The problem is that the server failed to follow the rule that
every X509 object retrieved using SSL_get_peer_certificate()
must be explicitly freed by X509_free(). This caused a memory
leak for builds linked against OpenSSL where the X509 object
is reference counted -- improper counting will prevent the
object from being destroyed once the session containing the
peer certificate is freed.
The solution is to explicitly free every X509 object used.
mysqldump included character_set_client magic
that is unknown before 4.1 even when asked for
an appropriate compatibility mode.
In compatibility (3.23, 4.0) mode, we do not
output charset statements (not even in a
"comment conditional"), nor do we do magic on
the server, even if the server is sufficient
new (4.1+). Table-names will be output converted
to the charset requested by mysqldump; if such
a conversion is not possible (Ivrit -> Latin),
mysqldump will fail.
mysqldump included character_set_client magic
that is unknown before 4.1 even when asked for
an appropriate compatibility mode.
In compatibility (3.23, 4.0) mode, we do not
output charset statements (not even in a
"comment conditional"), nor do we do magic on
the server, even if the server is sufficient
new (4.1+). Table-names will be output converted
to the charset requested by mysqldump; if such
a conversion is not possible (Ivrit -> Latin),
mysqldump will fail.
using crashes server
When the server is configured to use a RSA key, and when the client sends
a cipher-suite list that contains a non-RSA key as acceptable, the server
would try to process that key even though it was impossible.
Now, yaSSL sets its own acceptable-cipher list according to what kind of
key the server is started with, and will never explore and try to pair
impossible combinations.
This involves a partial import of the current YaSSL tree, not the whole
thing, so as to try to avoid introducing new bugs.
(Updated to avoid many whitespace changes and make diff smaller.)
binary SHOW CREATE TABLE or SELECT FROM I_S.
The problem is that mysqldump generates incorrect dump for a table
with non-ASCII column name if the mysqldump's character set is
ASCII.
The fix is to:
1. Switch character_set_client for the mysqldump's connection
to binary before issuing SHOW CREATE TABLE statement in order
to avoid conversion.
2. Dump switch character_set_client statements to UTF8 and back
for CREATE TABLE statement.
- Change check for return value of 'SSL_CTX_set_cipher_list'
in order to handle 0 as error setting cipher.
- Thanks to Dan Lukes for finding the problem!
- Turn off verification of peer if both ca_path and ca_file is null
i.e from only passing --ssl-key=<client_key> and --ssl-cert=<client_cert>
to the mysql utility programs.
The server will authenticate the client accoring to GRANT tables
but the client won't authenticate the server
- Small difference in output from 'X509_NAME_Oneline' between OpenSSL and yaSSL. OpenSSL uses
an extension that allow's the email adress of the cert holder.
- Imported patch for yaSSL "add email to DN output"
when X.509 subject was required for a connect, we tested whether it was the right
one, but did not refuse the connexion if not. fixed.
(corrected CS now --replace_results socket-path)
- Added show status variable "compression" for checking that compression is turned on.
- Updated show status variable "have_openssl" to be set to DISABLED if server supports ssl but it's not turned on to accept incoming ssl connections.
- Setup server to accept ssl connections from clients ig that is supported by server
- New tests
- ssl - Run with ssl turned on
- ssl_compress - Run with ssl and compression turned on
- compress - Run with compression turned in
- Updated test
- openssl_1, rpl_openssl1 - Changed to run if server supports ssl
added support for quiet
increased line buffer size
client/mysqltest.c
fixed memory leak
added query logging to result file
added error message logging to result file
added enable_query_log/disable_query_log
mysql-test/mysql-test-run.sh
converted tests to use mysqlmanager
Updated test results
