mirror of
https://github.com/MariaDB/server.git
synced 2025-01-22 14:54:20 +01:00
9e6784924a
Fixed compile-pentium64 scripts Fixed wrong estimate of update_with_key_prefix in sql-bench Merge bk-internal.mysql.com:/home/bk/mysql-5.1 into mysql.com:/home/my/mysql-5.1 Fixed unsafe define of uint4korr() Fixed that --extern works with mysql-test-run.pl Small trivial cleanups This also fixes a bug in counting number of rows that are updated when we have many simultanous queries Move all connection handling and command exectuion main loop from sql_parse.cc to sql_connection.cc Split handle_one_connection() into reusable sub functions. Split create_new_thread() into reusable sub functions. Added thread_scheduler; Preliminary interface code for future thread_handling code. Use 'my_thread_id' for internal thread id's Make thr_alarm_kill() to depend on thread_id instead of thread Make thr_abort_locks_for_thread() depend on thread_id instead of thread In store_globals(), set my_thread_var->id to be thd->thread_id. Use my_thread_var->id as basis for my_thread_name() The above changes makes the connection we have between THD and threads more soft. Added a lot of DBUG_PRINT() and DBUG_ASSERT() functions Fixed compiler warnings Fixed core dumps when running with --debug Removed setting of signal masks (was never used) Made event code call pthread_exit() (portability fix) Fixed that event code doesn't call DBUG_xxx functions before my_thread_init() is called. Made handling of thread_id and thd->variables.pseudo_thread_id uniform. Removed one common 'not freed memory' warning from mysqltest Fixed a couple of usage of not initialized warnings (unlikely cases) Suppress compiler warnings from bdb and (for the moment) warnings from ndb BitKeeper/deleted/.del-SETUP.sh.rej: Rename: BUILD/SETUP.sh.rej -> BitKeeper/deleted/.del-SETUP.sh.rej BitKeeper/deleted/.del-configure.in.rej: Rename: configure.in.rej -> BitKeeper/deleted/.del-configure.in.rej BitKeeper/deleted/.del-my_global.h.rej: Rename: include/my_global.h.rej -> BitKeeper/deleted/.del-my_global.h.rej BitKeeper/deleted/.del-my_pthread.h.rej: Rename: include/my_pthread.h.rej -> BitKeeper/deleted/.del-my_pthread.h.rej BitKeeper/deleted/.del-mysql_client_test.c.rej: Rename: tests/mysql_client_test.c.rej -> BitKeeper/deleted/.del-mysql_client_test.c.rej BitKeeper/deleted/.del-mysqld.cc.rej~35c1c438e11ebd89: Rename: sql/mysqld.cc.rej -> BitKeeper/deleted/.del-mysqld.cc.rej~35c1c438e11ebd89 BitKeeper/deleted/.del-sql_parse.cc.rej: Rename: sql/sql_parse.cc.rej -> BitKeeper/deleted/.del-sql_parse.cc.rej BitKeeper/deleted/.del-table.cc.rej: Rename: sql/table.cc.rej -> BitKeeper/deleted/.del-table.cc.rej BitKeeper/deleted/.del-thr_alarm.c.rej: Rename: mysys/thr_alarm.c.rej -> BitKeeper/deleted/.del-thr_alarm.c.rej BUILD/compile-pentium64: Update this to be in line with compile-pentium BUILD/compile-pentium: Send command line options to SETUP.sh BUILD/compile-solaris-sparc-debug: Update scripts BUILD/compile-solaris-sparc-forte: Update scripts BUILD/compile-solaris-sparc-purify: Update scripts BUILD/compile-solaris-sparc: Update scripts BitKeeper/deleted/.del-DbtupSystemRestart.cpp~15b54d7e4e75d2d: Removed compiler warning BitKeeper/deleted/.del-ha_berkeley.cc: Moved get_auto_primary_key() here as int5store() gives (wrong) compiler warnings in win64 configure.in: Added detection of port_create and port.h (for future)as --- manual merge BitKeeper/deleted/.del-ha_berkeley.h: Moved get_auto_primary_key() to ha_berkeley.cc BitKeeper/deleted/.del-mysqlmanager.c~e97636d71145a0b: Fixed compiler warnings BitKeeper/etc/ignore: added storage/ndb/src/ndbapi/ndberror_check client/mysqlbinlog.cc: Removed not needed 'static' (caused compiler warning) client/mysqldump.c: Fixed compiler warnings from 'max' build client/mysqltest.c: Free warning and query memory no abort. (Removes strange warnings on screen if mysql-test-run fails) Removed compiler warnings Portability fix for windows (windows doesn't have mode_t) client/sql_string.h: Removed compiler warning cmd-line-utils/readline/xmalloc.c: Fixed compiler warnings from 'max' build extra/charset2html.c: Fixed compiler warnings extra/comp_err.c: Fixed compiler warnings from 'max' build extra/yassl/include/lock.hpp: Fix for windows64 extra/yassl/include/openssl/ssl.h: Changed prototype for SSL_set_fd() to fix compiler warnings (and possible errors) on windows 64 bit extra/yassl/include/socket_wrapper.hpp: Moved socket_t to ssl.h, to be able to removed compiler warnings on windows 64 bit extra/yassl/include/yassl.hpp: Fix for windows64 extra/yassl/src/ssl.cpp: Removed compiler warning Detect wrong parameter (Happens when running test suite on solaris) Changed prototype for SSL_set_fd() to fix compiler warnings (and possible errors) on windows 64 bit extra/yassl/taocrypt/src/integer.cpp: Fixed compiler warnings extra/yassl/testsuite/testsuite.cpp: Removed compiler warning include/config-win.h: Added HAVE_WINSOCK2 (for future) include/my_dbug.h: Fixed DBUG_PROCESS() so that we don't get compiler warnings for it include/my_global.h: Fixed unsafe define of uint4korr() manual merge (ignore changes from 5.0) Fixed warnings on win64 when using int5store and int6store include/my_pthread.h: Added my_thread_id typedef Renamed 'my_thread_id() function to my_thead_dbug_id() include/thr_alarm.h: Make thr_alarm_kill() to depend on thread_id instead of thread include/thr_lock.h: Make thr_abort_locks_for_thread() depend on thread_id instead of thread libmysql/libmysql.def: Fixed compiler warnings on win64 libmysqld/CMakeLists.txt: Added missing files libmysqld/Makefile.am: Added new files libmysqld/lib_sql.cc: Remove not needed code (store_globals() now takes care of things) mysql-test/lib/mtr_report.pl: Removed wrong messages when using --extern mysql-test/mysql-test-run.pl: Fixed that --extern works Print help on stdout instead of stderr (make it easier to pipe it to less) Fixed typo that caused mysql-test-run.pl to fail on Solaris mysql-test/r/keywords.result: manual merge mysql-test/r/ndb_lock.result: After merge fixes mysql-test/r/ps.result: Portability fix mysql-test/t/disabled.def: Disabled ndb_alter_table as this very often fails for me (and have done it for a long time) mysql-test/t/keywords.test: manual merge mysql-test/t/ndb_lock.test: Added other possible error code mysql-test/t/ps.test: Portability fix (when compiling without DLOPEN) mysql-test/t/wait_timeout.test: Don't run this if we are not using a thread per connection (as other thread_handling code may not support timeouts) mysys/base64.c: Fixed compiler warnings on win64 mysys/mf_keycache.c: Fixed compiler warnings mysys/my_getopt.c: Fixed compiler warning mysys/my_init.c: Fixed compiler warning Re-indented long comment mysys/my_thr_init.c: Always use mysys_var->id to generate thread name (makes things uniform accross thread implementations and thread usage) Always generate my_thread_name() when using DBUG Ensure mysys_var->pthread_self is set Fixed compiler warnings mysys/ptr_cmp.c: Fixed compiler warnings from 'max' build mysys/thr_alarm.c: Change thr_alarm_kill() to use mysys_var->id instead of thread id Fixed compiler warning on windows mysys/thr_lock.c: Change thr_abort_locks_for_thread() to use mysys_var->id instead of thread id Add purecov statements around not tested code Fixed compiler warnings mysys/thr_mutex.c: my_thread_id() -> my_thread_dbug_id() server-tools/instance-manager/guardian.cc: Fixed compiler warning server-tools/instance-manager/instance.cc: Fixed compiler warning server-tools/instance-manager/mysql_connection.cc: Fixed compiler warnings server-tools/instance-manager/mysqlmanager.cc: Fixed compiler warnings sql/CMakeLists.txt: Added missing files sql/Makefile.am: Added new files sql/event_scheduler.cc: Added pthread_exit() calls Ensure DBUG_xxx calls are not made before my_thread_init() Use common functions to set up thread handling sql/field.h: manual merge sql/ha_ndbcluster.cc: Removed some trivial 'current_thd' calls sql/handler.cc: Avoid warnings on KILL_CONNECTION Don't print out null pointer with printf() (Causes crashes on Solaris) sql/item.cc: Fixed compiler warnings from 'max' build sql/item_cmpfunc.cc: After merge fixes sql/item_func.cc: Merge embedded and normal code usage (GET_LOCK, RELEASE_LOCK now works on my_thread_id instead of pthread_t) Fixed compiler warning sql/item_strfunc.cc: Fixed compiler warning sql/item_timefunc.cc: Fixed compiler warnings sql/lock.cc: Use (new) parameter to thr_abort_locks_for_thread() sql/log.cc: Fixed compiler warning sql/log_event.cc: Fixed compiler warnings about not used variable sql/mysql_priv.h: Remove TEST_NO_THREADS (not needed with new scheduler interface) Added functions from sql_connect.cc and new functions from sql_parse.cc sql/mysqld.cc: Use thread_scheduler structure to dispatch calls (make code more dynamic) Change --one-thread option to use thread_scheduler interface Made ONE_THREAD option independent of DBUG_BUILD --one-thread is now depricated. One should instead use '--thread-handling=no-threads' Remove not used uname() function. Split create_new_thread() into reusable sub functions. Preliminary interface code for future thread_handling code. Fixed compiler warnings sql/parse_file.cc: Don't send zero pointer to fn_format() (Causes crashes when using --debug) sql/repl_failsafe.cc: Setup pseudo_thread_id same way as other code sql/set_var.cc: Added variables 'thread_handling' Prepare for future variable 'thread_pool_size' Fixed compiler warnings sql/set_var.h: Fixed compiler warning sql/slave.cc: Setup pseudo_thread_id same way as other code Removed not used signal mask sql/sql_acl.cc: Fixed compiler warnings from 'max' build sql/sql_base.cc: Fixed long comments Normalized variable setup Don't destroy value of thd->variables.pseduo_thread_id More DBUG_PRINT()'s More DBUG_ASSERT()'s Fixed compiler warnings from 'max' build sql/sql_class.cc: Remove thd->real_id and thd->dbug_thread_id Added DBUG_ASSERT() Use thread_scheduler to signal threads to be killed. In THD::store_globals(), set my_thread_var->id to be thd->thread_id. Fixed compiler warnings sql/sql_class.h: Use 'my_thread_id' for internal thread id's Remove not needed THD elements: block_signals and dbug_thread_id Added 'thread_scheduler' scheduling extension element to THD sql/sql_insert.cc: After merge fixes (This actually fixes a bug in old code when many connections are in use) Setup pseudo_thread_id same way as other code Removed not used signal mask Initialize variable that may be used unitialized on error conditions (not fatal) sql/sql_parse.cc: Move connection related code to sql_connect.cc Remove setting of signal mask (not needed) Ensure TABLE_LIST->alias is set for generated TABLE_LIST elements (fixed core dumps when running with --debug) Added previous 'optional' element to reset_mgh() Removed not needed DBUG_PRINT call sql/sql_partition.cc: Fixed compiler warnings sql/sql_prepare.cc: Removed not needed casts Fixed compiler warnings from 'max' build sql/sql_select.cc: Fixed compiler warnings sql-bench/bench-init.pl.sh: Added --one-missing-tests sql-bench/example: Better example sql-bench/run-all-tests.sh: Added --only-missing-tests sql-bench/test-insert.sh: Fixed wrong estimate of update_with_key_prefix sql/sql_show.cc: Don't send pthread_kill() to threads to detect if they exists. (Not that useful and causes problems with future thread_handling code) Fixed compiler warnings sql/sql_table.cc: Simplify code Fixed compiler warnings sql/sql_test.cc: Remove dbug_thread_id from test output sql/sql_view.cc: Don't send zero pointer to fn_format() sql/tztime.cc: Fixed compiler warning sql/udf_example.def: Fixed compiler warnings on win64 sql/unireg.cc: Initialize variable that may be used unitialized on error conditions storage/archive/archive_test.c: Fixed compiler warnings storage/archive/azio.c: Fixed compiler warnings storage/innobase/dict/dict0crea.c: Fixed compiler warnings detected on windows64 storage/innobase/dict/dict0dict.c: Fixed compiler warnings detected on windows64 storage/innobase/dict/dict0load.c: Fixed compiler warnings detected on windows64 storage/innobase/dict/dict0mem.c: Fixed compiler warnings detected on windows64 storage/innobase/eval/eval0proc.c: Fixed compiler warnings detected on windows64 storage/innobase/handler/ha_innodb.cc: Fixed compiler warnings detected on windows64 storage/innobase/include/ut0byte.ic: Fixed compiler warnings on win64 storage/innobase/include/ut0ut.ic: Fixed compiler warnings on win64 storage/innobase/mtr/mtr0log.c: Fixed compiler warnings detected on windows64 storage/innobase/pars/pars0lex.l: Fixed warnings on win64 storage/innobase/rem/rem0cmp.c: Fixed compiler warnings detected on windows64 storage/innobase/row/row0mysql.c: Fixed compiler warnings detected on windows64 storage/innobase/row/row0sel.c: Fixed compiler warnings detected on windows64 storage/innobase/sync/sync0rw.c: Fixed compiler warnings detected on windows64 storage/innobase/trx/trx0trx.c: Fixed compiler warnings detected on windows64 storage/myisam/mi_log.c: my_thread_id() -> my_thread_debug_id() storage/myisam/mi_packrec.c: Fixed compiler warnings detected on windows64 storage/myisam/myisamchk.c: Fixed compiler warnings from 'max' build storage/ndb/src/common/debugger/EventLogger.cpp: Fixed compiler warnings storage/ndb/src/common/util/ConfigValues.cpp: Removed compiler warnings storage/ndb/src/common/util/NdbSqlUtil.cpp: Removed compiler warnings storage/ndb/src/cw/cpcd/CPCD.hpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/backup/Backup.cpp: Fixed compiler warnings detected on windows64 storage/ndb/src/kernel/blocks/dbacc/Dbacc.hpp: Fixed compiler warnings detected on windows64 storage/ndb/src/kernel/blocks/dbacc/DbaccMain.cpp: Fixed compiler warnings detected on windows64 storage/ndb/src/kernel/blocks/dbdict/Dbdict.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbdict/Dbdict.hpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbdih/DbdihMain.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dblqh/DblqhMain.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtc/DbtcMain.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/Dbtup.hpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupDiskAlloc.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupExecQuery.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupFixAlloc.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupMeta.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupRoutines.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupScan.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/DbtupVarAlloc.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/tuppage.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtup/tuppage.hpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/dbtux/DbtuxStat.cpp: Fixed compiler warnings storage/ndb/src/kernel/blocks/diskpage.hpp: Fixed compiler warnings storage/ndb/src/kernel/vm/ndbd_malloc.cpp: Fixed compiler warnings storage/ndb/src/kernel/vm/ndbd_malloc_impl.cpp: Fixed compiler warnings storage/ndb/src/mgmclient/main.cpp: Fixed compiler warnings storage/ndb/src/ndbapi/NdbEventOperationImpl.cpp: Fixed compiler warnings storage/ndb/src/ndbapi/NdbOperationExec.cpp: Fixed compiler warnings storage/ndb/src/ndbapi/SignalSender.cpp: Fixed compiler warnings storage/ndb/tools/restore/consumer_restore.cpp: Fixed compiler warnings strings/ctype-ucs2.c: Fixed compiler warnings strings/ctype-utf8.c: Fixed compiler warnings strings/decimal.c: Fixed compiler warnings strings/my_strchr.c: Fixed conflict between function and prototype support-files/compiler_warnings.supp: Ignore warnings from sql_yacc.cc that are hard to remove Ignore some not important warnings from windows 64 bit build Suppress warnings from bdb and (for the moment) warnings from ndb Suppress all warnings for all pushbuild platforms (should make all trees green) vio/viosslfactories.c: Added DBUG_PRINT BUILD/compile-pentium64-max: New BitKeeper file ``BUILD/compile-pentium64-max'' libmysqld/scheduler.cc: New BitKeeper file ``libmysqld/scheduler.cc'' libmysqld/sql_connect.cc: New BitKeeper file ``libmysqld/sql_connect.cc'' mysql-test/include/one_thread_per_connection.inc: New BitKeeper file ``mysql-test/include/one_thread_per_connection.inc'' mysql-test/r/no-threads.result: New BitKeeper file ``mysql-test/r/no-threads.result'' mysql-test/r/one_thread_per_connection.require: New BitKeeper file ``mysql-test/r/one_thread_per_connection.require'' mysql-test/t/no-threads-master.opt: New BitKeeper file ``mysql-test/t/no-threads-master.opt'' mysql-test/t/no-threads.test: New BitKeeper file ``mysql-test/t/no-threads.test'' sql/scheduler.cc: New BitKeeper file ``sql/scheduler.cc'' sql/scheduler.h: New BitKeeper file ``sql/scheduler.h'' sql/sql_connect.cc: New BitKeeper file ``sql/sql_connect.cc''
370 lines
9.9 KiB
C
370 lines
9.9 KiB
C
/* Copyright (C) 2000 MySQL AB
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
|
|
|
#include "vio_priv.h"
|
|
|
|
#ifdef HAVE_OPENSSL
|
|
|
|
static bool ssl_algorithms_added = FALSE;
|
|
static bool ssl_error_strings_loaded= FALSE;
|
|
static int verify_depth = 0;
|
|
|
|
static unsigned char dh512_p[]=
|
|
{
|
|
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
|
|
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
|
|
0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
|
|
0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
|
|
0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
|
|
0x47,0x74,0xE8,0x33,
|
|
};
|
|
|
|
static unsigned char dh512_g[]={
|
|
0x02,
|
|
};
|
|
|
|
static DH *get_dh512(void)
|
|
{
|
|
DH *dh;
|
|
if ((dh=DH_new()))
|
|
{
|
|
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
|
|
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
|
|
if (! dh->p || ! dh->g)
|
|
{
|
|
DH_free(dh);
|
|
dh=0;
|
|
}
|
|
}
|
|
return(dh);
|
|
}
|
|
|
|
|
|
static void
|
|
report_errors()
|
|
{
|
|
unsigned long l;
|
|
const char* file;
|
|
const char* data;
|
|
int line,flags;
|
|
|
|
DBUG_ENTER("report_errors");
|
|
|
|
while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
|
|
{
|
|
#ifndef DBUG_OFF /* Avoid warning */
|
|
char buf[200];
|
|
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
|
|
file,line,(flags & ERR_TXT_STRING) ? data : "")) ;
|
|
#endif
|
|
}
|
|
DBUG_VOID_RETURN;
|
|
}
|
|
|
|
|
|
static int
|
|
vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
|
|
{
|
|
DBUG_ENTER("vio_set_cert_stuff");
|
|
DBUG_PRINT("enter", ("ctx: 0x%lx cert_file: %s key_file: %s",
|
|
(long) ctx, cert_file, key_file));
|
|
if (cert_file)
|
|
{
|
|
if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
|
|
{
|
|
DBUG_PRINT("error",("unable to get certificate from '%s'", cert_file));
|
|
DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
|
|
fprintf(stderr, "SSL error: Unable to get certificate from '%s'\n",
|
|
cert_file);
|
|
fflush(stderr);
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
if (!key_file)
|
|
key_file= cert_file;
|
|
|
|
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0)
|
|
{
|
|
DBUG_PRINT("error", ("unable to get private key from '%s'", key_file));
|
|
DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
|
|
fprintf(stderr, "SSL error: Unable to get private key from '%s'\n",
|
|
key_file);
|
|
fflush(stderr);
|
|
DBUG_RETURN(1);
|
|
}
|
|
|
|
/*
|
|
If we are using DSA, we can copy the parameters from the private key
|
|
Now we know that a key and cert have been set against the SSL context
|
|
*/
|
|
if (!SSL_CTX_check_private_key(ctx))
|
|
{
|
|
DBUG_PRINT("error",
|
|
("Private key does not match the certificate public key"));
|
|
DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
|
|
fprintf(stderr,
|
|
"SSL error: "
|
|
"Private key does not match the certificate public key\n");
|
|
fflush(stderr);
|
|
DBUG_RETURN(1);
|
|
}
|
|
}
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
|
|
static int
|
|
vio_verify_callback(int ok, X509_STORE_CTX *ctx)
|
|
{
|
|
char buf[256];
|
|
X509 *err_cert;
|
|
|
|
DBUG_ENTER("vio_verify_callback");
|
|
DBUG_PRINT("enter", ("ok: %d ctx: 0x%lx", ok, (long) ctx));
|
|
|
|
err_cert= X509_STORE_CTX_get_current_cert(ctx);
|
|
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
|
|
DBUG_PRINT("info", ("cert: %s", buf));
|
|
if (!ok)
|
|
{
|
|
int err, depth;
|
|
err= X509_STORE_CTX_get_error(ctx);
|
|
depth= X509_STORE_CTX_get_error_depth(ctx);
|
|
|
|
DBUG_PRINT("error",("verify error: %d '%s'",err,
|
|
X509_verify_cert_error_string(err)));
|
|
/*
|
|
Approve cert if depth is greater then "verify_depth", currently
|
|
verify_depth is always 0 and there is no way to increase it.
|
|
*/
|
|
if (verify_depth >= depth)
|
|
ok= 1;
|
|
}
|
|
switch (ctx->error)
|
|
{
|
|
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
|
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
|
|
DBUG_PRINT("info",("issuer= %s\n", buf));
|
|
break;
|
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
|
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
|
DBUG_PRINT("error", ("notBefore"));
|
|
/*ASN1_TIME_print_fp(stderr,X509_get_notBefore(ctx->current_cert));*/
|
|
break;
|
|
case X509_V_ERR_CERT_HAS_EXPIRED:
|
|
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
|
DBUG_PRINT("error", ("notAfter error"));
|
|
/*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/
|
|
break;
|
|
}
|
|
DBUG_PRINT("exit", ("%d", ok));
|
|
DBUG_RETURN(ok);
|
|
}
|
|
|
|
|
|
#ifdef __NETWARE__
|
|
|
|
/* NetWare SSL cleanup */
|
|
void netware_ssl_cleanup()
|
|
{
|
|
/* free memory from SSL_library_init() */
|
|
EVP_cleanup();
|
|
|
|
/* OpenSSL NetWare port specific functions */
|
|
#ifndef HAVE_YASSL
|
|
|
|
/* free global X509 method */
|
|
X509_STORE_method_cleanup();
|
|
|
|
/* free the thread_hash error table */
|
|
ERR_free_state_table();
|
|
#endif
|
|
}
|
|
|
|
|
|
/* NetWare SSL initialization */
|
|
static void netware_ssl_init()
|
|
{
|
|
/* cleanup OpenSSL library */
|
|
NXVmRegisterExitHandler(netware_ssl_cleanup, NULL);
|
|
}
|
|
|
|
#endif /* __NETWARE__ */
|
|
|
|
|
|
static void check_ssl_init()
|
|
{
|
|
if (!ssl_algorithms_added)
|
|
{
|
|
ssl_algorithms_added= TRUE;
|
|
SSL_library_init();
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
}
|
|
|
|
#ifdef __NETWARE__
|
|
netware_ssl_init();
|
|
#endif
|
|
|
|
if (!ssl_error_strings_loaded)
|
|
{
|
|
ssl_error_strings_loaded= TRUE;
|
|
SSL_load_error_strings();
|
|
}
|
|
}
|
|
|
|
/************************ VioSSLFd **********************************/
|
|
static struct st_VioSSLFd *
|
|
new_VioSSLFd(const char *key_file, const char *cert_file,
|
|
const char *ca_file, const char *ca_path,
|
|
const char *cipher, SSL_METHOD *method)
|
|
{
|
|
DH *dh;
|
|
struct st_VioSSLFd *ssl_fd;
|
|
DBUG_ENTER("new_VioSSLFd");
|
|
DBUG_PRINT("enter",
|
|
("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' "
|
|
"cipher: '%s'",
|
|
key_file ? key_file : "NULL",
|
|
cert_file ? cert_file : "NULL",
|
|
ca_file ? ca_file : "NULL",
|
|
ca_path ? ca_path : "NULL",
|
|
cipher ? cipher : "NULL"));
|
|
|
|
check_ssl_init();
|
|
|
|
if (!(ssl_fd= ((struct st_VioSSLFd*)
|
|
my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
|
|
DBUG_RETURN(0);
|
|
|
|
if (!(ssl_fd->ssl_context= SSL_CTX_new(method)))
|
|
{
|
|
DBUG_PRINT("error", ("SSL_CTX_new failed"));
|
|
report_errors();
|
|
my_free((void*)ssl_fd,MYF(0));
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
/* Set the ciphers that can be used */
|
|
if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher))
|
|
{
|
|
DBUG_PRINT("error", ("failed to set ciphers to use"));
|
|
report_errors();
|
|
SSL_CTX_free(ssl_fd->ssl_context);
|
|
my_free((void*)ssl_fd,MYF(0));
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
/* Load certs from the trusted ca */
|
|
if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0)
|
|
{
|
|
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
|
|
if (SSL_CTX_set_default_verify_paths(ssl_fd->ssl_context) == 0)
|
|
{
|
|
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
|
|
report_errors();
|
|
SSL_CTX_free(ssl_fd->ssl_context);
|
|
my_free((void*)ssl_fd,MYF(0));
|
|
DBUG_RETURN(0);
|
|
}
|
|
}
|
|
|
|
if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file))
|
|
{
|
|
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
|
|
report_errors();
|
|
SSL_CTX_free(ssl_fd->ssl_context);
|
|
my_free((void*)ssl_fd,MYF(0));
|
|
DBUG_RETURN(0);
|
|
}
|
|
|
|
/* DH stuff */
|
|
dh=get_dh512();
|
|
SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
|
|
DH_free(dh);
|
|
|
|
DBUG_PRINT("exit", ("OK 1"));
|
|
|
|
DBUG_RETURN(ssl_fd);
|
|
}
|
|
|
|
|
|
/************************ VioSSLConnectorFd **********************************/
|
|
struct st_VioSSLFd *
|
|
new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
|
|
const char *ca_file, const char *ca_path,
|
|
const char *cipher)
|
|
{
|
|
struct st_VioSSLFd *ssl_fd;
|
|
int verify= SSL_VERIFY_PEER;
|
|
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
|
|
ca_path, cipher, TLSv1_client_method())))
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Init the VioSSLFd as a "connector" ie. the client side */
|
|
|
|
/*
|
|
The verify_callback function is used to control the behaviour
|
|
when the SSL_VERIFY_PEER flag is set.
|
|
*/
|
|
SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback);
|
|
|
|
return ssl_fd;
|
|
}
|
|
|
|
|
|
/************************ VioSSLAcceptorFd **********************************/
|
|
struct st_VioSSLFd *
|
|
new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
|
|
const char *ca_file, const char *ca_path,
|
|
const char *cipher)
|
|
{
|
|
struct st_VioSSLFd *ssl_fd;
|
|
int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
|
|
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
|
|
ca_path, cipher, TLSv1_server_method())))
|
|
{
|
|
return 0;
|
|
}
|
|
/* Init the the VioSSLFd as a "acceptor" ie. the server side */
|
|
|
|
/* Set max number of cached sessions, returns the previous size */
|
|
SSL_CTX_sess_set_cache_size(ssl_fd->ssl_context, 128);
|
|
|
|
/*
|
|
The verify_callback function is used to control the behaviour
|
|
when the SSL_VERIFY_PEER flag is set.
|
|
*/
|
|
SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback);
|
|
|
|
/*
|
|
Set session_id - an identifier for this server session
|
|
Use the ssl_fd pointer
|
|
*/
|
|
SSL_CTX_set_session_id_context(ssl_fd->ssl_context,
|
|
(const unsigned char *)ssl_fd,
|
|
sizeof(ssl_fd));
|
|
|
|
return ssl_fd;
|
|
}
|
|
|
|
void free_vio_ssl_acceptor_fd(struct st_VioSSLFd *fd)
|
|
{
|
|
SSL_CTX_free(fd->ssl_context);
|
|
my_free((gptr) fd, MYF(0));
|
|
}
|
|
#endif /* HAVE_OPENSSL */
|