It is already in libmariadb, and server (also that client in server)
does not need it.
It does not work in embedded either since it relies on non-blocking sockets
- Add new submodule for WolfSSL
- Build and use wolfssl and wolfcrypt instead of yassl/taocrypt
- Use HAVE_WOLFSSL instead of HAVE_YASSL
- Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc
(sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)
Fix is not to use blocking socket IO during SSL handshake.
With non-blocking socket IO, threadpool is able to utilize the wait
notification callbacks, that vio_io_wait() is calling whenever
socket would block.
- Fix win64 pointer truncation warnings
(usually coming from misusing 0x%lx and long cast in DBUG)
- Also fix printf-format warnings
Make the above mentioned warnings fatal.
- fix pthread_join on Windows to set return value.
* adjust viossl.c to take account the new code
(SSL_get_error is used now, cannot simply remap it)
* remove unnecessary version check
* update the test to 10.0
followup:
* explicitly disable SSLv2 and SSLv3, keep other protocols enabled
* fix a compiler warning
* rename the test and combinations to avoid confusion
vio/viossl.c:
fix a compiler warning
OPENSSL
Description: Specify preference to disable compression
while using OpenSSL library. OpenSSL uses
zlib compression by default which may
lead to some problems.
Main change is that non-blocking operation is now an option that must be
explicitly enabled with mysql_option(mysql, MYSQL_OPT_NONBLOCK, ...)
before any non-blocing operation can be used.
Also the CLIENT_REMEMBER_OPTIONS flag is now always enabled and thus
effectively ignored (it was not really useful anyway, and this simplifies
things when non-blocking mysql_real_connect() fails).
All client functions that can block on I/O have alternate _start() and
_cont() versions that do not block but return control back to the
application, which can then issue I/O wait in its own fashion and later
call back into the library to continue the operation.
Works behind the scenes by spawning a co-routine/fiber to run the
blocking operation and suspend it while waiting for I/O. This
co-routine/fiber use is invisible to applications.
For i368/x86_64 on GCC, uses very fast assembler co-routine support. On
Windows uses native Win32 Fibers. Falls back to POSIX ucontext on other
platforms. Assembler routines for more platforms are relatively easy to
add by extending mysys/my_context.c, eg. similar to the Lua lcoco
library.
For testing, mysqltest and mysql_client_test are extended with the
option --non-blocking-api. This causes the programs to use the
non-blocking API for database access. mysql-test-run.pl has a similar
option --non-blocking-api that uses this, as well as additional
testcases.
An example program tests/async_queries.c is included that uses the new
non-blocking API with libevent to show how, in a single-threaded
program, to issue many queries in parallel against a database.
client/async_example.c:
Fix const warning
******
Fix bug with wrong timeout value for poll().
include/Makefile.am:
Fix missing include for `make dist`
include/mysql.h:
Add prototypes for all non-blocking API calls.
include/mysql.h.pp:
Add prototypes for all non-blocking API calls.
mysys/my_context.c:
Fix type warning for makecontext() function pointer argument.
sql-common/mysql_async.c:
Fix crashes in the non-blocking API for functions that can take MYSQL argument
that is NULL.
tests/Makefile.am:
Add header file to `make dist`
tests/mysql_client_test.c:
Replace blocking calls with wrappers around the non-blocking calls, used in
mysql_client_test to test the new non-blocking API.
tests/nonblock-wrappers.h:
Replace blocking calls with wrappers around the non-blocking calls, used in
mysql_client_test to test the new non-blocking API.
SSL errors on client and now more specific to aid end-user
with debugging. Also restructures error handling for
compliance with SSL docs.
include/violite.h:
new_VioSSLConnectorFd/sslaccept/sslconnect return more elaborate status
libmysql/errmsg.c:
SSL errors now extended, more specific
mysql-test/r/openssl_1.result:
SSL errors now extended, more specific
sql-common/client.c:
Do more detailed error reporting for setup, connect, and
server cert verifying phases.
sql/sql_acl.cc:
sslaccept() signature has changed
vio/viossl.c:
Save the error code and return it to callers of sslaccept
and sslconnect.
vio/viosslfactories.c:
new_VioSSLConnectorFd(): return error code to caller
In order to allow thread schedulers to be dynamically loaded,
it is necessary to make the following changes to the server:
- Two new service interfaces
- Modifications to InnoDB to inform the thread scheduler of state changes.
- Changes to the VIO subsystem for checking if data is available on a socket.
- Elimination of remains of the old thread pool implementation.
The two new service interfaces introduces are:
my_thread_scheduler
A service interface to register a thread
scheduler.
thd_wait
A service interface to inform thread scheduler
that the thread is about to start waiting.
In addition, the patch adds code that:
- Add a call to thd_wait for table locks in mysys
thd_lock.c by introducing a set function that
can be used to set a callback to be used when
waiting on a lock and resuming from waiting.
- Calling the mysys set function from the server
to set the callbacks correctly.
Add some extra error output and code cleanup in an attempt to fix/debug
a rare random testsuite problem in check_warnings, where the exit code
from mysqltest is somehow corrupted inside mysql-test-run.pl.
include/my_global.h:
Fix compiler warnings on some platforms.
mysql-test/lib/My/SafeProcess.pm:
Move dereference of $? subprocess exit code closer to where it is generated,
to make the code more robust and on the chance that this will fix the
occasional problems in check_warnings we see in Buildbot.
mysql-test/mysql-test-run.pl:
When check_warnings failed, also log the mysqld server for which it failed.
sql/sql_lex.cc:
Fix compiler warning about possibly uninitialised value, by rewriting a for()
loop that is always executed at least once into a do .. while() loop with an
assert.
sql/table.cc:
Fix compiler warning about uninitialised value.
storage/federatedx/ha_federatedx.cc:
Fix uninitialised variable.
storage/maria/ma_delete.c:
Fix compiler warning about uninitialised value.
storage/maria/ma_loghandler.c:
Fix compiler warning about uninitialised value.
storage/myisam/ft_stopwords.c:
Fix compiler warning.
storage/myisam/mi_write.c:
Fix compiler warning about possibly uninitialised value, by rewriting a while()
loop that is always executed at least once into a do .. while() loop with an
assert.
storage/xtradb/btr/btr0cur.c:
Fix compiler warning about possibly uninitialised value.
support-files/compiler_warnings.supp:
Fix warning suppression to cover all cases in yassl.
vio/viossl.c:
Fix compiler warning.
Fixed bug in Yassle to get correct error messages in case of errors
Provide better error messages in case of ssl connect failure
Updated out-of-date ssl certificates to fix failing mysql-test-system (certificates now active for 10 years)
Fixed bug in query_cache that could cause asserts and hangs in DEBUG builds.
Fixed bug where one connection did not see changes done by another connection.
configure.in:
Changed version number from RC to stable
extra/yassl/src/yassl_error.cpp:
Fixed bug in Yassle to get correct error messages in case of errors
- 'error' is an enum that hold more error numbers than the enum was defined for
include/violite.h:
Added error output string for sslaccept() and sslconnect() to get reason for connect failure
mysql-test/mysql-test-run.pl:
Write failed test cases if mysql-test-run fails because of too many errors
mysql-test/r/grant.result:
Update results to reflect new certificates
mysql-test/r/openssl_1.result:
Update results to reflect new certificates
mysql-test/std_data/cacert.pem:
Update ssl certificate
mysql-test/std_data/client-cert.pem:
Update ssl certificate
mysql-test/std_data/client-key.pem:
Update ssl certificate
mysql-test/std_data/server-cert.pem:
Update ssl certificate
mysql-test/std_data/server-key.pem:
Update ssl certificate
mysql-test/t/grant.test:
Update test to reflect new certificates
mysql-test/t/openssl_1.test:
Update test to reflect new certificates
mysql-test/t/query_cache_debug.test:
Remove 'big_test' as test is now fast
sql-common/client.c:
Give a better error message if ssl connect fails
sql/net_serv.cc:
Fixed compiler warnings
sql/slave.cc:
Give a better error message in logs if ssl connect fails
sql/sql_cache.cc:
debug_wait_for_kill() now removes the set watch variable after kill signal
This is needed as invalidate_table() may be called twice for one query.
Ensure that net->query_cache_query is reset after query. This fixes assert in
query_cache_end_of_result() if query_cache_query holds results from previous query.
Removed DBUG_ASSERT(0), as this code can be run by query_cache_debug.test
sql/sql_connect.cc:
Give a better error message if ssl connect fails
sql/sql_parse.cc:
Fixed bug where one connection did not see changes done by another connection.
For statements that changes tables, close_thread_tables() MUST be called before
sending OK as a table handler may not make the changes available for other connections
before unlock_tables().
vio/viossl.c:
Give a better error message if ssl connect fails