mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-15 19:37:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Error code for ssl connection

Browse source 
Fix bug when server hang(with SSL, with modified libmysql)
Add options master-ssl-capath and master-ssl-cipher
Add some error checking(SSL)
This commit is contained in:
gluh@gluh.(none) 2002-11-05 12:05:58 +04:00
commit 7bf903ea10
8 changed files with 77 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

46
vio/viossl.c
View file

@ -249,35 +249,48 @@ void vio_ssl_in_addr(Vio *vio, struct in_addr *in)
/*
TODO: Add documentation and error handling
TODO: Add documentation
*/
void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
{
char *str;
char buf[1024];
X509* client_cert;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd=%d ptr=%p", vio->sd,ptr));
old_type= vio->type;
net_blocking = vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_=0;
vio->open_=FALSE;
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors();
DBUG_VOID_RETURN;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
SSL_clear(vio->ssl_);
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
SSL_set_fd(vio->ssl_,vio->sd);
SSL_set_accept_state(vio->ssl_);
SSL_do_handshake(vio->ssl_);
vio->open_ = TRUE;
if (SSL_do_handshake(vio->ssl_) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors();
SSL_free(vio->ssl_);
vio->ssl_=0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUF_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name(vio->ssl_)));
@ -309,7 +322,7 @@ void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
}
#endif
DBUG_VOID_RETURN;
DBUG_RETURN(0);
}
@ -318,17 +331,22 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
char *str;
X509* server_cert;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_));
old_type= vio->type;
net_blocking = vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
vio->ssl_=0;
vio->open_=FALSE;
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors();
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
@ -336,8 +354,16 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
SSL_set_fd (vio->ssl_, vio->sd);
SSL_set_connect_state(vio->ssl_);
SSL_do_handshake(vio->ssl_);
vio->open_ = TRUE;
if (SSL_do_handshake(vio->ssl_) < 1)
{
DBUG_PRINT("error", ("SSL_do_handshake failure"));
report_errors();
SSL_free(vio->ssl_);
vio->ssl_=0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
,SSL_get_cipher_name(vio->ssl_)));

6
vio/viosslfactories.c
View file

@ -93,7 +93,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
{
DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file));
/* FIX stderr */
fprintf(stderr,"Error when connection to server using SSL:");
ERR_print_errors_fp(stderr);
fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
fflush(stderr);
DBUG_RETURN(0);
}
if (key_file == NULL)
@ -103,7 +106,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
{
DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file));
/* FIX stderr */
fprintf(stderr,"Error when connection to server using SSL:");
ERR_print_errors_fp(stderr);
fprintf(stderr,"Unable to get private key from '%s'\n", cert_file);
fflush(stderr);
DBUG_RETURN(0);
}