
}
void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x)
{
// no extension names supported yet
}
int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x)
{
// no extension names supported yet
return 0;
}
GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i)
{
// no extension names supported yet
return 0;
}
unsigned char* ASN1_STRING_data(ASN1_STRING* x)
{
if (x) return x->data;
return 0;
}
int ASN1_STRING_length(ASN1_STRING* x)
{
if (x) return x->length;
return 0;
}
int ASN1_STRING_type(ASN1_STRING *x)
{
if (x) return x->type;
return 0;
}
int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
{
int idx = -1; // not found
const char* start = &name->GetName()[lastpos + 1];
switch (nid) {
case NID_commonName:
const char* found = strstr(start, "/CN=");
if (found) {
found += 4; // advance to str
idx = found - start + lastpos + 1;
}
break;
}
return idx;
}
ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne)
{
// the same in yaSSL
return ne;
}
X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc)
{
return name->GetEntry(loc);
}
// already formatted, caller responsible for freeing *out
int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in)
{
if (!in) return 0;
*out = (unsigned char*)malloc(in->length + 1);
if (*out) {
memcpy(*out, in->data, in->length);
(*out)[in->length] = 0;
}
return in->length;
}
void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx)
{
// no extensions supported yet
return 0;
}
void MD4_Init(MD4_CTX* md4)
{
assert(0); // not yet supported, build compat. only
}
void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz)
{
}
void MD4_Final(unsigned char* hash, MD4_CTX* md4)
{
}
void MD5_Init(MD5_CTX* md5)
{
// make sure we have a big enough buffer
typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1];
(void) sizeof(ok);
// using TaoCrypt since no dynamic memory allocated
// and no destructor will be called
new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5();
}
void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz)
{
reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update(
static_cast<const byte*>(data), static_cast<unsigned int>(sz));
}
void MD5_Final(unsigned char* hash, MD5_CTX* md5)
{
reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash);
}
// functions for stunnel
void RAND_screen()
@ -1098,8 +1371,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
}
void SSLeay_add_ssl_algorithms() // compatibility only
{}
int SSLeay_add_ssl_algorithms() // compatibility only
{
return 1;
}
void ERR_remove_state(unsigned long)
@ -1129,4 +1404,5 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
// end stunnel needs
} // extern "C"
} // namespace

6
extra/yassl/src/template_instnt.cpp
View file

@ -31,7 +31,6 @@
#include "hmac.hpp"
#include "md5.hpp"
#include "sha.hpp"
#include "ripemd.hpp"
#include "openssl/ssl.h"
#ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
@ -51,12 +50,16 @@ template class list<yaSSL::SSL_SESSION*>;
template class list<yaSSL::input_buffer*>;
template class list<yaSSL::output_buffer*>;
template class list<yaSSL::x509*>;
template class list<yaSSL::Digest*>;
template class list<yaSSL::BulkCipher*>;
template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero);
}
namespace yaSSL {
@ -82,6 +85,7 @@ template void ysDelete<X509>(X509*);
template void ysDelete<Message>(Message*);
template void ysDelete<sslFactory>(sslFactory*);
template void ysDelete<Sessions>(Sessions*);
template void ysDelete<CryptProvider>(CryptProvider*);
template void ysArrayDelete<unsigned char>(unsigned char*);
template void ysArrayDelete<char>(char*);
}

4
extra/yassl/src/yassl_imp.cpp
View file

@ -1975,7 +1975,9 @@ Connection::Connection(ProtocolVersion v, RandomPool& ran)
: pre_master_secret_(0), sequence_number_(0), peer_sequence_number_(0),
pre_secret_len_(0), send_server_key_(false), master_clean_(false),
TLS_(v.major_ >= 3 && v.minor_ >= 1), version_(v), random_(ran)
{}
{
memset(sessionID_, 0, sizeof(sessionID_));
}
Connection::~Connection()

105
extra/yassl/src/yassl_int.cpp
View file

@ -28,7 +28,6 @@
#include "yassl_int.hpp"
#include "handshake.hpp"
#include "timer.hpp"
#include "openssl/ssl.h" // for DH
#ifdef YASSL_PURE_C
@ -1375,16 +1374,51 @@ Sessions& GetSessions()
static sslFactory* sslFactoryInstance = 0;
sslFactory& GetSSL_Factory(){
sslFactory& GetSSL_Factory()
{
if (!sslFactoryInstance)
sslFactoryInstance = NEW_YS sslFactory;
return *sslFactoryInstance;
}
void CleanUp()
static CryptProvider* cryptProviderInstance = 0;
CryptProvider& GetCryptProvider()
{
if (!cryptProviderInstance)
cryptProviderInstance = NEW_YS CryptProvider;
return *cryptProviderInstance;
}
CryptProvider::~CryptProvider()
{
mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
}
Digest* CryptProvider::NewMd5()
{
Digest* ptr = NEW_YS MD5();
digestList_.push_back(ptr);
return ptr;
}
BulkCipher* CryptProvider::NewDesEde()
{
BulkCipher* ptr = NEW_YS DES_EDE();
cipherList_.push_back(ptr);
return ptr;
}
extern "C" void yaSSL_CleanUp()
{
TaoCrypt::CleanUp();
ysDelete(cryptProviderInstance);
ysDelete(sslFactoryInstance);
ysDelete(sessionsInstance);
}
@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b)
X509_NAME::X509_NAME(const char* n, size_t sz)
: name_(0)
: name_(0), sz_(sz)
{
if (sz) {
name_ = NEW_YS char[sz];
memcpy(name_, n, sz);
}
entry_.data = 0;
}
X509_NAME::~X509_NAME()
{
ysArrayDelete(name_);
ysArrayDelete(entry_.data);
}
@ -1999,8 +2035,10 @@ char* X509_NAME::GetName()
}
X509::X509(const char* i, size_t iSz, const char* s, size_t sSz)
: issuer_(i, iSz), subject_(s, sSz)
X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
const char* b, int bSz, const char* a, int aSz)
: issuer_(i, iSz), subject_(s, sSz),
beforeDate_(b, bSz), afterDate_(a, aSz)
{}
@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject()
}
ASN1_STRING* X509::GetBefore()
{
return beforeDate_.GetString();
}
ASN1_STRING* X509::GetAfter()
{
return afterDate_.GetString();
}
ASN1_STRING* X509_NAME::GetEntry(int i)
{
if (i < 0 || i >= int(sz_))
return 0;
if (entry_.data)
ysArrayDelete(entry_.data);
entry_.data = NEW_YS byte[sz_]; // max size;
memcpy(entry_.data, &name_[i], sz_ - i);
if (entry_.data[sz_ -i - 1]) {
entry_.data[sz_ - i] = 0;
entry_.length = sz_ - i;
}
else
entry_.length = sz_ - i - 1;
entry_.type = 0;
return &entry_;
}
StringHolder::StringHolder(const char* str, int sz)
{
asnString_.length = sz;
asnString_.data = NEW_YS byte[sz + 1];
memcpy(asnString_.data, str, sz);
asnString_.type = 0; // not used for now
}
StringHolder::~StringHolder()
{
ysArrayDelete(asnString_.data);
}
ASN1_STRING* StringHolder::GetString()
{
return &asnString_;
}
} // namespace

5
extra/yassl/taocrypt/benchmark/make.bat
View file

@ -1,10 +1,9 @@
# quick and dirty build file for testing different MSDEVs
REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2
#set myFLAGS= /I../include /I../../mySTL /c /W3
cl %myFLAGS% benchmark.cpp
link.exe /out:benchmark.exe ../src/taocrypt.lib benchmark.obj
link.exe /out:benchmark.exe ../src/taocrypt.lib benchmark.obj advapi32.lib

25
extra/yassl/taocrypt/include/asn.hpp
View file

@ -79,20 +79,27 @@ enum ASNIdFlag
enum DNTags
{
COMMON_NAME = 0x03
COMMON_NAME = 0x03, // CN
SUR_NAME = 0x04, // SN
COUNTRY_NAME = 0x06, // C
LOCALITY_NAME = 0x07, // L
STATE_NAME = 0x08, // ST
ORG_NAME = 0x0a, // O
ORGUNIT_NAME = 0x0b // OU
};
enum Constants
{
MIN_DATE_SZ = 13,
MAX_DATE_SZ = 15,
MAX_DATE_SZ = 16,
MAX_ALGO_SZ = 16,
MAX_LENGTH_SZ = 5,
MAX_SEQ_SZ = 5, // enum(seq|con) + length(4)
MAX_ALGO_SIZE = 9,
MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4)
DSA_SIG_SZ = 40
DSA_SIG_SZ = 40,
NAME_MAX = 512 // max total of all included names
};
@ -205,14 +212,14 @@ enum { SHA_SIZE = 20 };
// A Signing Authority
class Signer {
PublicKey key_;
char* name_;
char name_[NAME_MAX];
byte hash_[SHA_SIZE];
public:
Signer(const byte* k, word32 kSz, const char* n, const byte* h);
~Signer();
const PublicKey& GetPublicKey() const { return key_; }
const char* GetCommonName() const { return name_; }
const char* GetName() const { return name_; }
const byte* GetHash() const { return hash_; }
private:
@ -245,6 +252,8 @@ public:
const char* GetIssuer() const { return issuer_; }
const char* GetCommonName() const { return subject_; }
const byte* GetHash() const { return subjectHash_; }
const char* GetBeforeDate() const { return beforeDate_; }
const char* GetAfterDate() const { return afterDate_; }
void DecodeToKey();
private:
@ -257,8 +266,10 @@ private:
byte subjectHash_[SHA_SIZE]; // hash of all Names
byte issuerHash_[SHA_SIZE]; // hash of all Names
byte* signature_;
char* issuer_; // CommonName
char* subject_; // CommonName
char issuer_[NAME_MAX]; // Names
char subject_[NAME_MAX]; // Names
char beforeDate_[MAX_DATE_SZ]; // valid before date
char afterDate_[MAX_DATE_SZ]; // valid after date
bool verify_; // Default to yes, but could be off
void ReadHeader();

74
extra/yassl/taocrypt/src/asn.cpp
View file

@ -213,21 +213,17 @@ void PublicKey::AddToEnd(const byte* data, word32 len)
Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h)
: key_(k, kSz), name_(0)
: key_(k, kSz)
{
if (n) {
int sz = strlen(n);
name_ = NEW_TC char[sz + 1];
memcpy(name_, n, sz);
name_[sz] = 0;
}
memcpy(hash_, h, SHA::DIGEST_SIZE);
}
Signer::~Signer()
{
tcArrayDelete(name_);
}
@ -424,17 +420,19 @@ void DH_Decoder::Decode(DH& key)
CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
bool noVerify, CertType ct)
: BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
signature_(0), issuer_(0), subject_(0), verify_(!noVerify)
signature_(0), verify_(!noVerify)
{
issuer_[0] = 0;
subject_[0] = 0;
if (decode)
Decode(signers, ct);
}
CertDecoder::~CertDecoder()
{
tcArrayDelete(subject_);
tcArrayDelete(issuer_);
tcArrayDelete(signature_);
}
@ -672,8 +670,12 @@ void CertDecoder::GetName(NameType nt)
SHA sha;
word32 length = GetSequence(); // length of all distinguished names
assert (length < NAME_MAX);
length += source_.get_index();
char* ptr = (nt == ISSUER) ? issuer_ : subject_;
word32 idx = 0;
while (source_.get_index() < length) {
GetSet();
GetSequence();
@ -694,13 +696,49 @@ void CertDecoder::GetName(NameType nt)
byte id = source_.next();
b = source_.next(); // strType
word32 strLen = GetLength(source_);
bool copy = false;
if (id == COMMON_NAME) {
char*& ptr = (nt == ISSUER) ? issuer_ : subject_;
ptr = NEW_TC char[strLen + 1];
memcpy(ptr, source_.get_current(), strLen);
ptr[strLen] = 0;
memcpy(&ptr[idx], "/CN=", 4);
idx += 4;
copy = true;
}
else if (id == SUR_NAME) {
memcpy(&ptr[idx], "/SN=", 4);
idx += 4;
copy = true;
}
else if (id == COUNTRY_NAME) {
memcpy(&ptr[idx], "/C=", 3);
idx += 3;
copy = true;
}
else if (id == LOCALITY_NAME) {
memcpy(&ptr[idx], "/L=", 3);
idx += 3;
copy = true;
}
else if (id == STATE_NAME) {
memcpy(&ptr[idx], "/ST=", 4);
idx += 4;
copy = true;
}
else if (id == ORG_NAME) {
memcpy(&ptr[idx], "/O=", 3);
idx += 3;
copy = true;
}
else if (id == ORGUNIT_NAME) {
memcpy(&ptr[idx], "/OU=", 4);
idx += 4;
copy = true;
}
if (copy) {
memcpy(&ptr[idx], source_.get_current(), strLen);
idx += strLen;
}
sha.Update(source_.get_current(), strLen);
source_.advance(strLen);
}
@ -711,6 +749,8 @@ void CertDecoder::GetName(NameType nt)
source_.advance(length);
}
}
ptr[idx++] = 0;
if (nt == ISSUER)
sha.Final(issuerHash_);
else
@ -744,6 +784,16 @@ void CertDecoder::GetDate(DateType dt)
source_.SetError(BEFORE_DATE_E);
else
source_.SetError(AFTER_DATE_E);
// save for later use
if (dt == BEFORE) {
memcpy(beforeDate_, date, length);
beforeDate_[length] = 0;
}
else { // after
memcpy(afterDate_, date, length);
afterDate_[length] = 0;
}
}

6
extra/yassl/taocrypt/src/integer.cpp
View file

@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b)
product.reg_.CleanNew(RoundupSize(aSize + bSize));
product.sign_ = Integer::POSITIVE;
WordBlock workspace(aSize + bSize);
AlignedWordBlock workspace(aSize + bSize);
AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(),
a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize);
}
@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient,
quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2));
quotient.sign_ = Integer::POSITIVE;
WordBlock T(aSize+2*bSize+4);
AlignedWordBlock T(aSize+2*bSize+4);
Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(),
T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(),
bSize);
@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const
return !u ? Zero() : (m*(*this-u)+1)/(*this);
}
WordBlock T(m.reg_.size() * 4);
AlignedWordBlock T(m.reg_.size() * 4);
Integer r((word)0, m.reg_.size());
unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(),
reg_.get_buffer(), reg_.size(),

3
extra/yassl/taocrypt/src/make.bat
View file

@ -1,8 +1,7 @@
# quick and dirty build file for testing different MSDEVs
REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2
#set myFLAGS= /I../include /I../../mySTL /c /W3 /O1
cl %myFLAGS% aes.cpp
cl %myFLAGS% aestables.cpp

9
extra/yassl/taocrypt/src/misc.cpp
View file

@ -25,6 +25,15 @@
#include "runtime.hpp"
#include "misc.hpp"
extern "C" {
// for libcurl configure test, these are the signatures they use
// locking handled internally by library
char CRYPTO_lock() { return 0;}
char CRYPTO_add_lock() { return 0;}
} // extern "C"
#ifdef YASSL_PURE_C
void* operator new(size_t sz, TaoCrypt::new_t)

2
extra/yassl/taocrypt/src/template_instnt.cpp
View file

@ -30,11 +30,11 @@
#include "sha.hpp"
#include "md5.hpp"
#include "hmac.hpp"
#include "ripemd.hpp"
#include "pwdbased.hpp"
#include "algebra.hpp"
#include "vector.hpp"
#include "hash.hpp"
#include "ripemd.hpp"
#ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
namespace TaoCrypt {

3
extra/yassl/taocrypt/taocrypt.dsp
View file

@ -64,7 +64,8 @@ LIB32=link.exe -lib
# PROP Intermediate_Dir "Debug"
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /FR /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
# SUBTRACT CPP /Fr
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe

2
extra/yassl/taocrypt/test/make.bat
View file

@ -1,4 +1,4 @@
# quick and dirty build file for testing different MSDEVs
REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2

2
extra/yassl/testsuite/make.bat
View file

@ -1,4 +1,4 @@
# quick and dirty build file for testing different MSDEVs
REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../taocrypt/include /I../mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER"

6
extra/yassl/testsuite/test.hpp
View file

@ -27,7 +27,7 @@
#endif /* _WIN32 */
#if defined(__MACH__) || defined(_WIN32)
#if !defined(_SOCKLEN_T) && (defined(__MACH__) || defined(_WIN32))
typedef int socklen_t;
#endif
@ -305,8 +305,8 @@ inline void showPeer(SSL* ssl)
char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
printf("peer's cert info:\n");
printf("issuer is: %s\n", issuer);
printf("subject is: %s\n", subject);
printf("issuer : %s\n", issuer);
printf("subject: %s\n", subject);
free(subject);
free(issuer);

7
extra/yassl/testsuite/testsuite.cpp
View file

@ -91,6 +91,7 @@ int main(int argc, char** argv)
assert(memcmp(input, output, sizeof(input)) == 0);
printf("\nAll tests passed!\n");
yaSSL_CleanUp();
return 0;
}
@ -146,10 +147,10 @@ int test_openSSL_des()
(byte*)key, iv);
byte cipher[16];
DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[8],
&key[16], &iv, true);
DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[1],
&key[2], &iv, true);
byte plain[16];
DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[8], &key[16],
DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[1], &key[2],
&iv, false);
return 0;
}

4
extra/yassl/testsuite/testsuite.dsp
View file

@ -42,7 +42,7 @@ RSC=rc.exe
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD CPP /nologo /MT /W3 /GX- /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
# ADD CPP /nologo /MT /W3 /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
# ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
@ -67,7 +67,7 @@ LINK32=link.exe
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /GX- /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe

4
include/mysql.h
View file

@ -149,7 +149,8 @@ enum mysql_option
MYSQL_OPT_WRITE_TIMEOUT, MYSQL_OPT_USE_RESULT,
MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION,
MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH,
MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT
MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT,
MYSQL_OPT_SSL_VERIFY_SERVER_CERT
};
struct st_mysql_options {
@ -164,6 +165,7 @@ struct st_mysql_options {
char *ssl_ca; /* PEM CA file */
char *ssl_capath; /* PEM directory of CA-s? */
char *ssl_cipher; /* cipher to use */
my_bool ssl_verify_server_cert; /* if to verify server cert */
char *shared_memory_base_name;
unsigned long max_allowed_packet;
my_bool use_ssl; /* if to use SSL or not */

7
include/sslopt-longopts.h
View file

@ -37,5 +37,10 @@
{"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).",
(gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
#ifdef MYSQL_CLIENT
{"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT,
"Verify servers \"Common Name\" in it's cert against hostname used when connecting. This option is disabled by default.",
(gptr*) &opt_ssl_verify_server_cert, (gptr*) &opt_ssl_verify_server_cert,
0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
#endif
#endif /* HAVE_OPENSSL */

3
include/sslopt-vars.h
View file

@ -21,4 +21,7 @@ static char *opt_ssl_cert = 0;
static char *opt_ssl_ca = 0;
static char *opt_ssl_capath = 0;
static char *opt_ssl_cipher = 0;
#ifdef MYSQL_CLIENT
static my_bool opt_ssl_verify_server_cert= 0;
#endif
#endif

27
include/violite.h
View file

@ -105,34 +105,23 @@ void vio_timeout(Vio *vio,uint which, uint timeout);
#include <openssl/ssl.h>
#include <openssl/err.h>
struct st_VioSSLAcceptorFd
struct st_VioSSLFd
{
SSL_CTX *ssl_context;
SSL_METHOD *ssl_method;
struct st_VioSSLAcceptorFd *session_id_context;
};
/* One copy for client */
struct st_VioSSLConnectorFd
{
SSL_CTX *ssl_context;
/* function pointers which are only once for SSL client */
SSL_METHOD *ssl_method;
};
int sslaccept(struct st_VioSSLFd*, Vio *, long timeout);
int sslconnect(struct st_VioSSLFd*, Vio *, long timeout);
int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout);
int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout);
struct st_VioSSLConnectorFd
struct st_VioSSLFd
*new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
const char *cipher);
struct st_VioSSLAcceptorFd
struct st_VioSSLFd
*new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
const char *ca_file,const char *ca_path,
const char *cipher);
Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state);
void free_vio_ssl_acceptor_fd(struct st_VioSSLAcceptorFd *fd);
void free_vio_ssl_acceptor_fd(struct st_VioSSLFd *fd);
#endif /* HAVE_OPENSSL */
#ifdef HAVE_SMEM
@ -141,6 +130,8 @@ int vio_write_shared_memory(Vio *vio, const gptr buf, int size);
int vio_close_shared_memory(Vio * vio);
#endif
void vio_end(void);
#ifdef __cplusplus
}
#endif
@ -205,7 +196,9 @@ struct st_vio
my_bool (*was_interrupted)(Vio*);
int (*vioclose)(Vio*);
void (*timeout)(Vio*, unsigned int which, unsigned int timeout);
#ifdef HAVE_OPENSSL
void *ssl_arg;
#endif
#ifdef HAVE_SMEM
HANDLE handle_file_map;
char *handle_map;

1
libmysql/libmysql.c
View file

@ -186,6 +186,7 @@ void STDCALL mysql_server_end()
mysql_thread_end();
finish_client_errs();
free_charsets();
vio_end();
mysql_client_init= org_my_init_done= 0;
#ifdef EMBEDDED_SERVER
if (stderror_file)

50
mysql-test/mysql-test-run.pl
View file

@ -134,7 +134,6 @@ our $glob_win32= 0; # OS and native Win32 executables
our $glob_win32_perl= 0; # ActiveState Win32 Perl
our $glob_cygwin_perl= 0; # Cygwin Perl
our $glob_cygwin_shell= undef;
our $glob_use_libtool= 1;
our $glob_mysql_test_dir= undef;
our $glob_mysql_bench_dir= undef;
our $glob_hostname= undef;
@ -192,6 +191,7 @@ our $exe_slave_mysqld;
our $exe_im;
our $exe_my_print_defaults;
our $lib_udf_example;
our $exe_libtool;
our $opt_bench= 0;
our $opt_small_bench= 0;
@ -390,7 +390,6 @@ sub main () {
check_ndbcluster_support(); # We check whether to actually use it later
check_ssl_support();
check_running_as_root();
environment_setup();
signal_setup();
@ -458,12 +457,6 @@ sub initial_setup () {
$glob_cygwin_perl= ($^O eq "cygwin");
$glob_win32= ($glob_win32_perl or $glob_cygwin_perl);
# Use libtool on all platforms except windows
if ( $glob_win32 )
{
$glob_use_libtool= 0;
}
# We require that we are in the "mysql-test" directory
# to run mysql-test-run
@ -1013,6 +1006,21 @@ sub snapshot_setup () {
sub executable_setup () {
#
# Check if libtool is available in this distribution/clone
# we need it when valgrinding or debugging non installed binary
# Otherwise valgrind will valgrind the libtool wrapper or bash
# and gdb will not find the real executable to debug
#
if ( -x "../libtool")
{
$exe_libtool= "../libtool";
if ($opt_valgrind or $glob_debugger)
{
mtr_report("Using \"$exe_libtool\" when running valgrind or debugger");
}
}
if ( $opt_source_dist )
{
if ( $glob_win32 )
@ -1375,7 +1383,7 @@ sub kill_and_cleanup () {
sub check_running_as_root () {
# Check if running as root
# i.e a file can be read regardless what mode we set it to
my $test_file= "test_running_as_root.txt";
my $test_file= "$opt_vardir/test_running_as_root.txt";
mtr_tofile($test_file, "MySQL");
chmod(oct("0000"), $test_file);
@ -1821,6 +1829,7 @@ sub initialize_servers () {
save_installed_db();
}
}
check_running_as_root();
}
}
@ -2869,6 +2878,15 @@ sub mysqld_start ($$$$$) {
$exe= undef;
}
if ($exe_libtool and $opt_valgrind)
{
# Add "libtool --mode-execute"
# if running in valgrind(to avoid valgrinding bash)
unshift(@$args, "--mode=execute", $exe);
$exe= $exe_libtool;
}
if ( $type eq 'master' )
{
if ( ! defined $exe or
@ -3403,12 +3421,12 @@ sub run_mysqltest ($) {
debugger_arguments(\$args, \$exe, "client");
}
if ($glob_use_libtool and $opt_valgrind)
if ($exe_libtool and $opt_valgrind)
{
# Add "libtool --mode-execute" before the test to execute
# if running in valgrind(to avoid valgrinding bash)
unshift(@$args, "--mode=execute", $exe);
$exe= "libtool";
$exe= $exe_libtool;
}
if ( $opt_check_testcases )
@ -3478,9 +3496,9 @@ sub gdb_arguments {
mtr_add_arg($$args, "$type");
mtr_add_arg($$args, "-e");
if ( $glob_use_libtool )
if ( $exe_libtool )
{
mtr_add_arg($$args, "libtool");
mtr_add_arg($$args, $exe_libtool);
mtr_add_arg($$args, "--mode=execute");
}
@ -3540,9 +3558,9 @@ sub ddd_arguments {
my $save_exe= $$exe;
$$args= [];
if ( $glob_use_libtool )
if ( $exe_libtool )
{
$$exe= "libtool";
$$exe= $exe_libtool;
mtr_add_arg($$args, "--mode=execute");
mtr_add_arg($$args, "ddd");
}
@ -3563,6 +3581,8 @@ sub debugger_arguments {
my $exe= shift;
my $debugger= $opt_debugger || $opt_client_debugger;
# FIXME Need to change the below "eq"'s to
# "case unsensitive string contains"
if ( $debugger eq "vcexpress" or $debugger eq "vc")
{
# vc[express] /debugexe exe arg1 .. argn

5
mysql-test/r/information_schema.result
View file

@ -1129,11 +1129,6 @@ DROP TABLE t1;
DROP VIEW v1;
DROP FUNCTION func1;
DROP FUNCTION func2;
create database mysqltest;
create table mysqltest.t1(a int);
select table_schema from information_schema.tables where table_schema='mysqltest';
table_schema
drop database mysqltest;
select column_type, group_concat(table_schema, '.', table_name), count(*) as num
from information_schema.columns where
table_schema='information_schema' and

5
mysql-test/r/information_schema_chmod.result Normal file
View file

@ -0,0 +1,5 @@
create database mysqltest;
create table mysqltest.t1(a int);
select table_schema from information_schema.tables where table_schema='mysqltest';
table_schema
drop database mysqltest;

11
mysql-test/r/openssl_1.result
View file

@ -3,8 +3,8 @@ create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
flush privileges;
SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value
@ -41,3 +41,10 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1
drop user ssl_user1@localhost, ssl_user2@localhost,
ssl_user3@localhost, ssl_user4@localhost;
drop table t1;
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
mysqltest: Could not open connection 'default': 2026 SSL connection error
Error when connection to server using SSL:Unable to get private key from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error
Error when connection to server using SSL:Unable to get certificate from ''
mysqltest: Could not open connection 'default': 2026 SSL connection error

34
mysql-test/std_data/cacert.pem
View file

@ -1,21 +1,17 @@
-----BEGIN CERTIFICATE-----
MIIDcTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux
EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB
YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0
Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYxNDE2WhcNMTMw
OTA5MTYxNDE2WjCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP
BgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9w
ZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNx
bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrT7zp5tp5djXp+TEQs
5ZEds1XUglp/EQUQ1FMMb1Xe6gqJsQ62O+jsUe0nrUjXBrUCUy49k6mcnmQtZREj
l1pWKmzx1fgcYpxTwxaY7IKB2jik5IWprhVPmSQ+AWss43oolXMZWR+csKehqm3j
+YNZc9NsR4ydE71l0VEtJEQvAgMBAAGjgegwgeUwHQYDVR0OBBYEFIiYZdnz8osD
HWZgYSP6rXNt02iSMIG1BgNVHSMEga0wgaqAFIiYZdnz8osDHWZgYSP6rXNt02iS
oYGOpIGLMIGIMQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UE
ChMITXlTUUwgQUIxITAfBgNVBAMTGEFic3RyYWN0IE15U1FMIERldmVsb3BlcjEx
MC8GCSqGSIb3DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNv
bYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAGIL22MCIU/0sKDp
pZIhoabvNVDTfuhtene+WBCrzCzGXPZjB4+b/KAJJNvOR4zi43Kk7euu+PENs9M7
nKpInMdhvT1RcCnUHJ3jBCvDDzXab2msqn3rxhwetWWbfE0OeEn/PoQcwiZCe7x5
h+Zz+oUbvsEe4DjtDVgG4UH9nSSS
MIICrTCCAhagAwIBAgIJAIAO/Ybiptv1MA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV
BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD
VQQKEwhNeVNRTCBBQjAeFw0wNjA1MDMwODQ4NTRaFw0wOTAxMjcwODQ4NTRaMEQx
CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh
MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+C46EQl1u7tQ6gb9eqc8V079gr8YmDPCEqtjO8bCIbchpjOpDITx0WZz36Sn9E72
GPJwNip4FxLaPRIA3xNQHM5cE5U53qznlRx1Fc4O3hcWCvyCqNDl/vzPAh3pI6Bl
Ku9hfHXpp93W812smVPe9haShEXGgbEPYGzvOfVdu/MCAwEAAaOBpjCBozAdBgNV
HQ4EFgQUjIy/6OCTmqtPHBFha6/qzVk3yTcwdAYDVR0jBG0wa4AUjIy/6OCTmqtP
HBFha6/qzVk3yTehSKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxh
MRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAIAO/Ybiptv1
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA8lD9zyB820Oq1aj7ZafX
De/hbdt9RIl2tzgw2K3r1KZGdXJVL0vSt5fZ51Nq9lg7OPJy3iXf+caBJEp0IJpB
uf4Gfr6zfXw+UlY6ZthRtHQHoXKcbskECjH5/ps/Uaa+dpVQ9O+Ii1rPzmgo6ztM
s+xZ46ESBt4WiHXm8kwbU9Y=
-----END CERTIFICATE-----

87
mysql-test/std_data/client-cert.pem
View file

@ -1,67 +1,42 @@
Certificate:
Data:
Version: 3 (0x2)
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
Validity
Not Before: Sep 12 16:21:19 2003 GMT
Not After : Sep 9 16:21:19 2013 GMT
Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Client/Email=abstract.mysql.developer@mysql.com
Not Before: May 3 08:55:39 2006 GMT
Not After : Jan 27 08:55:39 2009 GMT
Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c4:03:0a:ee:e3:b1:12:fc:ee:b4:19:f4:e1:60:
1d:e0:28:c3:96:2d:df:82:69:cd:74:7c:54:58:d0:
ae:b3:59:3f:0c:19:1c:99:10:a6:12:c9:cf:3a:64:
05:43:8e:bf:d2:65:36:80:91:0b:65:b0:27:26:38:
c9:23:d8:36:a2:4a:f0:f7:c0:2f:68:38:70:01:27:
29:ff:b2:c5:52:e1:6b:f1:c8:d7:c3:5c:ee:f0:37:
6c:2a:9b:96:1a:05:9e:eb:33:a2:39:5a:77:66:62:
27:75:1f:2f:6f:38:da:e5:9f:78:af:ca:6b:22:3f:
57:2b:bc:a6:8f:47:d1:99:6f
RSA Public Key: (512 bit)
Modulus (512 bit):
00:d8:db:68:28:49:84:4d:d6:0f:5c:bc:3d:9a:ab:
70:d5:3e:f5:b5:17:ba:ef:e1:f8:87:54:30:22:1f:
81:07:bf:f9:24:7f:8a:54:10:e9:5f:e6:99:50:04:
d4:3b:55:a9:f1:52:ad:12:2b:5a:da:5c:be:8c:3e:
5b:9e:b0:5a:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
80:81:A9:22:EB:AB:D6:CA:7E:3F:8D:BB:D1:AC:2A:F4:87:9D:13:29
X509v3 Authority Key Identifier:
keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92
DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
serial:00
Signature Algorithm: md5WithRSAEncryption
86:17:1c:f3:9f:10:1b:75:47:03:ca:54:ea:ef:f7:15:54:8d:
8f:58:c9:64:7d:de:2e:bf:ea:a6:5d:72:56:c9:81:be:bb:1c:
78:a5:91:d6:f8:77:df:9d:d2:cb:94:d9:06:61:4f:05:21:22:
2a:ea:9e:c3:8b:4d:fe:94:c7:98:61:cd:7e:88:19:c9:92:01:
1f:10:5b:c6:16:95:99:9b:32:01:3a:89:df:fa:0a:89:ac:fa:
b5:40:55:7a:ca:0a:bd:5d:8b:06:d8:7e:e1:44:8c:70:c8:63:
c7:77:6a:37:3d:a4:ac:57:dc:00:c1:c1:f3:72:17:5b:50:95:
ee:b7
07:57:bf:07:92:c2:8e:86:24:6b:0a:bf:e5:31:21:44:c3:60:
02:a6:ac:9e:f7:db:7a:6e:fc:4f:d4:7b:54:18:80:47:d2:4a:
63:0e:e3:f8:af:6e:58:e3:97:5a:2b:82:5d:76:20:d1:33:a0:
f5:43:a1:d1:51:f4:ca:c8:b3:1a:66:4e:0e:55:df:d2:e8:fa:
83:18:42:f5:ec:66:40:f0:39:e8:f9:d7:cf:f6:dd:e4:7b:69:
dd:0c:92:d8:52:95:43:6f:29:3d:f0:8d:4c:dd:52:ea:6b:a0:
39:0f:dc:59:a7:5c:37:6b:8b:05:44:b7:69:ea:a3:58:e0:4e:
ce:d6
-----BEGIN CERTIFICATE-----
MIIDkTCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux
EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB
YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0
Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMTE5WhcNMTMw
OTA5MTYyMTE5WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G
A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIENsaWVudDExMC8GCSqGSIb3
DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAxAMK7uOxEvzutBn04WAd4CjDli3fgmnNdHxU
WNCus1k/DBkcmRCmEsnPOmQFQ46/0mU2gJELZbAnJjjJI9g2okrw98AvaDhwAScp
/7LFUuFr8cjXw1zu8DdsKpuWGgWe6zOiOVp3ZmIndR8vbzja5Z94r8prIj9XK7ym
j0fRmW8CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSAgaki66vWyn4/
jbvRrCr0h50TKTCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB
jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT
CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv
BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C
AQAwDQYJKoZIhvcNAQEEBQADgYEAhhcc858QG3VHA8pU6u/3FVSNj1jJZH3eLr/q
pl1yVsmBvrsceKWR1vh3353Sy5TZBmFPBSEiKuqew4tN/pTHmGHNfogZyZIBHxBb
xhaVmZsyATqJ3/oKiaz6tUBVesoKvV2LBth+4USMcMhjx3dqNz2krFfcAMHB83IX
W1CV7rc=
MIIB5jCCAU8CAQEwDQYJKoZIhvcNAQEEBQAwRDELMAkGA1UEBhMCU0UxEDAOBgNV
BAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFC
MB4XDTA2MDUwMzA4NTUzOVoXDTA5MDEyNzA4NTUzOVowdzELMAkGA1UEBhMCU0Ux
EDAOBgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15
U1FMIEFCMTEwLwYJKoZIhvcNAQkBFiJhYnN0cmFjdC5teXNxbC5kZXZlbG9wZXJA
bXlzcWwuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANjbaChJhE3WD1y8PZqr
cNU+9bUXuu/h+IdUMCIfgQe/+SR/ilQQ6V/mmVAE1DtVqfFSrRIrWtpcvow+W56w
WhkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAHV78HksKOhiRrCr/lMSFEw2ACpqye
99t6bvxP1HtUGIBH0kpjDuP4r25Y45daK4JddiDRM6D1Q6HRUfTKyLMaZk4OVd/S
6PqDGEL17GZA8Dno+dfP9t3ke2ndDJLYUpVDbyk98I1M3VLqa6A5D9xZp1w3a4sF
RLdp6qNY4E7O1g==
-----END CERTIFICATE-----

20
mysql-test/std_data/client-key.pem
View file

@ -1,15 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDEAwru47ES/O60GfThYB3gKMOWLd+Cac10fFRY0K6zWT8MGRyZ
EKYSyc86ZAVDjr/SZTaAkQtlsCcmOMkj2DaiSvD3wC9oOHABJyn/ssVS4WvxyNfD
XO7wN2wqm5YaBZ7rM6I5WndmYid1Hy9vONrln3ivymsiP1crvKaPR9GZbwIDAQAB
AoGAcR7IaoGhKbIrGGl6d67+zuT3q24h9aOV3Mn7653TlNHGnvbHGFcRYPpyy+H5
X7m8XnHm+F+80hzNGzPecP9Q12oPOyoZgeQn6bTK73OFkNcX7FAkNdyH4xVhf2aK
YOzTcQfq3gRCqXtVIg4qBShTMjJLE31R8H430Or62XmJgFECQQDjP+Kz+ecQwuTB
HADLm+GQgceIB1kLgdQoZ3deUxGvqtVImuDRViSM0F2srfJ4GfkEDhc27UI5f6ir
ZTOw4ww7AkEA3M9wCPgWNtbOXbYjaNA0IzHcjMDxQDVvJAmb3EiZlKQp4EfrESxR
ly/u08TyfwrK6q5WS7xE0ad8+95G1af4XQJBAI9+3ME20SB1YItMCniHYwSj3oHX
2fN5NKWax/Zoz+c0IV+qZMHq+kNso2oRoOUTyXk1CJWndcTnBnPMALr2c9cCQQCZ
VL7Cq6uZVx6kemcqUHH0AprZbt3YLYLI7pc5p3xmeHzPzoEQQstBhjp8+aU+zPrN
blRkcQ8E2x5yNA7SLLrNAkAhzkA+EK8hc0f9W3ncy+py0Rn0i5Ay0N3T715vkThf
CfOHE3L91dLlmYpL5xVqOpugY/2sHyxwctv97DgS6tHZ
MIIBOgIBAAJBANjbaChJhE3WD1y8PZqrcNU+9bUXuu/h+IdUMCIfgQe/+SR/ilQQ
6V/mmVAE1DtVqfFSrRIrWtpcvow+W56wWhkCAwEAAQJAK27WT6tZylUjQomZNQ89
TBiOEbUtBbqWklQ0R8FTkH9uKV+8KYQ+k+tMkoAEGFfChB0YfofNQ2KZYWWw4yOB
WQIhAPXXDQt73aou10s+cmKM3C3WzLmIZtrvm9wNBXWDGxgTAiEA4dG4cXrZfa1M
TTbjzNU1/Jf50/M8SvZDWMPQWxJ8oqMCIH6zBpYUkHlVCsBMvsbrsc4uFfTIx7mu
I7WVQGr/1sbhAiBf4uFirjtztgZUMx5/d3k5DH80lG/hlLf8FQl/4lWx6QIhAPHw
CXfPUbUFl4r/i9Br5+exGol50qX4F3aP5Sh5EnZT
-----END RSA PRIVATE KEY-----

89
mysql-test/std_data/server-cert.pem
View file

@ -1,67 +1,42 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
Validity
Not Before: Sep 12 16:22:06 2003 GMT
Not After : Sep 9 16:22:06 2013 GMT
Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Server/Email=abstract.mysql.developer@mysql.com
Not Before: May 3 08:54:13 2006 GMT
Not After : Jan 27 08:54:13 2009 GMT
Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:e9:86:7a:55:84:88:4c:be:a4:f8:92:73:30:12:
49:0b:7a:85:87:39:34:39:0d:7d:0b:8d:18:c2:17:
95:13:52:d2:3f:55:10:57:c8:3f:5a:f5:b2:fa:8b:
d0:67:49:cc:aa:82:fc:9f:ce:00:b4:73:f3:36:d2:
3a:d3:c2:b0:0e:14:c3:d4:b2:21:74:a1:f0:31:81:
60:87:98:73:5c:10:c1:b1:1a:4d:f1:f3:b0:98:3f:
f0:d7:97:9b:2b:fd:d5:21:79:b2:2f:eb:64:15:c9:
9b:9d:fc:9e:2d:d4:f8:04:5b:ea:a9:75:4b:42:c3:
3d:0e:4d:2a:a8:b8:ca:99:8d
RSA Public Key: (512 bit)
Modulus (512 bit):
00:d9:fd:da:b3:fb:7c:e0:b0:03:be:97:c6:a4:36:
ac:71:af:bb:2d:e5:84:ed:f3:8f:2b:eb:11:e5:aa:
66:ed:bf:62:6b:e3:ce:fa:80:ed:90:ff:b9:4a:39:
20:40:b6:f2:99:bf:2f:33:b5:f2:ec:3a:90:60:1d:
9e:94:7e:a4:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
6E:E4:9B:6A:C5:EA:E4:E6:C7:EF:D7:1E:C8:63:45:60:2B:1B:D4:D4
X509v3 Authority Key Identifier:
keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92
DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com
serial:00
Signature Algorithm: md5WithRSAEncryption
31:77:69:b9:bd:ab:29:f3:fc:5a:09:16:6f:5d:42:ea:ba:01:
55:69:e3:75:cf:b8:d1:b7:b9:bf:da:63:85:8c:48:92:06:60:
76:97:e0:00:78:4b:ad:da:ab:6a:90:6d:8b:03:a8:b1:e9:09:
78:e1:29:98:56:12:60:6b:42:fe:e8:a7:c4:f8:d6:15:07:e8:
2b:c2:d8:8a:e5:1b:2e:51:08:9b:56:e3:b3:7a:4c:3e:e5:be:
4a:4d:f8:65:7b:a8:21:e0:ca:fe:8b:ab:d7:ec:f2:2d:f7:d0:
bf:d7:c5:23:1c:08:d8:aa:57:c7:f3:5f:ba:33:3f:78:d1:f4:
8e:5e
de:5e:35:cd:7b:11:e6:7c:c5:7c:d6:27:4e:72:12:49:42:eb:
6f:2c:96:f3:f4:00:78:a7:4f:9f:2d:7b:d7:30:39:af:49:4d:
df:b1:55:0d:30:be:23:6f:06:67:fd:dd:ba:98:66:36:c6:32:
b7:ed:63:fc:aa:49:cd:4f:72:98:3b:13:0e:f6:28:d7:d4:eb:
04:6b:dc:e8:c7:04:80:92:e4:04:86:0b:ed:32:25:76:1d:a9:
5c:a9:2c:18:2c:bd:bc:15:ed:e1:76:96:4d:bb:0d:41:44:06:
2c:ad:45:bb:db:61:ad:17:11:cb:49:70:67:eb:c6:27:d3:91:
c8:f2
-----BEGIN CERTIFICATE-----
MIIDkTCCAvqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux
EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB
YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0
Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMjA2WhcNMTMw
OTA5MTYyMjA2WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G
A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIFNlcnZlcjExMC8GCSqGSIb3
DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA6YZ6VYSITL6k+JJzMBJJC3qFhzk0OQ19C40Y
wheVE1LSP1UQV8g/WvWy+ovQZ0nMqoL8n84AtHPzNtI608KwDhTD1LIhdKHwMYFg
h5hzXBDBsRpN8fOwmD/w15ebK/3VIXmyL+tkFcmbnfyeLdT4BFvqqXVLQsM9Dk0q
qLjKmY0CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRu5Jtqxerk5sfv
1x7IY0VgKxvU1DCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB
jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT
CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv
BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C
AQAwDQYJKoZIhvcNAQEEBQADgYEAMXdpub2rKfP8WgkWb11C6roBVWnjdc+40be5
v9pjhYxIkgZgdpfgAHhLrdqrapBtiwOosekJeOEpmFYSYGtC/uinxPjWFQfoK8LY
iuUbLlEIm1bjs3pMPuW+Sk34ZXuoIeDK/our1+zyLffQv9fFIxwI2KpXx/NfujM/
eNH0jl4=
MIIB+zCCAWQCAQEwDQYJKoZIhvcNAQEEBQAwRDELMAkGA1UEBhMCU0UxEDAOBgNV
BAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFC
MB4XDTA2MDUwMzA4NTQxM1oXDTA5MDEyNzA4NTQxM1owgYsxCzAJBgNVBAYTAlNF
MRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhN
eVNRTCBBQjESMBAGA1UEAxMJbG9jYWxob3N0MTEwLwYJKoZIhvcNAQkBFiJhYnN0
cmFjdC5teXNxbC5kZXZlbG9wZXJAbXlzcWwuY29tMFwwDQYJKoZIhvcNAQEBBQAD
SwAwSAJBANn92rP7fOCwA76XxqQ2rHGvuy3lhO3zjyvrEeWqZu2/YmvjzvqA7ZD/
uUo5IEC28pm/LzO18uw6kGAdnpR+pBsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQDe
XjXNexHmfMV81idOchJJQutvLJbz9AB4p0+fLXvXMDmvSU3fsVUNML4jbwZn/d26
mGY2xjK37WP8qknNT3KYOxMO9ijX1OsEa9zoxwSAkuQEhgvtMiV2HalcqSwYLL28
Fe3hdpZNuw1BRAYsrUW722GtFxHLSXBn68Yn05HI8g==
-----END CERTIFICATE-----

20
mysql-test/std_data/server-key.pem
View file

@ -1,15 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDphnpVhIhMvqT4knMwEkkLeoWHOTQ5DX0LjRjCF5UTUtI/VRBX
yD9a9bL6i9BnScyqgvyfzgC0c/M20jrTwrAOFMPUsiF0ofAxgWCHmHNcEMGxGk3x
87CYP/DXl5sr/dUhebIv62QVyZud/J4t1PgEW+qpdUtCwz0OTSqouMqZjQIDAQAB
AoGBALTq11nrjIEQbdSZ+R1z/R0kddB2U+wjdA3/6P9tr7PBxVsFdtzbKaI5mcib
iwCKX0J2qmrP+SHUdsexBZxLR4KV/Z55v9Pym99Dy+DxDA95zURyCMKRBIzlU5uN
F7USEQoltLUCsmZwNWdit0gfxSWdddkHNuI0uxTzHwuDcUlNAkEA/76zVremngNL
DlekM9NPn/8E/TXBHN1b1jdUKd7WymSJykdcm3viU98dFNZFWF8B0jiTcuBKXgpR
vTShNab/swJBAOnCGp554BLhioTyyk8qjRLt3xEsjsDljJULHVLYWcUqIkMf97GL
VLBhl6ZEI9i0WduqvgZ+Bacd0uHqIHz1Yb8CQQDm1CjqTDiGxlIoT9JVNJTZxEOs
h6gVdXY+kxHT+N3FL5luiZp8fAR7zxVgiUVtzdLG+2madfapiobcT3RyCJkhAkBI
64AaR7KasTjg2Ew7/e4cJZAcb2XozrLYG6t+GHeIhehCQEqoW+qDSy5fc4orI7eU
SuMUa2OgCjGqv7p6wKFJAkEAznmum/MbVOBpC4FsdnIGkxyFKIbh2OLY2aUb2KkK
Ouf4S8Y5Ldgszi0fnDPRaxWJzewwZKvcff2zj+mYZeAXbA==
MIIBOgIBAAJBANn92rP7fOCwA76XxqQ2rHGvuy3lhO3zjyvrEeWqZu2/YmvjzvqA
7ZD/uUo5IEC28pm/LzO18uw6kGAdnpR+pBsCAwEAAQJBAMieYdpmRoUaODf9wqh6
ULXH/sG8i1vaXRcUHcJ50oRVfVK8/tGGvUuTDu6MeINTdahNDlYfjwOjKWVXys1w
h6ECIQDs6s7DfczK2bKCLt0zqg24mZL3rOpGmDU+TatwN1yVgwIhAOuMzdVTX39p
328+5WxJvBOFfxmSmqdDhIFpnRMvgguJAiByvKjT/km+970+1OllyvaIL0AA2OpA
tBgdC0p6tyUMdwIgKuHAWzTJbu28UolVxQgLaFZmVCZ/ZzIAfnrWsLZ2a1kCIBq/
ywJ2cpyFlgazu8AH6KCQa0ok9s70ElaB6FEC85Al
-----END RSA PRIVATE KEY-----

53
mysql-test/std_data/untrusted-cacert.pem Normal file
View file

@ -0,0 +1,53 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 20:12:32 2005 GMT
Not After : Oct 15 20:12:32 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6:
90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26:
c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7:
6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34:
7d:79:97:5e:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
X509v3 Authority Key Identifier:
keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d:
28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29:
a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47:
03:ea:0b:4c:67:45:4b:ab:f3:39
-----BEGIN CERTIFICATE-----
MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3
MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy
W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h
AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV
HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG
EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21
86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk=
-----END CERTIFICATE-----

1
mysql-test/t/disabled.def
View file

@ -35,7 +35,6 @@ rpl_row_blob_innodb : BUG#18980 2006-04-10 kent Test fails randomly
rpl_row_func003 : BUG#19074 2006-13-04 andrei test failed
rpl_row_inexist_tbl : BUG#18948 2006-03-09 mats Disabled since patch makes this test wait forever
rpl_sp : BUG#16456 2006-02-16 jmiller
udf : BUG#18564 2006-03-27 ian (Permission by Brian)
# the below testcase have been reworked to avoid the bug, test contains comment, keep bug open
#ndb_binlog_ddl_multi : BUG#18976 2006-04-10 kent CRBR: multiple binlog, second binlog may miss schema log events

9
mysql-test/t/information_schema.test
View file

@ -797,15 +797,6 @@ DROP VIEW v1;
DROP FUNCTION func1;
DROP FUNCTION func2;
#
# Bug #15851 Unlistable directories yield no info from information_schema
#
create database mysqltest;
create table mysqltest.t1(a int);
--exec chmod -r $MYSQLTEST_VARDIR/master-data/mysqltest
select table_schema from information_schema.tables where table_schema='mysqltest';
--exec chmod +r $MYSQLTEST_VARDIR/master-data/mysqltest
drop database mysqltest;
#
# Bug#15307 GROUP_CONCAT() with ORDER BY returns empty set on information_schema

20
mysql-test/t/information_schema_chmod.test Normal file
View file

@ -0,0 +1,20 @@
#
# Due to "Bug#18474 Unlistable directories yield no info from
# information_schema, part2" this test can't be run on Window with our
# current test framework. When "chmod -r" is done within cygwin the
# MySQL Server can still read the directory.
# Manual testing shows the functionalty to skip unlistable directories
# works on windows
#
--source include/not_windows.inc
#
# Bug #15851 Unlistable directories yield no info from information_schema
#
create database mysqltest;
create table mysqltest.t1(a int);
--exec chmod -r $MYSQLTEST_VARDIR/master-data/mysqltest
select table_schema from information_schema.tables where table_schema='mysqltest';
--exec chmod +r $MYSQLTEST_VARDIR/master-data/mysqltest
drop database mysqltest;

42
mysql-test/t/openssl_1.test
View file

@ -10,8 +10,8 @@ insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";
flush privileges;
connect (con1,localhost,ssl_user1,,,,,SSL);
@ -54,3 +54,41 @@ ssl_user3@localhost, ssl_user4@localhost;
drop table t1;
# End of 4.1 tests
#
# Test that we can't open connection to server if we are using
# a different cacert
#
--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql
--error 1
--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank ca
#
--error 1
--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a nonexistent ca file
#
--error 1
--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank client-key
#
--error 1
--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
#
# Test that we can't open connection to server if we are using
# a blank client-cert
#
--error 1
--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1

126
sql-common/client.c
View file

@ -1495,6 +1495,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
mysql->options.ssl_ca= strdup_if_not_null(ca);
mysql->options.ssl_capath= strdup_if_not_null(capath);
mysql->options.ssl_cipher= strdup_if_not_null(cipher);
mysql->options.ssl_verify_server_cert= FALSE; /* Off by default */
#endif /* HAVE_OPENSSL */
DBUG_RETURN(0);
}
@ -1509,17 +1510,16 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
static void
mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
{
struct st_VioSSLConnectorFd *st=
(struct st_VioSSLConnectorFd*) mysql->connector_fd;
struct st_VioSSLFd *ssl_fd= (struct st_VioSSLFd*) mysql->connector_fd;
DBUG_ENTER("mysql_ssl_free");
my_free(mysql->options.ssl_key, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.ssl_cert, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.ssl_ca, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.ssl_capath, MYF(MY_ALLOW_ZERO_PTR));
my_free(mysql->options.ssl_cipher, MYF(MY_ALLOW_ZERO_PTR));
if (st)
SSL_CTX_free(st->ssl_context);
my_free(mysql->options.ssl_cipher, MYF(MY_ALLOW_ZERO_PTR));
if (ssl_fd)
SSL_CTX_free(ssl_fd->ssl_context);
my_free(mysql->connector_fd,MYF(MY_ALLOW_ZERO_PTR));
mysql->options.ssl_key = 0;
mysql->options.ssl_cert = 0;
@ -1551,6 +1551,77 @@ mysql_get_ssl_cipher(MYSQL *mysql)
DBUG_RETURN(NULL);
}
/*
Check the server's (subject) Common Name against the
hostname we connected to
SYNOPSIS
ssl_verify_server_cert()
vio pointer to a SSL connected vio
server_hostname name of the server that we connected to
RETURN VALUES
0 Success
1 Failed to validate server
*/
static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
{
SSL *ssl;
X509 *server_cert;
char *cp1, *cp2;
char buf[256];
DBUG_ENTER("ssl_verify_server_cert");
DBUG_PRINT("enter", ("server_hostname: %s", server_hostname));
if (!(ssl= (SSL*)vio->ssl_arg))
{
DBUG_PRINT("error", ("No SSL pointer found"));
DBUG_RETURN(1);
}
if (!server_hostname)
{
DBUG_PRINT("error", ("No server hostname supplied"));
DBUG_RETURN(1);
}
if (!(server_cert= SSL_get_peer_certificate(ssl)))
{
DBUG_PRINT("error", ("Could not get server certificate"));
DBUG_RETURN(1);
}
/*
We already know that the certificate exchanged was valid; the SSL library
handled that. Now we need to verify that the contents of the certificate
are what we expect.
*/
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
X509_free (server_cert);
DBUG_PRINT("info", ("hostname in cert: %s", buf));
cp1= strstr(buf, "/CN=");
if (cp1)
{
cp1+= 4; /* Skip the "/CN=" that we found */
/* Search for next / which might be the delimiter for email */
cp2= strchr(cp1, '/');
if (cp2)
*cp2= '\0';
DBUG_PRINT("info", ("Server hostname in cert: %s", cp1));
if (!strcmp(cp1, server_hostname))
{
/* Success */
DBUG_RETURN(0);
}
}
DBUG_PRINT("error", ("SSL certificate validation failure"));
DBUG_RETURN(1);
}
#endif /* HAVE_OPENSSL */
@ -1584,7 +1655,6 @@ static MYSQL_METHODS client_methods=
#endif
};
MYSQL *
CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db,
@ -2029,37 +2099,52 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
mysql->client_flag=client_flag;
#ifdef HAVE_OPENSSL
/*
Oops.. are we careful enough to not send ANY information without
encryption?
*/
if (client_flag & CLIENT_SSL)
{
/* Do the SSL layering. */
struct st_mysql_options *options= &mysql->options;
struct st_VioSSLFd *ssl_fd;
/*
Send client_flag, max_packet_size - unencrypted otherwise
the server does not know we want to do SSL
*/
if (my_net_write(net,buff,(uint) (end-buff)) || net_flush(net))
{
set_mysql_error(mysql, CR_SERVER_LOST, unknown_sqlstate);
goto error;
}
/* Do the SSL layering. */
if (!(mysql->connector_fd=
(gptr) new_VioSSLConnectorFd(options->ssl_key,
options->ssl_cert,
options->ssl_ca,
options->ssl_capath,
options->ssl_cipher)))
/* Create the VioSSLConnectorFd - init SSL and load certs */
if (!(ssl_fd= new_VioSSLConnectorFd(options->ssl_key,
options->ssl_cert,
options->ssl_ca,
options->ssl_capath,
options->ssl_cipher)))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
goto error;
}
mysql->connector_fd= (void*)ssl_fd;
/* Connect to the server */
DBUG_PRINT("info", ("IO layer change in progress..."));
if (sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),
mysql->net.vio, (long) (mysql->options.connect_timeout)))
if (sslconnect(ssl_fd, mysql->net.vio,
(long) (mysql->options.connect_timeout)))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
goto error;
}
DBUG_PRINT("info", ("IO layer change done!"));
/* Verify server cert */
if (mysql->options.ssl_verify_server_cert &&
ssl_verify_server_cert(mysql->net.vio, mysql->host))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
goto error;
}
}
#endif /* HAVE_OPENSSL */
@ -2799,6 +2884,9 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg)
case MYSQL_OPT_RECONNECT:
mysql->reconnect= *(my_bool *) arg;
break;
case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
mysql->options.ssl_verify_server_cert= *(my_bool *) arg;
break;
default:
DBUG_RETURN(1);
}

15
sql/item_func.cc
View file

@ -2736,9 +2736,10 @@ String *udf_handler::val_str(String *str,String *save_str)
{
uchar is_null_tmp=0;
ulong res_length;
DBUG_ENTER("udf_handler::val_str");
if (get_arguments())
return 0;
DBUG_RETURN(0);
char * (*func)(UDF_INIT *, UDF_ARGS *, char *, ulong *, uchar *, uchar *)=
(char* (*)(UDF_INIT *, UDF_ARGS *, char *, ulong *, uchar *, uchar *))
u_d->func;
@ -2748,22 +2749,26 @@ String *udf_handler::val_str(String *str,String *save_str)
if (str->alloc(MAX_FIELD_WIDTH))
{
error=1;
return 0;
DBUG_RETURN(0);
}
}
char *res=func(&initid, &f_args, (char*) str->ptr(), &res_length,
&is_null_tmp, &error);
DBUG_PRINT("info", ("udf func returned, res_length: %lu", res_length));
if (is_null_tmp || !res || error) // The !res is for safety
{
return 0;
DBUG_PRINT("info", ("Null or error"));
DBUG_RETURN(0);
}
if (res == str->ptr())
{
str->length(res_length);
return str;
DBUG_PRINT("exit", ("str: %s", str->ptr()));
DBUG_RETURN(str);
}
save_str->set(res, res_length, str->charset());
return save_str;
DBUG_PRINT("exit", ("save_str: %s", save_str->ptr()));
DBUG_RETURN(save_str);
}

2
sql/mysql_priv.h
View file

@ -1644,7 +1644,7 @@ extern pthread_t signal_thread;
#endif
#ifdef HAVE_OPENSSL
extern struct st_VioSSLAcceptorFd * ssl_acceptor_fd;
extern struct st_VioSSLFd * ssl_acceptor_fd;
#endif /* HAVE_OPENSSL */
MYSQL_LOCK *mysql_lock_tables(THD *thd, TABLE **table, uint count,

3
sql/mysqld.cc
View file

@ -710,7 +710,7 @@ static void openssl_lock(int, openssl_lock_t *, const char *, int);
static unsigned long openssl_id_function();
#endif
char *des_key_file;
struct st_VioSSLAcceptorFd *ssl_acceptor_fd;
struct st_VioSSLFd *ssl_acceptor_fd;
#endif /* HAVE_OPENSSL */
@ -1219,6 +1219,7 @@ void clean_up(bool print_message)
delete binlog_filter;
delete rpl_filter;
end_ssl();
vio_end();
#ifdef USE_REGEX
my_regex_end();
#endif

4
sql/sql_acl.cc
View file

@ -987,8 +987,8 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh,
if (acl_user->x509_issuer)
{
DBUG_PRINT("info",("checkpoint 3"));
char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
acl_user->x509_issuer, ptr));
if (strcmp(acl_user->x509_issuer, ptr))
{

2
sql/udf_example.cc
View file

@ -344,7 +344,7 @@ char *metaphon(UDF_INIT *initid, UDF_ARGS *args, char *result,
KSflag = 0; /* state flag for KS translation */
for (metaph_end = result + MAXMETAPH, n_start = n;
n <= n_end && result < metaph_end; n++ )
n < n_end && result < metaph_end; n++ )
{
if ( KSflag )

2
storage/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp
View file

@ -179,7 +179,7 @@ Dbtc::Dbtc(Block_context& ctx):
ndb_mgm_get_int_parameter(p, CFG_DB_TRANS_BUFFER_MEM,
&transactionBufferMemory);
ndb_mgm_get_int_parameter(p, CFG_DB_NO_UNIQUE_HASH_INDEXES,
ndb_mgm_get_int_parameter(p, CFG_DICT_TABLE,
&maxNoOfIndexes);
ndb_mgm_get_int_parameter(p, CFG_DB_NO_INDEX_OPS,
&maxNoOfConcurrentIndexOperations);

4
vio/test-ssl.c
View file

@ -57,8 +57,8 @@ main(int argc, char** argv)
char* cipher=0;
int child_pid,sv[2];
my_bool unused;
struct st_VioSSLAcceptorFd* ssl_acceptor=0;
struct st_VioSSLConnectorFd* ssl_connector=0;
struct st_VioSSLFd* ssl_acceptor= 0;
struct st_VioSSLFd* ssl_connector= 0;
Vio* client_vio=0, *server_vio=0;
MY_INIT(argv[0]);
DBUG_PROCESS(argv[0]);

2
vio/test-sslclient.c
View file

@ -46,7 +46,7 @@ main( int argc __attribute__((unused)),
{
char client_key[] = "../SSL/client-key.pem", client_cert[] = "../SSL/client-cert.pem";
char ca_file[] = "../SSL/cacert.pem", *ca_path = 0, *cipher=0;
struct st_VioSSLConnectorFd* ssl_connector=0;
struct st_VioSSLFd* ssl_connector= 0;
struct sockaddr_in sa;
Vio* client_vio=0;
int err;

4
vio/test-sslserver.c
View file

@ -44,7 +44,7 @@ fatal_error( const char* r)
typedef struct {
int sd;
struct st_VioSSLAcceptorFd* ssl_acceptor;
struct st_VioSSLFd* ssl_acceptor;
} TH_ARGS;
static void
@ -82,7 +82,7 @@ main(int argc __attribute__((unused)), char** argv)
char ca_file[] = "../SSL/cacert.pem",
*ca_path = 0,
*cipher = 0;
struct st_VioSSLAcceptorFd* ssl_acceptor;
struct st_VioSSLFd* ssl_acceptor;
pthread_t th;
TH_ARGS th_args;

29
vio/vio.c
View file

@ -88,19 +88,19 @@ static void vio_init(Vio* vio, enum enum_vio_type type,
if (type == VIO_TYPE_SSL)
{
vio->viodelete =vio_delete;
vio->vioerrno =vio_ssl_errno;
vio->vioerrno =vio_errno;
vio->read =vio_ssl_read;
vio->write =vio_ssl_write;
vio->fastsend =vio_ssl_fastsend;
vio->viokeepalive =vio_ssl_keepalive;
vio->should_retry =vio_ssl_should_retry;
vio->was_interrupted=vio_ssl_was_interrupted;
vio->fastsend =vio_fastsend;
vio->viokeepalive =vio_keepalive;
vio->should_retry =vio_should_retry;
vio->was_interrupted=vio_was_interrupted;
vio->vioclose =vio_ssl_close;
vio->peer_addr =vio_ssl_peer_addr;
vio->in_addr =vio_ssl_in_addr;
vio->peer_addr =vio_peer_addr;
vio->in_addr =vio_in_addr;
vio->vioblocking =vio_ssl_blocking;
vio->is_blocking =vio_is_blocking;
vio->timeout =vio_ssl_timeout;
vio->timeout =vio_timeout;
}
else /* default is VIO_TYPE_TCPIP */
#endif /* HAVE_OPENSSL */
@ -233,3 +233,16 @@ void vio_delete(Vio* vio)
my_free((gptr) vio,MYF(0));
}
}
/*
Cleanup memory allocated by vio or the
components below it when application finish
*/
void vio_end(void)
{
#ifdef HAVE_YASSL
yaSSL_CleanUp();
#endif
}

20
vio/vio_priv.h
View file

@ -30,28 +30,10 @@ void vio_ignore_timeout(Vio *vio, uint which, uint timeout);
int vio_ssl_read(Vio *vio,gptr buf, int size);
int vio_ssl_write(Vio *vio,const gptr buf,int size);
void vio_ssl_timeout(Vio *vio, uint which, uint timeout);
/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */
int vio_ssl_fastsend(Vio *vio);
/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */
int vio_ssl_keepalive(Vio *vio, my_bool onoff);
/* Whenever we should retry the last read/write operation. */
my_bool vio_ssl_should_retry(Vio *vio);
/* Check that operation was timed out */
my_bool vio_ssl_was_interrupted(Vio *vio);
/* When the workday is over... */
int vio_ssl_close(Vio *vio);
/* Return last error number */
int vio_ssl_errno(Vio *vio);
my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port);
void vio_ssl_in_addr(Vio *vio, struct in_addr *in);
int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);
/* Single copy for server */
enum vio_ssl_acceptorfd_state
{
state_connect = 1,
state_accept = 2
};
#endif /* HAVE_OPENSSL */

424
vio/viossl.c
View file

@ -51,384 +51,240 @@ static int SSL_set_fd_bsd(SSL *s, int fd)
static void
report_errors()
report_errors(SSL* ssl)
{
unsigned long l;
const char* file;
const char* data;
int line,flags;
const char *file;
const char *data;
int line, flags;
#ifndef DBUG_OFF
char buf[512];
#endif
DBUG_ENTER("report_errors");
while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)))
while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
{
char buf[512];
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
file,line,(flags&ERR_TXT_STRING)?data:"")) ;
}
DBUG_PRINT("info", ("errno: %d", socket_errno));
if (ssl)
DBUG_PRINT("error", ("error: %s",
ERR_error_string(SSL_get_error(ssl, l), buf)));
DBUG_PRINT("info", ("socket_errno: %d", socket_errno));
DBUG_VOID_RETURN;
}
int vio_ssl_errno(Vio *vio __attribute__((unused)))
{
return socket_errno; /* On Win32 this mapped to WSAGetLastError() */
}
int vio_ssl_read(Vio * vio, gptr buf, int size)
int vio_ssl_read(Vio *vio, gptr buf, int size)
{
int r;
DBUG_ENTER("vio_ssl_read");
DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d, ssl_: 0x%p",
vio->sd, buf, size, vio->ssl_arg));
if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0)
{
int err= SSL_get_error((SSL*) vio->ssl_arg, r);
DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err));
report_errors();
}
r= SSL_read((SSL*) vio->ssl_arg, buf, size);
#ifndef DBUG_OFF
if (r < 0)
report_errors((SSL*) vio->ssl_arg);
#endif
DBUG_PRINT("exit", ("%d", r));
DBUG_RETURN(r);
}
int vio_ssl_write(Vio * vio, const gptr buf, int size)
int vio_ssl_write(Vio *vio, const gptr buf, int size)
{
int r;
DBUG_ENTER("vio_ssl_write");
DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d", vio->sd, buf, size));
if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0)
report_errors();
r= SSL_write((SSL*) vio->ssl_arg, buf, size);
#ifndef DBUG_OFF
if (r < 0)
report_errors((SSL*) vio->ssl_arg);
#endif
DBUG_PRINT("exit", ("%d", r));
DBUG_RETURN(r);
}
int vio_ssl_fastsend(Vio * vio __attribute__((unused)))
int vio_ssl_close(Vio *vio)
{
int r=0;
DBUG_ENTER("vio_ssl_fastsend");
#if defined(IPTOS_THROUGHPUT)
{
int tos= IPTOS_THROUGHPUT;
r= setsockopt(vio->sd, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(tos));
}
#endif /* IPTOS_THROUGHPUT */
if (!r)
{
#ifdef __WIN__
BOOL nodelay= 1;
r= setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (const char*) &nodelay,
sizeof(nodelay));
#else
int nodelay= 1;
r= setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (void*) &nodelay,
sizeof(nodelay));
#endif /* __WIN__ */
}
if (r)
{
DBUG_PRINT("warning", ("Couldn't set socket option for fast send"));
r= -1;
}
DBUG_PRINT("exit", ("%d", r));
DBUG_RETURN(r);
}
int vio_ssl_keepalive(Vio* vio, my_bool set_keep_alive)
{
int r=0;
DBUG_ENTER("vio_ssl_keepalive");
DBUG_PRINT("enter", ("sd: %d, set_keep_alive: %d", vio->sd, (int)
set_keep_alive));
if (vio->type != VIO_TYPE_NAMEDPIPE)
{
uint opt = (set_keep_alive) ? 1 : 0;
r= setsockopt(vio->sd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt,
sizeof(opt));
}
DBUG_RETURN(r);
}
my_bool
vio_ssl_should_retry(Vio * vio __attribute__((unused)))
{
int en = socket_errno;
return (en == SOCKET_EAGAIN || en == SOCKET_EINTR ||
en == SOCKET_EWOULDBLOCK);
}
my_bool
vio_ssl_was_interrupted(Vio *vio __attribute__((unused)))
{
int en= socket_errno;
return (en == SOCKET_EAGAIN || en == SOCKET_EINTR ||
en == SOCKET_EWOULDBLOCK || en == SOCKET_ETIMEDOUT);
}
int vio_ssl_close(Vio * vio)
{
int r;
int r= 0;
SSL *ssl= (SSL*)vio->ssl_arg;
DBUG_ENTER("vio_ssl_close");
r=0;
if ((SSL*) vio->ssl_arg)
if (ssl)
{
r = SSL_shutdown((SSL*) vio->ssl_arg);
SSL_free((SSL*) vio->ssl_arg);
switch ((r= SSL_shutdown(ssl)))
{
case 1: /* Shutdown successful */
break;
case 0: /* Shutdown not yet finished, call it again */
if ((r= SSL_shutdown(ssl) >= 0))
break;
/* Fallthrough */
default: /* Shutdown failed */
DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %s",
SSL_get_error(ssl, r)));
break;
}
SSL_free(ssl);
vio->ssl_arg= 0;
}
if (vio->sd >= 0)
{
if (shutdown(vio->sd, 2))
r= -1;
if (closesocket(vio->sd))
r= -1;
}
if (r)
{
DBUG_PRINT("error", ("close() failed, error: %d",socket_errno));
report_errors();
/* FIXME: error handling (not critical for MySQL) */
}
vio->type= VIO_CLOSED;
vio->sd= -1;
DBUG_RETURN(r);
DBUG_RETURN(vio_close(vio));
}
const char *vio_ssl_description(Vio * vio)
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
return vio->desc;
}
enum enum_vio_type vio_ssl_type(Vio* vio)
{
return vio->type;
}
my_socket vio_ssl_fd(Vio* vio)
{
return vio->sd;
}
my_bool vio_ssl_peer_addr(Vio * vio, char *buf, uint16 *port)
{
DBUG_ENTER("vio_ssl_peer_addr");
DBUG_PRINT("enter", ("sd: %d", vio->sd));
if (vio->localhost)
{
strmov(buf,"127.0.0.1");
*port=0;
}
else
{
size_socket addrLen = sizeof(struct sockaddr);
if (getpeername(vio->sd, (struct sockaddr *) (& (vio->remote)),
&addrLen) != 0)
{
DBUG_PRINT("exit", ("getpeername, error: %d", socket_errno));
DBUG_RETURN(1);
}
#ifdef TO_BE_FIXED
my_inet_ntoa(vio->remote.sin_addr,buf);
*port= 0;
#else
strmov(buf, "unknown");
*port= 0;
#endif
}
DBUG_PRINT("exit", ("addr: %s", buf));
DBUG_RETURN(0);
}
void vio_ssl_in_addr(Vio *vio, struct in_addr *in)
{
DBUG_ENTER("vio_ssl_in_addr");
if (vio->localhost)
bzero((char*) in, sizeof(*in));
else
*in=vio->remote.sin_addr;
DBUG_VOID_RETURN;
}
/*
TODO: Add documentation
*/
int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
{
char *str;
char buf[1024];
X509* client_cert;
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd: %d ptr: Ox%p, timeout: %d",
DBUG_PRINT("enter", ("sd: %d ptr: %p, timeout: %d",
vio->sd, ptr, timeout));
old_type= vio->type;
net_blocking = vio_is_blocking(vio);
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_arg= 0;
if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context)))
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors();
report_errors(ssl);
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl_: Ox%p timeout: %ld",
(SSL*) vio->ssl_arg, timeout));
SSL_clear((SSL*) vio->ssl_arg);
SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
SSL_set_fd((SSL*) vio->ssl_arg,vio->sd);
SSL_set_accept_state((SSL*) vio->ssl_arg);
if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl_: %p timeout: %ld", ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
SSL_set_accept_state(ssl);
if (SSL_do_handshake(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors();
SSL_free((SSL*) vio->ssl_arg);
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
if (client_cert != NULL)
{
DBUG_PRINT("info",("Client certificate:"));
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
DBUG_PRINT("info",("\t subject: %s", str));
free (str);
char buf[1024];
X509 *client_cert;
DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
DBUG_PRINT("info",("\t issuer: %s", str));
free (str);
if ((client_cert= SSL_get_peer_certificate (ssl)))
{
DBUG_PRINT("info",("Client certificate:"));
X509_NAME_oneline (X509_get_subject_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_free (client_cert);
X509_NAME_oneline (X509_get_issuer_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (client_cert);
}
else
DBUG_PRINT("info",("Client does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
}
else
DBUG_PRINT("info",("Client does not have certificate."));
str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf));
if (str)
{
DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str));
}
else
{
DBUG_PRINT("info",("no shared ciphers!"));
}
#endif
DBUG_RETURN(0);
}
int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
char *str;
X509* server_cert;
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
enum enum_vio_type old_type;
DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%p ctx: 0x%p",
vio->sd,ptr,ptr->ssl_context));
DBUG_PRINT("enter", ("sd: %d, ptr: %p, ctx: %p",
vio->sd, ptr, ptr->ssl_context));
old_type= vio->type;
net_blocking = vio_is_blocking(vio);
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_arg= 0;
if (!(vio->ssl_arg = SSL_new(ptr->ssl_context)))
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors();
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl_: 0x%p timeout: %ld",
(SSL*) vio->ssl_arg, timeout));
SSL_clear((SSL*) vio->ssl_arg);
SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout);
SSL_set_fd ((SSL*) vio->ssl_arg, vio_ssl_fd(vio));
SSL_set_connect_state((SSL*) vio->ssl_arg);
if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors();
SSL_free((SSL*) vio->ssl_arg);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
report_errors(ssl);
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name((SSL*) vio->ssl_arg)));
server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg);
if (server_cert != NULL)
{
DBUG_PRINT("info",("Server certificate:"));
str = X509_NAME_oneline (X509_get_subject_name (server_cert), 0, 0);
DBUG_PRINT("info",("\t subject: %s", str));
free(str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert), 0, 0);
DBUG_PRINT("info",("\t issuer: %s", str));
free(str);
/*
We could do all sorts of certificate verification stuff here before
deallocating the certificate.
*/
X509_free (server_cert);
}
else
DBUG_PRINT("info",("Server does not have certificate."));
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: %p, timeout: %ld", ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
SSL_set_connect_state(ssl);
if (SSL_do_handshake(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
{
X509 *server_cert;
DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl)));
if ((server_cert= SSL_get_peer_certificate (ssl)))
{
char buf[256];
DBUG_PRINT("info",("Server certificate:"));
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (server_cert);
}
else
DBUG_PRINT("info",("Server does not have certificate."));
}
#endif
DBUG_RETURN(0);
}
int vio_ssl_blocking(Vio * vio __attribute__((unused)),
int vio_ssl_blocking(Vio *vio __attribute__((unused)),
my_bool set_blocking_mode,
my_bool *old_mode)
{
/* Mode is always blocking */
*old_mode= 1;
/* Return error if we try to change to non_blocking mode */
*old_mode=1; /* Mode is always blocking */
return set_blocking_mode ? 0 : 1;
return (set_blocking_mode ? 0 : 1);
}
void vio_ssl_timeout(Vio *vio __attribute__((unused)),
uint which __attribute__((unused)),
uint timeout __attribute__((unused)))
{
#ifdef __WIN__
ulong wait_timeout= (ulong) timeout * 1000;
(void) setsockopt(vio->sd, SOL_SOCKET,
which ? SO_SNDTIMEO : SO_RCVTIMEO, (char*) &wait_timeout,
sizeof(wait_timeout));
#endif /* __WIN__ */
}
#endif /* HAVE_OPENSSL */

317
vio/viosslfactories.c
View file

@ -21,7 +21,6 @@
static bool ssl_algorithms_added = FALSE;
static bool ssl_error_strings_loaded= FALSE;
static int verify_depth = 0;
static int verify_error = X509_V_OK;
static unsigned char dh512_p[]=
{
@ -82,30 +81,31 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
DBUG_ENTER("vio_set_cert_stuff");
DBUG_PRINT("enter", ("ctx: %p, cert_file: %s, key_file: %s",
ctx, cert_file, key_file));
if (cert_file != NULL)
if (cert_file)
{
if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <= 0)
if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
{
DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file));
DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file));
/* FIX stderr */
fprintf(stderr,"Error when connection to server using SSL:");
ERR_print_errors_fp(stderr);
fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
fflush(stderr);
DBUG_RETURN(0);
DBUG_RETURN(1);
}
if (key_file == NULL)
key_file = cert_file;
if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
SSL_FILETYPE_PEM) <= 0)
if (!key_file)
key_file= cert_file;
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0)
{
DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file));
DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file));
/* FIX stderr */
fprintf(stderr,"Error when connection to server using SSL:");
ERR_print_errors_fp(stderr);
fprintf(stderr,"Unable to get private key from '%s'\n", cert_file);
fflush(stderr);
DBUG_RETURN(0);
fprintf(stderr,"Unable to get private key from '%s'\n", key_file);
fflush(stderr);
DBUG_RETURN(1);
}
/*
@ -116,45 +116,45 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
{
DBUG_PRINT("error",
("Private key does not match the certificate public key\n"));
DBUG_RETURN(0);
DBUG_RETURN(1);
}
}
DBUG_RETURN(1);
DBUG_RETURN(0);
}
static int
vio_verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509* err_cert;
int err,depth;
char buf[256];
X509 *err_cert;
DBUG_ENTER("vio_verify_callback");
DBUG_PRINT("enter", ("ok: %d, ctx: 0x%p", ok, ctx));
err_cert=X509_STORE_CTX_get_current_cert(ctx);
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
DBUG_PRINT("enter", ("ok: %d, ctx: %p", ok, ctx));
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof(buf));
err_cert= X509_STORE_CTX_get_current_cert(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
DBUG_PRINT("info", ("cert: %s", buf));
if (!ok)
{
DBUG_PRINT("error",("verify error: num: %d : '%s'\n",err,
int err, depth;
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
DBUG_PRINT("error",("verify error: %d, '%s'",err,
X509_verify_cert_error_string(err)));
/*
Approve cert if depth is greater then "verify_depth", currently
verify_depth is always 0 and there is no way to increase it.
*/
if (verify_depth >= depth)
{
ok=1;
verify_error=X509_V_OK;
}
else
{
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
ok= 1;
}
switch (ctx->error) {
switch (ctx->error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
DBUG_PRINT("info",("issuer= %s\n",buf));
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
DBUG_PRINT("info",("issuer= %s\n", buf));
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
@ -198,198 +198,155 @@ static void netware_ssl_init()
#endif /* __NETWARE__ */
/************************ VioSSLConnectorFd **********************************/
/*
TODO:
Add option --verify to mysql to be able to change verification mode
*/
struct st_VioSSLConnectorFd *
new_VioSSLConnectorFd(const char* key_file,
const char* cert_file,
const char* ca_file,
const char* ca_path,
const char* cipher)
static void check_ssl_init()
{
int verify = SSL_VERIFY_NONE;
struct st_VioSSLConnectorFd* ptr;
int result;
DH *dh;
DBUG_ENTER("new_VioSSLConnectorFd");
if (!(ptr=((struct st_VioSSLConnectorFd*)
my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0)))))
DBUG_RETURN(0);
ptr->ssl_context= 0;
ptr->ssl_method= 0;
/* FIXME: constants! */
if (!ssl_algorithms_added)
{
DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
ssl_algorithms_added = TRUE;
ssl_algorithms_added= TRUE;
SSL_library_init();
OpenSSL_add_all_algorithms();
}
#ifdef __NETWARE__
netware_ssl_init();
#endif
if (!ssl_error_strings_loaded)
{
DBUG_PRINT("info", ("todo:SSL_load_error_strings()"));
ssl_error_strings_loaded = TRUE;
ssl_error_strings_loaded= TRUE;
SSL_load_error_strings();
}
ptr->ssl_method = TLSv1_client_method();
ptr->ssl_context = SSL_CTX_new(ptr->ssl_method);
DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context));
if (ptr->ssl_context == 0)
}
/************************ VioSSLFd **********************************/
static struct st_VioSSLFd *
new_VioSSLFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
const char *cipher, SSL_METHOD *method)
{
DH *dh;
struct st_VioSSLFd *ssl_fd;
DBUG_ENTER("new_VioSSLFd");
check_ssl_init();
if (!(ssl_fd= ((struct st_VioSSLFd*)
my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
DBUG_RETURN(0);
if (!(ssl_fd->ssl_context= SSL_CTX_new(method)))
{
DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors();
goto ctor_failure;
my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0);
}
/*
SSL_CTX_set_options
SSL_CTX_set_info_callback
*/
if (cipher)
/* Set the ciphers that can be used */
if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher))
{
result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
}
SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
DBUG_PRINT("error", ("failed to set ciphers to use"));
report_errors();
goto ctor_failure;
my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0);
}
if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0)
/* Load certs from the trusted ca */
if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0)
{
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0)
if (SSL_CTX_set_default_verify_paths(ssl_fd->ssl_context) == 0)
{
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors();
goto ctor_failure;
my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0);
}
}
}
if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file))
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors();
my_free((void*)ssl_fd,MYF(0));
DBUG_RETURN(0);
}
/* DH stuff */
dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
DH_free(dh);
DBUG_RETURN(ptr);
ctor_failure:
DBUG_PRINT("exit", ("there was an error"));
my_free((gptr)ptr,MYF(0));
DBUG_RETURN(0);
DBUG_PRINT("exit", ("OK 1"));
DBUG_RETURN(ssl_fd);
}
/************************ VioSSLConnectorFd **********************************/
struct st_VioSSLFd *
new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
const char *cipher)
{
struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
ca_path, cipher, TLSv1_client_method())))
{
return 0;
}
/* Init the VioSSLFd as a "connector" ie. the client side */
/*
The verify_callback function is used to control the behaviour
when the SSL_VERIFY_PEER flag is set.
*/
SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback);
return ssl_fd;
}
/************************ VioSSLAcceptorFd **********************************/
/*
TODO:
Add option --verify to mysqld to be able to change verification mode
*/
struct st_VioSSLAcceptorFd *
new_VioSSLAcceptorFd(const char *key_file,
const char *cert_file,
const char *ca_file,
const char *ca_path,
struct st_VioSSLFd*
new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
const char *cipher)
{
int verify = (SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE);
struct st_VioSSLAcceptorFd* ptr;
int result;
DH *dh;
DBUG_ENTER("new_VioSSLAcceptorFd");
ptr= ((struct st_VioSSLAcceptorFd*)
my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)));
ptr->ssl_context=0;
ptr->ssl_method=0;
/* FIXME: constants! */
ptr->session_id_context= ptr;
if (!ssl_algorithms_added)
struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
ca_path, cipher, TLSv1_server_method())))
{
DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
ssl_algorithms_added = TRUE;
SSL_library_init();
OpenSSL_add_all_algorithms();
return 0;
}
/* Init the the VioSSLFd as a "acceptor" ie. the server side */
}
#ifdef __NETWARE__
netware_ssl_init();
#endif
if (!ssl_error_strings_loaded)
{
DBUG_PRINT("info", ("todo: SSL_load_error_strings()"));
ssl_error_strings_loaded = TRUE;
SSL_load_error_strings();
}
ptr->ssl_method= TLSv1_server_method();
ptr->ssl_context= SSL_CTX_new(ptr->ssl_method);
if (ptr->ssl_context == 0)
{
DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors();
goto ctor_failure;
}
if (cipher)
{
result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
}
/* SSL_CTX_set_quiet_shutdown(ctx,1); */
SSL_CTX_sess_set_cache_size(ptr->ssl_context,128);
/* DH? */
SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
SSL_CTX_set_session_id_context(ptr->ssl_context,
(const uchar*) &(ptr->session_id_context),
sizeof(ptr->session_id_context));
/* Set max number of cached sessions, returns the previous size */
SSL_CTX_sess_set_cache_size(ssl_fd->ssl_context, 128);
/*
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
The verify_callback function is used to control the behaviour
when the SSL_VERIFY_PEER flag is set.
*/
if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors();
goto ctor_failure;
}
if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0)
{
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0)
{
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors();
goto ctor_failure;
}
}
/* DH stuff */
dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
DH_free(dh);
DBUG_RETURN(ptr);
SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback);
ctor_failure:
DBUG_PRINT("exit", ("there was an error"));
my_free((gptr) ptr,MYF(0));
DBUG_RETURN(0);
/*
Set session_id - an identifier for this server session
Use the ssl_fd pointer
*/
SSL_CTX_set_session_id_context(ssl_fd->ssl_context,
(const unsigned char *)ssl_fd,
sizeof(ssl_fd));
return ssl_fd;
}
void free_vio_ssl_acceptor_fd(struct st_VioSSLAcceptorFd *fd)
void free_vio_ssl_acceptor_fd(struct st_VioSSLFd *fd)
{
SSL_CTX_free(fd->ssl_context);
my_free((gptr) fd, MYF(0));