mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 12:32:27 +01:00
16115af97c
Fixed problem with LIKE with latin1_de Added parsing support of UNSIGNED LONG LONG Docs/manual.texi: Changelog client/client_priv.h: Changed to use my_global.h client/completion_hash.cc: Changed to use my_global.h client/errmsg.c: Changed to use my_global.h client/get_password.c: Changed to use my_global.h client/mysqldump.c: Changed to use my_global.h client/mysqlshow.c: Changed to use my_global.h client/mysqltest.c: Changed to use my_global.h client/password.c: Changed to use my_global.h client/readline.cc: Changed to use my_global.h client/sql_string.cc: Changed to use my_global.h client/thimble.cc: Changed to use my_global.h client/thread_test.c: Changed to use my_global.h dbug/dbug.c: Changed to use my_global.h dbug/dbug_analyze.c: Changed to use my_global.h dbug/example1.c: Changed to use my_global.h dbug/example2.c: Changed to use my_global.h dbug/example3.c: Changed to use my_global.h dbug/factorial.c: Changed to use my_global.h dbug/main.c: Changed to use my_global.h dbug/sanity.c: Changed to use my_global.h extra/comp_err.c: Changed to use my_global.h extra/my_print_defaults.c: Changed to use my_global.h extra/perror.c: Changed to use my_global.h extra/replace.c: Changed to use my_global.h extra/resolve_stack_dump.c: Changed to use my_global.h extra/resolveip.c: Changed to use my_global.h fs/libmysqlfs.h: Changed to use my_global.h fs/mysqlcorbafs.h: Changed to use my_global.h heap/hp_test1.c: Changed to use my_global.h include/Makefile.am: Changed to use my_global.h include/m_ctype.h: Changed to use my_global.h include/my_base.h: Changed to use my_global.h innobase/include/univ.i: Changed to use my_global.h libmysql/dll.c: Changed to use my_global.h libmysql/errmsg.c: Changed to use my_global.h libmysql/get_password.c: Changed to use my_global.h libmysql/libmysql.c: Changed to use my_global.h libmysql/net.c: Changed to use my_global.h libmysql/password.c: Changed to use my_global.h libmysqld/lib_sql.cc: Changed to use my_global.h libmysqld/lib_vio.c: Changed to use my_global.h libmysqld/libmysqld.c: Changed to use my_global.h mysql-test/mysql-test-run.sh: Changed to use latin1 as default character set mysql-test/r/ctype_latin1_de.result: Changed to use my_global.h mysql-test/r/func_like.result: New test mysql-test/t/ctype_latin1_de.test: Added test of part keys mysql-test/t/func_like.test: New test mysys/checksum.c: Changed to use my_global.h mysys/getopt.c: Changed to use my_global.h mysys/getopt1.c: Changed to use my_global.h mysys/make-conf.c: Changed to use my_global.h mysys/my_alloc.c: Changed to use my_global.h mysys/my_clock.c: Changed to use my_global.h mysys/my_compress.c: Changed to use my_global.h mysys/mysys_priv.h: Changed to use my_global.h mysys/test_charset.c: Changed to use my_global.h mysys/testhash.c: Changed to use my_global.h mysys/thr_alarm.c: Changed to use my_global.h mysys/thr_mutex.c: Changed to use my_global.h regex/debug.c: Changed to use my_global.h regex/main.c: Changed to use my_global.h regex/regcomp.c: Changed to use my_global.h regex/regerror.c: Changed to use my_global.h regex/regexec.c: Changed to use my_global.h regex/regexp.c: Changed to use my_global.h regex/regfree.c: Changed to use my_global.h regex/reginit.c: Changed to use my_global.h sql/cache_manager.cc: Changed to use my_global.h sql/gen_lex_hash.cc: Changed to use my_global.h sql/ha_berkeley.cc: Fixed problem with UNIQUE keys that could contain NULL sql/ha_gemini.h: Changed to use my_global.h sql/handler.cc: Fixed problem after merge sql/item.cc: Added Item_unit sql/item.h: Added Item_uint sql/matherr.c: Changed to use my_global.h sql/md5.c: Changed to use my_global.h sql/mini_client.cc: Changed to use my_global.h sql/my_lock.c: Changed to use my_global.h sql/mysql_priv.h: Changed to use my_global.h sql/net_serv.cc: Changed to use my_global.h sql/password.c: Changed to use my_global.h sql/sql_lex.cc: Added parsing support of UNSIGNED LONG LONG sql/sql_show.cc: Changed to use my_global.h sql/sql_string.cc: Changed to use my_global.h sql/sql_yacc.yy: Added usage of Int_uint sql/stacktrace.c: Changed to use my_global.h sql/udf_example.cc: Changed to use my_global.h strings/atof.c: Changed to use my_global.h strings/bchange.c: Changed to use my_global.h strings/bcmp.c: Changed to use my_global.h strings/bfill.c: Changed to use my_global.h strings/bmove.c: Changed to use my_global.h strings/bmove512.c: Changed to use my_global.h strings/bmove_upp.c: Changed to use my_global.h strings/ctype-big5.c: Changed to use my_global.h strings/ctype-czech.c: Changed to use my_global.h strings/ctype-euc_kr.c: Changed to use my_global.h strings/ctype-gb2312.c: Changed to use my_global.h strings/ctype-gbk.c: Changed to use my_global.h strings/ctype-latin1_de.c: Fixed problem with LIKE strings/ctype-sjis.c: Changed to use my_global.h strings/ctype-tis620.c: Changed to use my_global.h strings/ctype-ujis.c: Changed to use my_global.h strings/ctype.c: Changed to use my_global.h strings/do_ctype.c: Changed to use my_global.h strings/int2str.c: Changed to use my_global.h strings/is_prefix.c: Changed to use my_global.h strings/llstr.c: Changed to use my_global.h strings/longlong2str.c: Changed to use my_global.h strings/r_strinstr.c: Changed to use my_global.h strings/str2int.c: Changed to use my_global.h strings/str_test.c: Changed to use my_global.h strings/strappend.c: Changed to use my_global.h strings/strcend.c: Changed to use my_global.h strings/strcont.c: Changed to use my_global.h strings/strend.c: Changed to use my_global.h strings/strfill.c: Changed to use my_global.h strings/strings-not-used.h: Changed to use my_global.h strings/strinstr.c: Changed to use my_global.h strings/strmake.c: Changed to use my_global.h strings/strmov.c: Changed to use my_global.h strings/strnlen.c: Changed to use my_global.h strings/strnmov.c: Changed to use my_global.h strings/strstr.c: Changed to use my_global.h strings/strto.c: Changed to use my_global.h strings/strtol.c: Changed to use my_global.h strings/strtoll.c: Changed to use my_global.h strings/strtoul.c: Changed to use my_global.h strings/strtoull.c: Changed to use my_global.h strings/strxmov.c: Changed to use my_global.h strings/strxnmov.c: Changed to use my_global.h strings/udiv.c: Changed to use my_global.h tools/mysqlmanager.c: Changed to use my_global.h vio/test-ssl.c: Changed to use my_global.h vio/test-sslclient.c: Changed to use my_global.h vio/test-sslserver.c: Changed to use my_global.h vio/test-ssl: Changed to use my_global.h vio/vio.c: Changed to use my_global.h vio/viosocket.c: Changed to use my_global.h vio/viossl.c: Changed to use my_global.h vio/viosslfactories.c: Changed to use my_global.h vio/viotest-ssl.c: Changed to use my_global.h
350 lines
9.6 KiB
C
350 lines
9.6 KiB
C
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Library General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Library General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Library General Public
|
|
License along with this library; if not, write to the Free
|
|
Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
MA 02111-1307, USA */
|
|
|
|
|
|
#include <my_global.h>
|
|
|
|
#ifdef HAVE_OPENSSL
|
|
|
|
#include <my_sys.h>
|
|
#include <mysql_com.h>
|
|
#include <violite.h>
|
|
|
|
|
|
static bool ssl_algorithms_added = FALSE;
|
|
static bool ssl_error_strings_loaded= FALSE;
|
|
static int verify_depth = 0;
|
|
static int verify_error = X509_V_OK;
|
|
|
|
static unsigned char dh512_p[]={
|
|
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
|
|
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
|
|
0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
|
|
0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
|
|
0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
|
|
0x47,0x74,0xE8,0x33,
|
|
};
|
|
static unsigned char dh512_g[]={
|
|
0x02,
|
|
};
|
|
|
|
static DH *get_dh512(void)
|
|
{
|
|
DH *dh=NULL;
|
|
|
|
if ((dh=DH_new()) == NULL) return(NULL);
|
|
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
|
|
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
|
|
if ((dh->p == NULL) || (dh->g == NULL))
|
|
return(NULL);
|
|
return(dh);
|
|
}
|
|
|
|
static void
|
|
report_errors()
|
|
{
|
|
unsigned long l;
|
|
const char* file;
|
|
const char* data;
|
|
int line,flags;
|
|
|
|
DBUG_ENTER("report_errors");
|
|
|
|
while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
|
|
{
|
|
char buf[200];
|
|
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
|
|
file,line,(flags&ERR_TXT_STRING)?data:"")) ;
|
|
}
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
|
|
static int
|
|
vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
|
|
{
|
|
DBUG_ENTER("vio_set_cert_stuff");
|
|
DBUG_PRINT("enter", ("ctx=%p, cert_file=%s, key_file=%s",
|
|
ctx, cert_file, key_file));
|
|
if (cert_file != NULL)
|
|
{
|
|
if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <= 0)
|
|
{
|
|
DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file));
|
|
/* FIX stderr */
|
|
ERR_print_errors_fp(stderr);
|
|
DBUG_RETURN(0);
|
|
}
|
|
if (key_file == NULL)
|
|
key_file = cert_file;
|
|
if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
|
|
SSL_FILETYPE_PEM) <= 0)
|
|
{
|
|
DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file));
|
|
/* FIX stderr */
|
|
ERR_print_errors_fp(stderr);
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
/* If we are using DSA, we can copy the parameters from
|
|
* the private key */
|
|
/* Now we know that a key and cert have been set against
|
|
* the SSL context */
|
|
if (!SSL_CTX_check_private_key(ctx))
|
|
{
|
|
DBUG_PRINT("error", ("Private key does not match the certificate public key\n"));
|
|
DBUG_RETURN(0);
|
|
}
|
|
}
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
|
|
static int
|
|
vio_verify_callback(int ok, X509_STORE_CTX *ctx)
|
|
{
|
|
char buf[256];
|
|
X509* err_cert;
|
|
int err,depth;
|
|
|
|
DBUG_ENTER("vio_verify_callback");
|
|
DBUG_PRINT("enter", ("ok=%d, ctx=%p", ok, ctx));
|
|
err_cert=X509_STORE_CTX_get_current_cert(ctx);
|
|
err= X509_STORE_CTX_get_error(ctx);
|
|
depth= X509_STORE_CTX_get_error_depth(ctx);
|
|
|
|
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof(buf));
|
|
if (!ok)
|
|
{
|
|
DBUG_PRINT("error",("verify error:num=%d:%s\n",err,
|
|
X509_verify_cert_error_string(err)));
|
|
if (verify_depth >= depth)
|
|
{
|
|
ok=1;
|
|
verify_error=X509_V_OK;
|
|
}
|
|
else
|
|
{
|
|
ok=0;
|
|
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
|
|
}
|
|
}
|
|
switch (ctx->error) {
|
|
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
|
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
|
|
DBUG_PRINT("info",("issuer= %s\n",buf));
|
|
break;
|
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
|
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
|
DBUG_PRINT("error", ("notBefore"));
|
|
/*ASN1_TIME_print_fp(stderr,X509_get_notBefore(ctx->current_cert));*/
|
|
break;
|
|
case X509_V_ERR_CERT_HAS_EXPIRED:
|
|
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
|
DBUG_PRINT("error", ("notAfter error"));
|
|
/*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/
|
|
break;
|
|
}
|
|
DBUG_PRINT("exit", ("r=%d", ok));
|
|
DBUG_RETURN(ok);
|
|
}
|
|
|
|
|
|
/************************ VioSSLConnectorFd **********************************/
|
|
struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
|
|
const char* cert_file,
|
|
const char* ca_file,
|
|
const char* ca_path)
|
|
{
|
|
int verify = SSL_VERIFY_PEER;
|
|
struct st_VioSSLConnectorFd* ptr;
|
|
DH *dh=NULL;
|
|
DBUG_ENTER("new_VioSSLConnectorFd");
|
|
DBUG_PRINT("enter",
|
|
("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s",
|
|
key_file, cert_file, ca_path, ca_file));
|
|
ptr=(struct st_VioSSLConnectorFd*)my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0));
|
|
ptr->ssl_context_=0;
|
|
ptr->ssl_method_=0;
|
|
/* FIXME: constants! */
|
|
|
|
if (!ssl_algorithms_added)
|
|
{
|
|
DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
|
|
ssl_algorithms_added = TRUE;
|
|
OpenSSL_add_all_algorithms();
|
|
}
|
|
if (!ssl_error_strings_loaded)
|
|
{
|
|
DBUG_PRINT("info", ("todo:SSL_load_error_strings()"));
|
|
ssl_error_strings_loaded = TRUE;
|
|
SSL_load_error_strings();
|
|
}
|
|
ptr->ssl_method_ = TLSv1_client_method();
|
|
ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
|
|
DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_));
|
|
if (ptr->ssl_context_ == 0)
|
|
{
|
|
DBUG_PRINT("error", ("SSL_CTX_new failed"));
|
|
report_errors();
|
|
goto ctor_failure;
|
|
}
|
|
/*
|
|
* SSL_CTX_set_options
|
|
* SSL_CTX_set_info_callback
|
|
* SSL_CTX_set_cipher_list
|
|
*/
|
|
SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);
|
|
if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)
|
|
{
|
|
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
|
|
report_errors();
|
|
goto ctor_failure;
|
|
}
|
|
if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path)==0)
|
|
{
|
|
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
|
|
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0)
|
|
{
|
|
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
|
|
report_errors();
|
|
goto ctor_failure;
|
|
}
|
|
}
|
|
|
|
/* DH stuff */
|
|
dh=get_dh512();
|
|
SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh);
|
|
DH_free(dh);
|
|
|
|
/*if (cipher != NULL)
|
|
if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
|
|
BIO_printf(bio_err,"error setting cipher list\n");
|
|
ERR_print_errors(bio_err);
|
|
goto end;
|
|
}
|
|
*/
|
|
|
|
DBUG_RETURN(ptr);
|
|
ctor_failure:
|
|
DBUG_PRINT("exit", ("there was an error"));
|
|
my_free((gptr)ptr,MYF(0));
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
|
|
/************************ VioSSLAcceptorFd **********************************/
|
|
|
|
struct st_VioSSLAcceptorFd*
|
|
new_VioSSLAcceptorFd(const char* key_file,
|
|
const char* cert_file,
|
|
const char* ca_file,
|
|
const char* ca_path)
|
|
{
|
|
int verify = (SSL_VERIFY_PEER |
|
|
SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
|
|
SSL_VERIFY_CLIENT_ONCE);
|
|
|
|
struct st_VioSSLAcceptorFd* ptr;
|
|
DH *dh=NULL;
|
|
DBUG_ENTER("new_VioSSLAcceptorFd");
|
|
DBUG_PRINT("enter",
|
|
("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s",
|
|
key_file, cert_file, ca_path, ca_file));
|
|
|
|
ptr=(struct st_VioSSLAcceptorFd*)my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0));
|
|
ptr->ssl_context_=0;
|
|
ptr->ssl_method_=0;
|
|
/* FIXME: constants! */
|
|
ptr->session_id_context_ = ptr;
|
|
|
|
if (!ssl_algorithms_added)
|
|
{
|
|
DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
|
|
ssl_algorithms_added = TRUE;
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
}
|
|
if (!ssl_error_strings_loaded)
|
|
{
|
|
DBUG_PRINT("info", ("todo: SSL_load_error_strings()"));
|
|
ssl_error_strings_loaded = TRUE;
|
|
SSL_load_error_strings();
|
|
}
|
|
ptr->ssl_method_ = TLSv1_server_method();
|
|
ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
|
|
if (ptr->ssl_context_==0)
|
|
{
|
|
DBUG_PRINT("error", ("SSL_CTX_new failed"));
|
|
report_errors();
|
|
goto ctor_failure;
|
|
}
|
|
/*
|
|
* SSL_CTX_set_quiet_shutdown(ctx,1);
|
|
*
|
|
*/
|
|
SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128);
|
|
|
|
/* DH?
|
|
*/
|
|
SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback);
|
|
SSL_CTX_set_session_id_context(ptr->ssl_context_,(const uchar*)&(ptr->session_id_context_),sizeof(ptr->session_id_context_));
|
|
|
|
/*
|
|
* SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
|
|
*/
|
|
if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1)
|
|
{
|
|
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
|
|
report_errors();
|
|
goto ctor_failure;
|
|
}
|
|
if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path)==0)
|
|
{
|
|
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
|
|
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0)
|
|
{
|
|
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
|
|
report_errors();
|
|
goto ctor_failure;
|
|
}
|
|
}
|
|
/* DH stuff */
|
|
dh=get_dh512();
|
|
SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh);
|
|
DH_free(dh);
|
|
|
|
/*if (cipher != NULL)
|
|
if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
|
|
BIO_printf(bio_err,"error setting cipher list\n");
|
|
ERR_print_errors(bio_err);
|
|
goto end;
|
|
}
|
|
*/
|
|
|
|
DBUG_RETURN(ptr);
|
|
ctor_failure:
|
|
DBUG_PRINT("exit", ("there was an error"));
|
|
my_free((gptr)ptr,MYF(0));
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
|
|
#endif /* HAVE_OPENSSL */
|
|
|
|
|
|
|