Commit graph

19 commits

Author SHA1 Message Date
Vladislav Vaintroub
56c4cfe0be MDEV-9293 - Use MariaDB's Connector/C in server 2016-08-25 16:27:57 +02:00
Vladislav Vaintroub
31a8cf54c8 Revert "MDEV-9293 Connector/C integration"
This reverts commit 7b89b9f510.
2016-08-19 15:46:27 +00:00
Vladislav Vaintroub
7b89b9f510 MDEV-9293 Connector/C integration 2016-08-19 15:27:37 +00:00
Sergei Golubchik
341e5f4411 MDEV-10054 Secure login fails when CIPHER is required
SSL: do not require client certificate to exist,
if GRANT didn't require that
2016-06-28 22:33:15 +02:00
Monty
f6cc7f1bdc Fixed failing test cases and compiler warnings
- Fixed wait condition in kill_processlist-6619
- Updated Ssl_chiper for openssl tests
- Added supression for valgrinds when using libcrypto
- Fixed wrong argument to pthread_mutex in server_audit.c when compiling with debug
- Adding missing debug_sync_update() to debug_sync.h
- Added initializers to some variables and fixed error handling in jsonudf.cpp
- Fixed cluster_filter_unpack_varchar which doesn't have a stable index type.
- Updated compiler_warnings.supp
2016-04-25 15:37:24 +03:00
Sergei Golubchik
cc12a35cde MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT.
Otherwise it might affect current ssl-encrypted connection.
2015-05-03 11:21:57 +02:00
Sergei Golubchik
3495801e2e 5.5 merge 2014-11-19 17:23:39 +01:00
Sergei Golubchik
cb8f837a3d MDEV-6975 Implement TLS protocol
change SSL methods to be SSLv23 (according to openssl manpage:
"A TLS/SSL connection established with these methods may understand
the SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols") from
TLSv1 methods, that go back to the initial SSL implementation
in MySQL in 2001.

OpenSSL default ciphers are different if TLSv1.2 is enabled,
so tests need to take this into account.
2014-11-18 17:57:06 +01:00
Michael Widenius
60589aeee0 Next part of merge. See TODO for details 2012-08-14 17:23:34 +03:00
Sergei Golubchik
65ca700def merge.
checkpoint.
does not compile.
2010-11-25 18:17:28 +01:00
Konstantin Osipov
3227ba706f Backport of:
ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
Bug#13174: SHA2 function
Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle

Implement SHA2 functions.

Chad added code to make it work with YaSSL.  Also, he removed the 
(probable) bug of embedded server never using SSL-dependent 
functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)

Function specification:
  SHA2( string cleartext, integer hash_length ) 
    -> string hash, or NULL
where hash_length is one of 224, 256, 384, or 512.  If either is 
NULL or a length is unsupported, then the result is NULL.  The 
resulting string is always the length of the hash_length parameter
or is NULL.

Include the canonical hash examples from the NIST in the test
results.
---
Polish and address concerns of reviewers.


.bzrignore:
  Added libmysqld/sha2.cc to the ignore list.
client/mysql.cc:
  Add condition to remove code for embedded server.
client/mysqltest.cc:
  Add condition to remove code for embedded server.
include/Makefile.am:
  New header file to header list.
include/mysql_embed.h:
  Embedded servers can use SSL-library functions too!
include/sha2.h:
  Compatibility layer to make YaSSL behave like OpenSSL.
include/sslopt-case.h:
  Remove SSL-communication parameters from command lines.
include/sslopt-longopts.h:
  Remove SSL-communication parameters from command lines.
include/sslopt-vars.h:
  Don't declare variables that are only used in SSL communication, if
  we are compiling the embedded server.
include/violite.h:
  Don't even compile the SSL-communication function if we're in the
  embedded server.
  ---
  Remove CPP condition indentation.
libmysqld/CMakeLists.txt:
  Add new file to source list.
libmysqld/Makefile.am:
  Include standard DEFS in embedded compilation.  It's an undiscovered
  but that it's not there.
  
  Add new file to source list.
libmysqld/examples/Makefile.am:
  Include autoconf DEFS.
libmysqld/lib_sql.cc:
  Initialize SSL-related variables in embedded server.
mysql-test/include/have_ssl_crypto_functs.inc:
  Distinguish between communication and crypto.
  Use the tristate value of "have_ssl" variable to know whether to
  test or not for SSL-provided crypto functions.
mysql-test/r/func_digest.result:
  
  Test against the sample test vectors in the NIST Secure
  Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
mysql-test/r/func_encrypt_nossl.result:
  Update results to the new error message text.
mysql-test/r/have_ssl_is_yes_or_disabled_only.require:
  Distinguish between communication and crypto.
  
  Use the tristate value of "have_ssl" variable to know whether to
  test or not for SSL-provided crypto functions.
mysql-test/suite/rpl/t/rpl_ssl.test:
  Distinguish between communication and crypto.
mysql-test/suite/rpl/t/rpl_ssl1.test:
  Distinguish between communication and crypto.
mysql-test/t/func_des_encrypt.test:
  Distinguish between communication and crypto.
mysql-test/t/func_digest.test:
  Test against the sample test vectors in the NIST Secure
  Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
  
  Also, test that various parameters (legal and illegal)
  do what we expect.
  ---
  Distinguish between communication and crypto.
mysql-test/t/func_encrypt.test:
  Distinguish between communication and crypto.
mysql-test/t/openssl_1.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl-big.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl_8k_key.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl_compress.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl_connect.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
sql-common/client.c:
  SSL is useful for more functionality than just connecting.  Test
  for whether we are not embedded server also.
sql/CMakeLists.txt:
  Add new source file to source list so that we have access to SHA2
  functions.
sql/Makefile.am:
  Add new source file to source list so that we have access to SHA2
  functions.
sql/item_create.cc:
  Bootstrap the SHA2 function into the server.
sql/item_strfunc.cc:
  Add new SHA2 Item class methods.
  
  Clean up two minor problems.
  ---
  Remove extraneous debugging.
  ---
  We must check nullness of a parameter only /after/ computing its
  value.
sql/item_strfunc.h:
  Declare new SHA2 Item class.
sql/mysqld.cc:
  For embedded server, don't refer to SSL-communications variables
  or values.
  ---
  Remove CPP condition indentation.
sql/sha2.cc:
  Compatibility layer to make YaSSL behave like OpenSSL.
  ---
  Add comment for generated functions.
sql/sql_acl.cc:
  For embedded server, don't refer to SSL-communications variables
  or values.
sql/sql_connect.cc:
  SSL is useful for more functionality than just connecting.  Test
  for whether we are not embedded server also.
sql/sys_vars.cc:
  For embedded server, don't refer to SSL-communications variables
  or values.
2010-04-13 19:04:45 +04:00
Michael Widenius
3d831149f9 Added option --staging-run to mysql-test-run to mark slow, not important tests, to not be run in staging trees
Use MY_MUTEX_INIT_FAST for pool mutex

mysql-test/mysql-test-run.pl:
  Added option --staging-run
  Added information about --parallell=# to help message
mysql-test/suite/federated/federated_server.test:
  Slow test, don't run with --staging-run
mysql-test/suite/maria/t/maria-preload.test:
  Slow test, don't run with --staging-run
mysql-test/suite/rpl/t/rpl_optimize.test:
  Slow test, don't run with --staging-run
mysql-test/suite/rpl/t/rpl_relayrotate.test:
  Slow test, don't run with --staging-run
mysql-test/suite/rpl/t/rpl_row_001.test:
  Slow test, don't run with --staging-run
mysql-test/suite/rpl/t/rpl_row_mysqlbinlog.test:
  Slow test, don't run with --staging-run
mysql-test/suite/rpl/t/rpl_row_sp003.test:
  Slow test, don't run with --staging-run
mysql-test/suite/rpl/t/rpl_start_stop_slave.test:
  Slow test, don't run with --staging-run
mysql-test/t/compress.test:
  Slow test, don't run with --staging-run
mysql-test/t/count_distinct3.test:
  Slow test, don't run with --staging-run
mysql-test/t/index_merge_innodb.test:
  Slow test, don't run with --staging-run
mysql-test/t/information_schema_all_engines.test:
  Slow test, don't run with --staging-run
mysql-test/t/innodb_mysql.test:
  Slow test, don't run with --staging-run
mysql-test/t/pool_of_threads.test:
  Slow test, don't run with --staging-run
mysql-test/t/preload.test:
  Slow test, don't run with --staging-run
mysql-test/t/ssl.test:
  Slow test, don't run with --staging-run
mysql-test/t/ssl_compress.test:
  Slow test, don't run with --staging-run
mysql-test/valgrind.supp:
  Suppress warnings from SuSE 11.1 on x86
sql/scheduler.cc:
  Use MY_MUTEX_INIT_FAST for pool mutex
2009-06-05 18:35:22 +03:00
Matthias Leich
140cc614c9 Last slice of fix for Bug#42003 tests missing the disconnect of connections <> default
+ Fix for Bug#43114 wait_until_count_sessions too restrictive, random PB failures
+ Removal of a lot of other weaknesses found
+ modifications according to review
2009-03-03 21:34:18 +01:00
unknown
3880c80fc6 Add "have_ssl" as synonym for "have_openssl"
mysql-test/t/openssl_1.test:
  Add "have_ssl" as synonym for "have_openssl"
  Correct comment
2007-03-05 10:03:42 +01:00
unknown
c7ff3bdb98 Updated after testing
mysql-test/mysql-test-run.pl:
  Improved printouts
mysql-test/r/compress.result:
  Updated test result
mysql-test/r/ssl.result:
  Updated test result
mysql-test/r/ssl_compress.result:
  Updated test result
mysql-test/t/compress.test:
  Use new connection
  Use common include file 
  Test feature is turned on both before and after tests
mysql-test/t/ssl.test:
  Use new connection
  Use common include file 
  Test feature is turned on both before and after tests
mysql-test/t/ssl_compress.test:
  Use new connection
  Use common include file 
  Test feature is turned on both before and after tests
2005-10-13 11:28:06 +02:00
unknown
2bb0501d65 Always test ssl and compress
- Updated after review


client/mysqltest.c:
  Updated after review.
  Fix "connect" command to take SSL and/or COMPRESS as options instead of enable/disable_ssl and enable/disable_compress
  Commented do_connect, added test cases etc.
  Fix safe_get_param to make it possible to call it once for every argument without having any checks inbetween.
  Make a copy for query->first_argument  since safe_get_param will modify query string. Now connect works inside a while loop as well.
mysql-test/mysql-test-run.pl:
  Updated after review
mysql-test/r/connect.result:
  Enable test that was previolsy disabled because of "no error handling" in connect
mysql-test/r/mysqltest.result:
  Added tests for "connect"
mysql-test/t/compress.test:
  Updated after review, use the option argument to connect
mysql-test/t/connect.test:
  Enable test that was previolsy disabled because of "no error handling" in connect
  Now it's possible to use "--error" before connect, so let's use it.
mysql-test/t/information_schema.test:
  Connection user4 was already used
mysql-test/t/myisam.test:
  Disconnect con1 so the name can be reused
mysql-test/t/mysqltest.test:
  Added tests for "connect"
mysql-test/t/openssl_1.test:
  Updated after review, use the option argument to connect
mysql-test/t/sp-security.test:
  Disconnect user1 connection so the name can be reused
mysql-test/t/ssl.test:
  Updated after review, use the option argument to connect
mysql-test/t/ssl_compress.test:
  Updated after review, use the option argument to connect
sql/mysqld.cc:
  Updated after review, Compression variable is always available
sql/sql_show.cc:
  Updated after review, Compression variable is always available
sql/structs.h:
  Updated after review, Compression variable is always available
2005-10-12 13:56:07 +02:00
unknown
20fdedb756 Improved testing of ssl and compression
- Added show status variable "compression" for checking that compression is turned on.
 - Updated show status variable "have_openssl" to be set to DISABLED if server supports ssl but it's not turned on to accept incoming ssl connections.  
 - Setup server to accept ssl connections from clients ig that is supported by server
 - New tests 
   - ssl - Run with ssl turned on
   - ssl_compress - Run with ssl and compression turned on
   - compress - Run with compression turned in 
 - Updated test 
   - openssl_1, rpl_openssl1 - Changed to run if server supports ssl


BitKeeper/deleted/.del-have_openssl_1.inc~55590efedeec9ee0:
  Delete: mysql-test/include/have_openssl_1.inc
BitKeeper/deleted/.del-have_openssl_1.require~e8cdeb0adba99ac5:
  Delete: mysql-test/r/have_openssl_1.require
client/mysqltest.c:
  Add commands to enable/disable ssl for the follwing connect's
  Add commands to enable/disable compression for the  following connect's
mysql-test/mysql-test-run.pl:
  Test if ssl is supported by the server
  If ssl is supported by the server, start server with ability to accept ssl connections from clients
  Cleanup check of supported features check_ssl_support, check_ndbcluster_support
  Flags and helptext for mysl-test-run.pl updated 
    --ssl, turn on ssl encryption between server and client
    --skip-ssl, don'r turn on ssl or setup ssl even if it's supported
    --with-openssl, deprecated, synonym with --ssl
mysql-test/r/openssl_1.result:
  Update test results
mysql-test/t/openssl_1.test:
  Run this if server reports it has support for ssl
  Enable ssl before connecting
  Check that ssl encryption has been turned on
mysql-test/t/rpl_openssl.test:
  Run this if server reports it supports ssl
sql-common/client.c:
  Add DBUG_PRINT's
sql/mysqld.cc:
  If server can't accept ssl connection set have_openssl to SHOW_OPTION_DISABLED
  Add status variable to show if connection with server is using compressed protocol
sql/sql_show.cc:
  Add status variable to show if connection with server is using compressed protocol
sql/structs.h:
  Add status variable to show if connection with server is using compressed protocol
mysql-test/r/compress.result:
  New BitKeeper file ``mysql-test/r/compress.result''
mysql-test/r/ssl.result:
  New BitKeeper file ``mysql-test/r/ssl.result''
mysql-test/r/ssl_compress.result:
  New BitKeeper file ``mysql-test/r/ssl_compress.result''
mysql-test/t/compress.test:
  New BitKeeper file ``mysql-test/t/compress.test''
mysql-test/t/ssl.test:
  New BitKeeper file ``mysql-test/t/ssl.test''
mysql-test/t/ssl_compress.test:
  New BitKeeper file ``mysql-test/t/ssl_compress.test''
2005-10-04 15:43:55 +02:00
unknown
88cfe76251 OpenSSL tests added 2001-09-01 05:36:06 +08:00
unknown
5fb52a1901 SSL fixes 2001-09-01 05:18:01 +08:00