From aa3abd155006319f4c2bcdcbd119eac3cc89b977 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Fri, 10 Mar 2006 16:41:14 +0100 Subject: [PATCH 01/53] Cleanup SSL implementation Remove duplicate code Merge common functions Enforce MySQL coding standard --- include/violite.h | 21 +-- sql-common/client.c | 106 ++++++++++--- sql/mysql_priv.h | 2 +- sql/mysqld.cc | 7 +- sql/sql_acl.cc | 4 +- vio/vio.c | 16 +- vio/vio_priv.h | 20 +-- vio/viossl.c | 342 ++++++++++++------------------------------ vio/viosslfactories.c | 307 ++++++++++++++++--------------------- 9 files changed, 336 insertions(+), 489 deletions(-) diff --git a/include/violite.h b/include/violite.h index b48f3724f5b..b2a5f1640a5 100644 --- a/include/violite.h +++ b/include/violite.h @@ -105,33 +105,22 @@ void vio_timeout(Vio *vio,uint which, uint timeout); #include #include -struct st_VioSSLAcceptorFd +struct st_VioSSLFd { SSL_CTX *ssl_context; - SSL_METHOD *ssl_method; - struct st_VioSSLAcceptorFd *session_id_context; }; -/* One copy for client */ -struct st_VioSSLConnectorFd -{ - SSL_CTX *ssl_context; - /* function pointers which are only once for SSL client */ - SSL_METHOD *ssl_method; -}; +int sslaccept(struct st_VioSSLFd*, Vio *, long timeout); +int sslconnect(struct st_VioSSLFd*, Vio *, long timeout); -int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout); -int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout); - -struct st_VioSSLConnectorFd +struct st_VioSSLFd *new_VioSSLConnectorFd(const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher); -struct st_VioSSLAcceptorFd +struct st_VioSSLFd *new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, const char *ca_file,const char *ca_path, const char *cipher); -Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state); #endif /* HAVE_OPENSSL */ #ifdef HAVE_SMEM diff --git a/sql-common/client.c b/sql-common/client.c index 2d826df0662..21eb58adf01 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1514,8 +1514,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) , static void mysql_ssl_free(MYSQL *mysql __attribute__((unused))) { - struct st_VioSSLConnectorFd *st= - (struct st_VioSSLConnectorFd*) mysql->connector_fd; + struct st_VioSSLFd *ssl_fd= (struct st_VioSSLFd*) mysql->connector_fd; DBUG_ENTER("mysql_ssl_free"); my_free(mysql->options.ssl_key, MYF(MY_ALLOW_ZERO_PTR)); @@ -1523,8 +1522,8 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused))) my_free(mysql->options.ssl_ca, MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->options.ssl_capath, MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->options.ssl_cipher, MYF(MY_ALLOW_ZERO_PTR)); - if (st) - SSL_CTX_free(st->ssl_context); + if (ssl_fd) + SSL_CTX_free(ssl_fd->ssl_context); my_free(mysql->connector_fd,MYF(MY_ALLOW_ZERO_PTR)); mysql->options.ssl_key = 0; mysql->options.ssl_cert = 0; @@ -1568,6 +1567,63 @@ static MYSQL_METHODS client_methods= #endif }; +int ssl_verify_server_cert(Vio *vio, const char* server_host) +{ + SSL *ssl; + X509 *server_cert; + char *cp1, *cp2; + char buf[256]; + DBUG_ENTER("ssl_verify_server_cert"); + DBUG_PRINT("enter", ("server_host: %s", server_host)); + + if (!(ssl= (SSL*)vio->ssl_arg)) + { + DBUG_PRINT("error", ("No SSL pointer found")); + return 1; + } + + if (!server_host) + { + DBUG_PRINT("error", ("No server hostname supplied")); + return 1; + } + + if (!(server_cert= SSL_get_peer_certificate(ssl))) + { + DBUG_PRINT("error", ("Could not get server certificate")); + return 1; + } + + /* + We already know that the certificate exchanged was valid; the SSL library + handled that. Now we need to verify that the contents of the certificate + are what we expect. + */ + + X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); + X509_free (server_cert); + +// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing + + DBUG_PRINT("info", ("hostname in cert: %s", buf)); + cp1 = strstr(buf, "/CN="); + if (cp1) + { + cp1 += 4; // Skip the "/CN=" that we found + cp2 = strchr(cp1, '/'); + if (cp2) + *cp2 = '\0'; + DBUG_PRINT("info", ("Server hostname in cert: ", cp1)); + if (!strcmp(cp1, server_host)) + { + /* Success */ + DBUG_RETURN(0); + } + } + DBUG_PRINT("error", ("SSL certificate validation failure")); + DBUG_RETURN(1); +} + MYSQL * CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, @@ -2013,37 +2069,53 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, mysql->client_flag=client_flag; #ifdef HAVE_OPENSSL - /* - Oops.. are we careful enough to not send ANY information without - encryption? - */ if (client_flag & CLIENT_SSL) { + /* Do the SSL layering. */ struct st_mysql_options *options= &mysql->options; + struct st_VioSSLFd *ssl_fd; + + /* + Send client_flag, max_packet_size - unencrypted otherwise + the server does not know we want to do SSL + */ if (my_net_write(net,buff,(uint) (end-buff)) || net_flush(net)) { set_mysql_error(mysql, CR_SERVER_LOST, unknown_sqlstate); goto error; } - /* Do the SSL layering. */ - if (!(mysql->connector_fd= - (gptr) new_VioSSLConnectorFd(options->ssl_key, - options->ssl_cert, - options->ssl_ca, - options->ssl_capath, - options->ssl_cipher))) + + /* Create the VioSSLConnectorFd - init SSL and load certs */ + if (!(ssl_fd= new_VioSSLConnectorFd(options->ssl_key, + options->ssl_cert, + options->ssl_ca, + options->ssl_capath, + options->ssl_cipher))) { set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); goto error; } + mysql->connector_fd= (void*)ssl_fd; + + /* Connect to the server */ DBUG_PRINT("info", ("IO layer change in progress...")); - if (sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd), - mysql->net.vio, (long) (mysql->options.connect_timeout))) + if (sslconnect(ssl_fd, mysql->net.vio, + (long) (mysql->options.connect_timeout))) { set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); goto error; } DBUG_PRINT("info", ("IO layer change done!")); + +#if 0 + /* Verify server cert */ + if (mysql->options.ssl_verify_cert && + ssl_verify_server_cert(mysql->net.vio, mysql->host)) + { + set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); + goto error; + } +#endif } #endif /* HAVE_OPENSSL */ diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h index 2c817ae54c2..dfb5d6d22cc 100644 --- a/sql/mysql_priv.h +++ b/sql/mysql_priv.h @@ -1258,7 +1258,7 @@ extern pthread_t signal_thread; #endif #ifdef HAVE_OPENSSL -extern struct st_VioSSLAcceptorFd * ssl_acceptor_fd; +extern struct st_VioSSLFd * ssl_acceptor_fd; #endif /* HAVE_OPENSSL */ MYSQL_LOCK *mysql_lock_tables(THD *thd, TABLE **table, uint count, diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 37a135fa063..e0be383a9ad 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -599,7 +599,7 @@ static void openssl_lock(int, openssl_lock_t *, const char *, int); static unsigned long openssl_id_function(); #endif char *des_key_file; -struct st_VioSSLAcceptorFd *ssl_acceptor_fd; +struct st_VioSSLFd *ssl_acceptor_fd; #endif /* HAVE_OPENSSL */ @@ -1110,7 +1110,10 @@ void clean_up(bool print_message) #endif #ifdef HAVE_OPENSSL if (ssl_acceptor_fd) - my_free((gptr) ssl_acceptor_fd, MYF(MY_ALLOW_ZERO_PTR)); + { + SSL_CTX_free(ssl_acceptor_fd->ssl_context); + my_free((gptr) ssl_acceptor_fd, MYF(0)); + } #endif /* HAVE_OPENSSL */ #ifdef USE_REGEX my_regex_end(); diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 88c3c86aacb..28d9fe0c532 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -858,8 +858,8 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, if (acl_user->x509_issuer) { DBUG_PRINT("info",("checkpoint 3")); - char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); - DBUG_PRINT("info",("comparing issuers: '%s' and '%s'", + char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); + DBUG_PRINT("info",("comparing issuers: '%s' and '%s'", acl_user->x509_issuer, ptr)); if (strcmp(acl_user->x509_issuer, ptr)) { diff --git a/vio/vio.c b/vio/vio.c index bc286b2d2bb..21a824a4016 100644 --- a/vio/vio.c +++ b/vio/vio.c @@ -88,19 +88,19 @@ static void vio_init(Vio* vio, enum enum_vio_type type, if (type == VIO_TYPE_SSL) { vio->viodelete =vio_delete; - vio->vioerrno =vio_ssl_errno; + vio->vioerrno =vio_errno; vio->read =vio_ssl_read; vio->write =vio_ssl_write; - vio->fastsend =vio_ssl_fastsend; - vio->viokeepalive =vio_ssl_keepalive; - vio->should_retry =vio_ssl_should_retry; - vio->was_interrupted=vio_ssl_was_interrupted; + vio->fastsend =vio_fastsend; + vio->viokeepalive =vio_keepalive; + vio->should_retry =vio_should_retry; + vio->was_interrupted=vio_was_interrupted; vio->vioclose =vio_ssl_close; - vio->peer_addr =vio_ssl_peer_addr; - vio->in_addr =vio_ssl_in_addr; + vio->peer_addr =vio_peer_addr; + vio->in_addr =vio_in_addr; vio->vioblocking =vio_ssl_blocking; vio->is_blocking =vio_is_blocking; - vio->timeout =vio_ssl_timeout; + vio->timeout =vio_timeout; } else /* default is VIO_TYPE_TCPIP */ #endif /* HAVE_OPENSSL */ diff --git a/vio/vio_priv.h b/vio/vio_priv.h index eb495025ddd..db331abdea8 100644 --- a/vio/vio_priv.h +++ b/vio/vio_priv.h @@ -30,28 +30,10 @@ void vio_ignore_timeout(Vio *vio, uint which, uint timeout); int vio_ssl_read(Vio *vio,gptr buf, int size); int vio_ssl_write(Vio *vio,const gptr buf,int size); -void vio_ssl_timeout(Vio *vio, uint which, uint timeout); -/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */ -int vio_ssl_fastsend(Vio *vio); -/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */ -int vio_ssl_keepalive(Vio *vio, my_bool onoff); -/* Whenever we should retry the last read/write operation. */ -my_bool vio_ssl_should_retry(Vio *vio); -/* Check that operation was timed out */ -my_bool vio_ssl_was_interrupted(Vio *vio); /* When the workday is over... */ int vio_ssl_close(Vio *vio); -/* Return last error number */ -int vio_ssl_errno(Vio *vio); -my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port); -void vio_ssl_in_addr(Vio *vio, struct in_addr *in); + int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode); -/* Single copy for server */ -enum vio_ssl_acceptorfd_state -{ - state_connect = 1, - state_accept = 2 -}; #endif /* HAVE_OPENSSL */ diff --git a/vio/viossl.c b/vio/viossl.c index 1273814c551..33b8f716b9e 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -70,12 +70,6 @@ report_errors() } -int vio_ssl_errno(Vio *vio __attribute__((unused))) -{ - return socket_errno; /* On Win32 this mapped to WSAGetLastError() */ -} - - int vio_ssl_read(Vio * vio, gptr buf, int size) { int r; @@ -107,183 +101,51 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size) } -int vio_ssl_fastsend(Vio * vio __attribute__((unused))) -{ - int r=0; - DBUG_ENTER("vio_ssl_fastsend"); - -#if defined(IPTOS_THROUGHPUT) && !defined(__EMX__) - { - int tos= IPTOS_THROUGHPUT; - r= setsockopt(vio->sd, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(tos)); - } -#endif /* IPTOS_THROUGHPUT && !__EMX__ */ - if (!r) - { -#ifdef __WIN__ - BOOL nodelay= 1; - r= setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (const char*) &nodelay, - sizeof(nodelay)); -#else - int nodelay= 1; - r= setsockopt(vio->sd, IPPROTO_TCP, TCP_NODELAY, (void*) &nodelay, - sizeof(nodelay)); -#endif /* __WIN__ */ - } - if (r) - { - DBUG_PRINT("warning", ("Couldn't set socket option for fast send")); - r= -1; - } - DBUG_PRINT("exit", ("%d", r)); - DBUG_RETURN(r); -} - - -int vio_ssl_keepalive(Vio* vio, my_bool set_keep_alive) -{ - int r=0; - DBUG_ENTER("vio_ssl_keepalive"); - DBUG_PRINT("enter", ("sd: %d, set_keep_alive: %d", vio->sd, (int) - set_keep_alive)); - if (vio->type != VIO_TYPE_NAMEDPIPE) - { - uint opt = (set_keep_alive) ? 1 : 0; - r= setsockopt(vio->sd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt, - sizeof(opt)); - } - DBUG_RETURN(r); -} - - -my_bool -vio_ssl_should_retry(Vio * vio __attribute__((unused))) -{ - int en = socket_errno; - return (en == SOCKET_EAGAIN || en == SOCKET_EINTR || - en == SOCKET_EWOULDBLOCK); -} - - -my_bool -vio_ssl_was_interrupted(Vio *vio __attribute__((unused))) -{ - int en= socket_errno; - return (en == SOCKET_EAGAIN || en == SOCKET_EINTR || - en == SOCKET_EWOULDBLOCK || en == SOCKET_ETIMEDOUT); -} - - int vio_ssl_close(Vio * vio) { - int r; + int r= 0; + SSL* ssl= (SSL*)vio->ssl_arg; DBUG_ENTER("vio_ssl_close"); - r=0; - if ((SSL*) vio->ssl_arg) + + if (ssl) { - r = SSL_shutdown((SSL*) vio->ssl_arg); - SSL_free((SSL*) vio->ssl_arg); + switch ((r= SSL_shutdown(ssl))) + { + case 1: /* Shutdown successful */ + break; + case 0: /* Shutdown not yet finished, call it again */ + if ((r= SSL_shutdown(ssl) >= 0)) + break; + /* Fallthrough */ + default: /* Shutdown failed */ + DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %s", + SSL_get_error(ssl, r))); + break; + } + SSL_free(ssl); vio->ssl_arg= 0; } - if (vio->sd >= 0) - { - if (shutdown(vio->sd, 2)) - r= -1; - if (closesocket(vio->sd)) - r= -1; - } - if (r) - { - DBUG_PRINT("error", ("close() failed, error: %d",socket_errno)); - report_errors(); - /* FIXME: error handling (not critical for MySQL) */ - } - vio->type= VIO_CLOSED; - vio->sd= -1; - DBUG_RETURN(r); + DBUG_RETURN(vio_close(vio)); } -const char *vio_ssl_description(Vio * vio) +int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout) { - return vio->desc; -} - -enum enum_vio_type vio_ssl_type(Vio* vio) -{ - return vio->type; -} - -my_socket vio_ssl_fd(Vio* vio) -{ - return vio->sd; -} - - -my_bool vio_ssl_peer_addr(Vio * vio, char *buf, uint16 *port) -{ - DBUG_ENTER("vio_ssl_peer_addr"); - DBUG_PRINT("enter", ("sd: %d", vio->sd)); - if (vio->localhost) - { - strmov(buf,"127.0.0.1"); - *port=0; - } - else - { - size_socket addrLen = sizeof(struct sockaddr); - if (getpeername(vio->sd, (struct sockaddr *) (& (vio->remote)), - &addrLen) != 0) - { - DBUG_PRINT("exit", ("getpeername, error: %d", socket_errno)); - DBUG_RETURN(1); - } -#ifdef TO_BE_FIXED - my_inet_ntoa(vio->remote.sin_addr,buf); - *port= 0; -#else - strmov(buf, "unknown"); - *port= 0; -#endif - } - DBUG_PRINT("exit", ("addr: %s", buf)); - DBUG_RETURN(0); -} - - -void vio_ssl_in_addr(Vio *vio, struct in_addr *in) -{ - DBUG_ENTER("vio_ssl_in_addr"); - if (vio->localhost) - bzero((char*) in, sizeof(*in)); - else - *in=vio->remote.sin_addr; - DBUG_VOID_RETURN; -} - - -/* - TODO: Add documentation -*/ - -int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) -{ - char *str; - char buf[1024]; + SSL *ssl; X509* client_cert; my_bool unused; my_bool net_blocking; enum enum_vio_type old_type; DBUG_ENTER("sslaccept"); - DBUG_PRINT("enter", ("sd: %d ptr: Ox%p, timeout: %d", + DBUG_PRINT("enter", ("sd: %d ptr: %p, timeout: %d", vio->sd, ptr, timeout)); old_type= vio->type; - net_blocking = vio_is_blocking(vio); + net_blocking= vio_is_blocking(vio); vio_blocking(vio, 1, &unused); /* Must be called before reset */ - vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); - vio->ssl_arg= 0; - if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context))) + vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE); + + if (!(ssl= SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); report_errors(); @@ -291,121 +153,114 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } - DBUG_PRINT("info", ("ssl_: Ox%p timeout: %ld", - (SSL*) vio->ssl_arg, timeout)); - SSL_clear((SSL*) vio->ssl_arg); - SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout); - SSL_set_fd((SSL*) vio->ssl_arg,vio->sd); - SSL_set_accept_state((SSL*) vio->ssl_arg); - if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1) + vio->ssl_arg= (void*)ssl; + DBUG_PRINT("info", ("ssl_: %p timeout: %ld", ssl, timeout)); + SSL_clear(ssl); + SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); + SSL_set_fd(ssl, vio->sd); + SSL_set_accept_state(ssl); + if (SSL_do_handshake(ssl) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); - SSL_free((SSL*) vio->ssl_arg); + SSL_free(ssl); vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } + #ifndef DBUG_OFF - DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" - ,SSL_get_cipher_name((SSL*) vio->ssl_arg))); - client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg); - if (client_cert != NULL) { - DBUG_PRINT("info",("Client certificate:")); - str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); - DBUG_PRINT("info",("\t subject: %s", str)); - free (str); + char buf[1024]; + DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl))); - str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); - DBUG_PRINT("info",("\t issuer: %s", str)); - free (str); + if ((client_cert= SSL_get_peer_certificate (ssl))) + { + DBUG_PRINT("info",("Client certificate:")); + X509_NAME_oneline (X509_get_subject_name (client_cert), + buf, sizeof(buf)); + DBUG_PRINT("info",("\t subject: %s", buf)); - X509_free (client_cert); + X509_NAME_oneline (X509_get_issuer_name (client_cert), + buf, sizeof(buf)); + DBUG_PRINT("info",("\t issuer: %s", buf)); + + X509_free (client_cert); + } + else + DBUG_PRINT("info",("Client does not have certificate.")); + + if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf))) + { + DBUG_PRINT("info",("shared_ciphers: '%s'", buf)); + } + else + DBUG_PRINT("info",("no shared ciphers!")); } - else - DBUG_PRINT("info",("Client does not have certificate.")); - - str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf)); - if (str) - { - DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str)); - } - else - { - DBUG_PRINT("info",("no shared ciphers!")); - } - #endif + DBUG_RETURN(0); } -int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) +int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout) { - char *str; - X509* server_cert; + SSL *ssl; + X509 *server_cert; my_bool unused; my_bool net_blocking; - enum enum_vio_type old_type; + enum enum_vio_type old_type; + DBUG_ENTER("sslconnect"); - DBUG_PRINT("enter", ("sd: %d ptr: 0x%p ctx: 0x%p", - vio->sd,ptr,ptr->ssl_context)); + DBUG_PRINT("enter", ("sd: %d, ptr: %p, ctx: %p", + vio->sd, ptr, ptr->ssl_context)); old_type= vio->type; - net_blocking = vio_is_blocking(vio); + net_blocking= vio_is_blocking(vio); vio_blocking(vio, 1, &unused); /* Must be called before reset */ - vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); - vio->ssl_arg= 0; - if (!(vio->ssl_arg = SSL_new(ptr->ssl_context))) + vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE); + if (!(ssl= SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); report_errors(); - vio_reset(vio, old_type,vio->sd,0,FALSE); - vio_blocking(vio, net_blocking, &unused); + vio_reset(vio, old_type, vio->sd, 0, FALSE); + vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } - DBUG_PRINT("info", ("ssl_: 0x%p timeout: %ld", - (SSL*) vio->ssl_arg, timeout)); - SSL_clear((SSL*) vio->ssl_arg); - SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout); - SSL_set_fd ((SSL*) vio->ssl_arg, vio_ssl_fd(vio)); - SSL_set_connect_state((SSL*) vio->ssl_arg); - if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1) + vio->ssl_arg= (void*)ssl; + DBUG_PRINT("info", ("ssl: %p, timeout: %ld", ssl, timeout)); + SSL_clear(ssl); + SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); + SSL_set_fd(ssl, vio->sd); + SSL_set_connect_state(ssl); + if (SSL_do_handshake(ssl) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); - SSL_free((SSL*) vio->ssl_arg); + SSL_free(ssl); vio->ssl_arg= 0; - vio_reset(vio, old_type,vio->sd,0,FALSE); + vio_reset(vio, old_type, vio->sd, 0, FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); - } + } #ifndef DBUG_OFF - DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" - ,SSL_get_cipher_name((SSL*) vio->ssl_arg))); - server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg); - if (server_cert != NULL) + DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl))); + + if ((server_cert= SSL_get_peer_certificate (ssl))) { + char buf[256]; DBUG_PRINT("info",("Server certificate:")); - str = X509_NAME_oneline (X509_get_subject_name (server_cert), 0, 0); - DBUG_PRINT("info",("\t subject: %s", str)); - free(str); - - str = X509_NAME_oneline (X509_get_issuer_name (server_cert), 0, 0); - DBUG_PRINT("info",("\t issuer: %s", str)); - free(str); - - /* - We could do all sorts of certificate verification stuff here before - deallocating the certificate. - */ + X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); + DBUG_PRINT("info",("\t subject: %s", buf)); + X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf)); + DBUG_PRINT("info",("\t issuer: %s", buf)); X509_free (server_cert); } else DBUG_PRINT("info",("Server does not have certificate.")); #endif + DBUG_RETURN(0); } @@ -414,21 +269,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)), my_bool set_blocking_mode, my_bool *old_mode) { + /* Mode is always blocking */ + *old_mode= 1; /* Return error if we try to change to non_blocking mode */ - *old_mode=1; /* Mode is always blocking */ - return set_blocking_mode ? 0 : 1; + return (set_blocking_mode ? 0 : 1); } - -void vio_ssl_timeout(Vio *vio __attribute__((unused)), - uint which __attribute__((unused)), - uint timeout __attribute__((unused))) -{ -#ifdef __WIN__ - ulong wait_timeout= (ulong) timeout * 1000; - (void) setsockopt(vio->sd, SOL_SOCKET, - which ? SO_SNDTIMEO : SO_RCVTIMEO, (char*) &wait_timeout, - sizeof(wait_timeout)); -#endif /* __WIN__ */ -} #endif /* HAVE_OPENSSL */ diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 4ee27f1e491..c58fa449374 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -21,7 +21,6 @@ static bool ssl_algorithms_added = FALSE; static bool ssl_error_strings_loaded= FALSE; static int verify_depth = 0; -static int verify_error = X509_V_OK; static unsigned char dh512_p[]= { @@ -82,30 +81,31 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) DBUG_ENTER("vio_set_cert_stuff"); DBUG_PRINT("enter", ("ctx: %p, cert_file: %s, key_file: %s", ctx, cert_file, key_file)); - if (cert_file != NULL) + if (cert_file) { - if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <= 0) + if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { - DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file)); + DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file)); /* FIX stderr */ fprintf(stderr,"Error when connection to server using SSL:"); ERR_print_errors_fp(stderr); fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file); fflush(stderr); - DBUG_RETURN(0); + DBUG_RETURN(1); } - if (key_file == NULL) - key_file = cert_file; - if (SSL_CTX_use_PrivateKey_file(ctx,key_file, - SSL_FILETYPE_PEM) <= 0) + + if (!key_file) + key_file= cert_file; + + if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { - DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file)); + DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file)); /* FIX stderr */ fprintf(stderr,"Error when connection to server using SSL:"); ERR_print_errors_fp(stderr); fprintf(stderr,"Unable to get private key from '%s'\n", cert_file); - fflush(stderr); - DBUG_RETURN(0); + fflush(stderr); + DBUG_RETURN(1); } /* @@ -116,45 +116,45 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) { DBUG_PRINT("error", ("Private key does not match the certificate public key\n")); - DBUG_RETURN(0); + DBUG_RETURN(1); } } - DBUG_RETURN(1); + DBUG_RETURN(0); } static int vio_verify_callback(int ok, X509_STORE_CTX *ctx) { - char buf[256]; - X509* err_cert; - int err,depth; + char buf[256]; + X509 *err_cert; DBUG_ENTER("vio_verify_callback"); - DBUG_PRINT("enter", ("ok: %d, ctx: 0x%p", ok, ctx)); - err_cert=X509_STORE_CTX_get_current_cert(ctx); - err= X509_STORE_CTX_get_error(ctx); - depth= X509_STORE_CTX_get_error_depth(ctx); + DBUG_PRINT("enter", ("ok: %d, ctx: %p", ok, ctx)); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof(buf)); + err_cert= X509_STORE_CTX_get_current_cert(ctx); + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); + DBUG_PRINT("info", ("cert: %s", buf)); if (!ok) { - DBUG_PRINT("error",("verify error: num: %d : '%s'\n",err, + int err, depth; + err= X509_STORE_CTX_get_error(ctx); + depth= X509_STORE_CTX_get_error_depth(ctx); + + DBUG_PRINT("error",("verify error: %d, '%s'",err, X509_verify_cert_error_string(err))); + /* + Approve cert if depth is greater then "verify_depth", currently + verify_depth is always 0 and there is no way to increase it. + */ if (verify_depth >= depth) - { - ok=1; - verify_error=X509_V_OK; - } - else - { - verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; - } + ok= 1; } - switch (ctx->error) { + switch (ctx->error) + { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); - DBUG_PRINT("info",("issuer= %s\n",buf)); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); + DBUG_PRINT("info",("issuer= %s\n", buf)); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: @@ -198,193 +198,150 @@ static void netware_ssl_init() #endif /* __NETWARE__ */ -/************************ VioSSLConnectorFd **********************************/ -/* - TODO: - Add option --verify to mysql to be able to change verification mode -*/ - -struct st_VioSSLConnectorFd * -new_VioSSLConnectorFd(const char* key_file, - const char* cert_file, - const char* ca_file, - const char* ca_path, - const char* cipher) +static void check_ssl_init() { - int verify = SSL_VERIFY_NONE; - struct st_VioSSLConnectorFd* ptr; - int result; - DH *dh; - DBUG_ENTER("new_VioSSLConnectorFd"); - - if (!(ptr=((struct st_VioSSLConnectorFd*) - my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0))))) - DBUG_RETURN(0); - - ptr->ssl_context= 0; - ptr->ssl_method= 0; - /* FIXME: constants! */ - if (!ssl_algorithms_added) { - DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()")); - ssl_algorithms_added = TRUE; + ssl_algorithms_added= TRUE; SSL_library_init(); OpenSSL_add_all_algorithms(); + } + #ifdef __NETWARE__ + /* MASV, should it be done everytime? */ netware_ssl_init(); #endif if (!ssl_error_strings_loaded) { - DBUG_PRINT("info", ("todo:SSL_load_error_strings()")); - ssl_error_strings_loaded = TRUE; + ssl_error_strings_loaded= TRUE; SSL_load_error_strings(); } - ptr->ssl_method = TLSv1_client_method(); - ptr->ssl_context = SSL_CTX_new(ptr->ssl_method); - DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context)); - if (ptr->ssl_context == 0) +} + +/************************ VioSSLFd **********************************/ +struct st_VioSSLFd * +new_VioSSLFd(const char *key_file, const char *cert_file, + const char *ca_file, const char *ca_path, + const char *cipher, SSL_METHOD *method) +{ + DH *dh; + struct st_VioSSLFd *ssl_fd; + DBUG_ENTER("new_VioSSLFd"); + + check_ssl_init(); + + if (!(ssl_fd= ((struct st_VioSSLFd*) + my_malloc(sizeof(struct st_VioSSLFd),MYF(0))))) + DBUG_RETURN(0); + + if (!(ssl_fd->ssl_context= SSL_CTX_new(method))) { DBUG_PRINT("error", ("SSL_CTX_new failed")); report_errors(); - goto ctor_failure; + my_free((void*)ssl_fd,MYF(0)); + DBUG_RETURN(0); } - /* - SSL_CTX_set_options - SSL_CTX_set_info_callback - */ - if (cipher) + + /* Set the ciphers that can be used */ + if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher)) { - result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher); - DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); + DBUG_PRINT("error", ("failed to set ciphers to use")); + report_errors(); + my_free((void*)ssl_fd,MYF(0)); + DBUG_RETURN(0); } - SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback); - if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1) + + if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file)) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); report_errors(); - goto ctor_failure; + my_free((void*)ssl_fd,MYF(0)); + DBUG_RETURN(0); } - if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0) + + if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0) + if (SSL_CTX_set_default_verify_paths(ssl_fd->ssl_context) == 0) { DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); report_errors(); - goto ctor_failure; + my_free((void*)ssl_fd,MYF(0)); + DBUG_RETURN(0); } - } + } /* DH stuff */ dh=get_dh512(); - SSL_CTX_set_tmp_dh(ptr->ssl_context,dh); + SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh); DH_free(dh); - DBUG_RETURN(ptr); -ctor_failure: - DBUG_PRINT("exit", ("there was an error")); - my_free((gptr)ptr,MYF(0)); - DBUG_RETURN(0); + DBUG_PRINT("exit", ("OK 1")); + + DBUG_RETURN(ssl_fd); +} + + +/************************ VioSSLConnectorFd **********************************/ +struct st_VioSSLFd * +new_VioSSLConnectorFd(const char *key_file, const char *cert_file, + const char *ca_file, const char *ca_path, + const char *cipher) +{ + struct st_VioSSLFd *ssl_fd; + int verify= SSL_VERIFY_NONE; + if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, + ca_path, cipher, TLSv1_client_method()))) + { + return 0; + } + /* Init the the VioSSLFd as a "connector" ie. the client side */ + + /* + The verify_callback function is used to control the behaviour + when the SSL_VERIFY_PEER flag is set. Here it is SSL_VERIFY_NONE + and thus callback is set to NULL + */ + SSL_CTX_set_verify(ssl_fd->ssl_context, verify, NULL); + + return ssl_fd; } /************************ VioSSLAcceptorFd **********************************/ -/* - TODO: - Add option --verify to mysqld to be able to change verification mode -*/ -struct st_VioSSLAcceptorFd* -new_VioSSLAcceptorFd(const char *key_file, - const char *cert_file, - const char *ca_file, - const char *ca_path, +struct st_VioSSLFd* +new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, + const char *ca_file, const char *ca_path, const char *cipher) { - int verify = (SSL_VERIFY_PEER | - SSL_VERIFY_CLIENT_ONCE); - struct st_VioSSLAcceptorFd* ptr; - int result; - DH *dh; - DBUG_ENTER("new_VioSSLAcceptorFd"); - - ptr= ((struct st_VioSSLAcceptorFd*) - my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0))); - ptr->ssl_context=0; - ptr->ssl_method=0; - /* FIXME: constants! */ - ptr->session_id_context= ptr; - - if (!ssl_algorithms_added) + struct st_VioSSLFd *ssl_fd; + int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; + if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, + ca_path, cipher, TLSv1_server_method()))) { - DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()")); - ssl_algorithms_added = TRUE; - SSL_library_init(); - OpenSSL_add_all_algorithms(); + return 0; + } + /* Init the the VioSSLFd as a "acceptor" ie. the server side */ - } -#ifdef __NETWARE__ - netware_ssl_init(); -#endif - - if (!ssl_error_strings_loaded) - { - DBUG_PRINT("info", ("todo: SSL_load_error_strings()")); - ssl_error_strings_loaded = TRUE; - SSL_load_error_strings(); - } - ptr->ssl_method= TLSv1_server_method(); - ptr->ssl_context= SSL_CTX_new(ptr->ssl_method); - if (ptr->ssl_context == 0) - { - DBUG_PRINT("error", ("SSL_CTX_new failed")); - report_errors(); - goto ctor_failure; - } - if (cipher) - { - result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher); - DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); - } - /* SSL_CTX_set_quiet_shutdown(ctx,1); */ - SSL_CTX_sess_set_cache_size(ptr->ssl_context,128); - - /* DH? */ - SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback); - SSL_CTX_set_session_id_context(ptr->ssl_context, - (const uchar*) &(ptr->session_id_context), - sizeof(ptr->session_id_context)); + /* Set max number of cached sessions, returns the previous size */ + SSL_CTX_sess_set_cache_size(ssl_fd->ssl_context, 128); /* - SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + The verify_callback function is used to control the behaviour + when the SSL_VERIFY_PEER flag is set. */ - if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1) - { - DBUG_PRINT("error", ("vio_set_cert_stuff failed")); - report_errors(); - goto ctor_failure; - } - if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0) - { - DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0) - { - DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); - report_errors(); - goto ctor_failure; - } - } - /* DH stuff */ - dh=get_dh512(); - SSL_CTX_set_tmp_dh(ptr->ssl_context,dh); - DH_free(dh); - DBUG_RETURN(ptr); + SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback); -ctor_failure: - DBUG_PRINT("exit", ("there was an error")); - my_free((gptr) ptr,MYF(0)); - DBUG_RETURN(0); + /* + Set session_id - an identifier for this server session + Use the ssl_fd pointer + */ + SSL_CTX_set_session_id_context(ssl_fd->ssl_context, + ssl_fd, + sizeof(ssl_fd)); + + return ssl_fd; } #endif /* HAVE_OPENSSL */ From d66ac949113597de32590610eb32a81349779480 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 12 Apr 2006 14:06:05 +0200 Subject: [PATCH 02/53] Fix up patch --- sql-common/client.c | 68 +------------------------------------------ vio/viossl.c | 24 +++++++-------- vio/viosslfactories.c | 1 - 3 files changed, 13 insertions(+), 80 deletions(-) diff --git a/sql-common/client.c b/sql-common/client.c index da38d022c4d..b24b92014d6 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods= #endif }; -int ssl_verify_server_cert(Vio *vio, const char* server_host) -{ - SSL *ssl; - X509 *server_cert; - char *cp1, *cp2; - char buf[256]; - DBUG_ENTER("ssl_verify_server_cert"); - DBUG_PRINT("enter", ("server_host: %s", server_host)); - - if (!(ssl= (SSL*)vio->ssl_arg)) - { - DBUG_PRINT("error", ("No SSL pointer found")); - return 1; - } - - if (!server_host) - { - DBUG_PRINT("error", ("No server hostname supplied")); - return 1; - } - - if (!(server_cert= SSL_get_peer_certificate(ssl))) - { - DBUG_PRINT("error", ("Could not get server certificate")); - return 1; - } - - /* - We already know that the certificate exchanged was valid; the SSL library - handled that. Now we need to verify that the contents of the certificate - are what we expect. - */ - - X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); - X509_free (server_cert); - -// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing - - DBUG_PRINT("info", ("hostname in cert: %s", buf)); - cp1 = strstr(buf, "/CN="); - if (cp1) - { - cp1 += 4; // Skip the "/CN=" that we found - cp2 = strchr(cp1, '/'); - if (cp2) - *cp2 = '\0'; - DBUG_PRINT("info", ("Server hostname in cert: ", cp1)); - if (!strcmp(cp1, server_host)) - { - /* Success */ - DBUG_RETURN(0); - } - } - DBUG_PRINT("error", ("SSL certificate validation failure")); - DBUG_RETURN(1); -} - - MYSQL * CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, const char *passwd, const char *db, @@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, } DBUG_PRINT("info", ("IO layer change done!")); -#if 0 - /* Verify server cert */ - if (mysql->options.ssl_verify_cert && - ssl_verify_server_cert(mysql->net.vio, mysql->host)) - { - set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); - goto error; - } -#endif + /* TODO Verify server cert */ } #endif /* HAVE_OPENSSL */ diff --git a/vio/viossl.c b/vio/viossl.c index 33b8f716b9e..aa4cdda9f01 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -54,12 +54,12 @@ static void report_errors() { unsigned long l; - const char* file; - const char* data; - int line,flags; + const char *file; + const char *data; + int line,flags; DBUG_ENTER("report_errors"); - while ((l=ERR_get_error_line_data(&file,&line,&data,&flags))) + while ((l= ERR_get_error_line_data(&file,&line,&data,&flags))) { char buf[512]; DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), @@ -70,7 +70,7 @@ report_errors() } -int vio_ssl_read(Vio * vio, gptr buf, int size) +int vio_ssl_read(Vio *vio, gptr buf, int size) { int r; DBUG_ENTER("vio_ssl_read"); @@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size) } -int vio_ssl_write(Vio * vio, const gptr buf, int size) +int vio_ssl_write(Vio *vio, const gptr buf, int size) { int r; DBUG_ENTER("vio_ssl_write"); @@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size) } -int vio_ssl_close(Vio * vio) +int vio_ssl_close(Vio *vio) { int r= 0; - SSL* ssl= (SSL*)vio->ssl_arg; + SSL *ssl= (SSL*)vio->ssl_arg; DBUG_ENTER("vio_ssl_close"); if (ssl) @@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio) } -int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout) +int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) { SSL *ssl; - X509* client_cert; + X509 *client_cert; my_bool unused; my_bool net_blocking; enum enum_vio_type old_type; @@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout) } -int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout) +int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) { SSL *ssl; X509 *server_cert; @@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout) } -int vio_ssl_blocking(Vio * vio __attribute__((unused)), +int vio_ssl_blocking(Vio *vio __attribute__((unused)), my_bool set_blocking_mode, my_bool *old_mode) { diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index c58fa449374..d6356f1adca 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -209,7 +209,6 @@ static void check_ssl_init() } #ifdef __NETWARE__ - /* MASV, should it be done everytime? */ netware_ssl_init(); #endif From a51668c74c498e3e5702342fe5ced68afbee0756 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Tue, 18 Apr 2006 17:58:27 +0200 Subject: [PATCH 03/53] Bug#17208 SSL: client does not verify server certificate - Add new function 'ssl_verify_server_cert' which is used if we are connecting to the server with SSL. It will compare the hostname in the server's cert against the hostname that we used when connecting to the server. Will reject the connection if hostname does not match. - Add new option "OPT_SSL_VERIFY_SERVER_CERT" to be passed to mysql_options which will turn on checking of servers cert. - Add new argument "ssl-verify-server-cert" to all mysql* clients which will activate the above option. - Generate a new server cert with 1024 bits that has "localhost" as the server name. --- SSL/server-cert.pem | 78 +++++++++++++++++------------------ client/client_priv.h | 2 +- client/mysql.cc | 2 + client/mysqladmin.cc | 2 + client/mysqldump.c | 2 + client/mysqlimport.c | 2 + client/mysqlshow.c | 2 + client/mysqltest.c | 11 ++++- include/mysql.h | 4 +- include/sslopt-longopts.h | 7 +++- include/sslopt-vars.h | 3 ++ sql-common/client.c | 86 ++++++++++++++++++++++++++++++++++++++- vio/viosslfactories.c | 8 ++-- 13 files changed, 159 insertions(+), 50 deletions(-) diff --git a/SSL/server-cert.pem b/SSL/server-cert.pem index debf7026e3c..4ef70ed5095 100644 --- a/SSL/server-cert.pem +++ b/SSL/server-cert.pem @@ -1,13 +1,14 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 2 (0x2) + Serial Number: + e9:07:d1:01:94:ee:66:ca Signature Algorithm: md5WithRSAEncryption - Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com + Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com Validity - Not Before: Sep 12 16:22:06 2003 GMT - Not After : Sep 9 16:22:06 2013 GMT - Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Server/Email=abstract.mysql.developer@mysql.com + Not Before: Apr 18 15:35:37 2006 GMT + Not After : Jan 12 15:35:37 2009 GMT + Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) @@ -23,45 +24,42 @@ Certificate: 3d:0e:4d:2a:a8:b8:ca:99:8d Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate X509v3 Subject Key Identifier: 6E:E4:9B:6A:C5:EA:E4:E6:C7:EF:D7:1E:C8:63:45:60:2B:1B:D4:D4 X509v3 Authority Key Identifier: - keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92 - DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com - serial:00 + keyid:6E:E4:9B:6A:C5:EA:E4:E6:C7:EF:D7:1E:C8:63:45:60:2B:1B:D4:D4 + DirName:/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/CN=localhost/emailAddress=abstract.mysql.developer@mysql.com + serial:E9:07:D1:01:94:EE:66:CA + X509v3 Basic Constraints: + CA:TRUE Signature Algorithm: md5WithRSAEncryption - 31:77:69:b9:bd:ab:29:f3:fc:5a:09:16:6f:5d:42:ea:ba:01: - 55:69:e3:75:cf:b8:d1:b7:b9:bf:da:63:85:8c:48:92:06:60: - 76:97:e0:00:78:4b:ad:da:ab:6a:90:6d:8b:03:a8:b1:e9:09: - 78:e1:29:98:56:12:60:6b:42:fe:e8:a7:c4:f8:d6:15:07:e8: - 2b:c2:d8:8a:e5:1b:2e:51:08:9b:56:e3:b3:7a:4c:3e:e5:be: - 4a:4d:f8:65:7b:a8:21:e0:ca:fe:8b:ab:d7:ec:f2:2d:f7:d0: - bf:d7:c5:23:1c:08:d8:aa:57:c7:f3:5f:ba:33:3f:78:d1:f4: - 8e:5e + 1f:03:59:6e:ff:1f:9d:c7:19:9e:8e:b2:1a:c0:0b:9e:ee:94: + 35:77:2a:93:04:ea:d5:a8:fc:36:5a:5b:e3:1c:02:b8:cf:04: + 6e:21:b0:27:f6:96:6e:d6:8f:cd:02:cf:23:f3:e7:ff:6a:ee: + a9:09:c5:c9:07:81:b6:d2:bc:bd:13:47:0d:7b:76:f6:8a:c4: + 76:24:f8:4c:4e:26:fc:d8:c0:1f:3d:40:19:43:8e:41:ab:99: + 3a:99:9b:24:7c:ae:78:f3:df:2f:a2:ed:8f:27:0a:0a:0b:04: + bf:25:74:88:87:96:c8:68:d5:bc:5b:a0:ef:14:aa:53:6e:c4: + a3:e3 -----BEGIN CERTIFICATE----- -MIIDkTCCAvqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux -EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB -YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0 -Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMjA2WhcNMTMw -OTA5MTYyMjA2WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G -A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIFNlcnZlcjExMC8GCSqGSIb3 -DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEA6YZ6VYSITL6k+JJzMBJJC3qFhzk0OQ19C40Y -wheVE1LSP1UQV8g/WvWy+ovQZ0nMqoL8n84AtHPzNtI608KwDhTD1LIhdKHwMYFg -h5hzXBDBsRpN8fOwmD/w15ebK/3VIXmyL+tkFcmbnfyeLdT4BFvqqXVLQsM9Dk0q -qLjKmY0CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w -ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRu5Jtqxerk5sfv -1x7IY0VgKxvU1DCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB -jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT -CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv -BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C -AQAwDQYJKoZIhvcNAQEEBQADgYEAMXdpub2rKfP8WgkWb11C6roBVWnjdc+40be5 -v9pjhYxIkgZgdpfgAHhLrdqrapBtiwOosekJeOEpmFYSYGtC/uinxPjWFQfoK8LY -iuUbLlEIm1bjs3pMPuW+Sk34ZXuoIeDK/our1+zyLffQv9fFIxwI2KpXx/NfujM/ -eNH0jl4= +MIIDijCCAvOgAwIBAgIJAOkH0QGU7mbKMA0GCSqGSIb3DQEBBAUAMIGLMQswCQYD +VQQGEwJTRTEQMA4GA1UECBMHVXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G +A1UEChMITXlTUUwgQUIxEjAQBgNVBAMTCWxvY2FsaG9zdDExMC8GCSqGSIb3DQEJ +ARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTAeFw0wNjA0MTgx +NTM1MzdaFw0wOTAxMTIxNTM1MzdaMIGLMQswCQYDVQQGEwJTRTEQMA4GA1UECBMH +VXBwc2FsYTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxEjAQ +BgNVBAMTCWxvY2FsaG9zdDExMC8GCSqGSIb3DQEJARYiYWJzdHJhY3QubXlzcWwu +ZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +6YZ6VYSITL6k+JJzMBJJC3qFhzk0OQ19C40YwheVE1LSP1UQV8g/WvWy+ovQZ0nM +qoL8n84AtHPzNtI608KwDhTD1LIhdKHwMYFgh5hzXBDBsRpN8fOwmD/w15ebK/3V +IXmyL+tkFcmbnfyeLdT4BFvqqXVLQsM9Dk0qqLjKmY0CAwEAAaOB8zCB8DAdBgNV +HQ4EFgQUbuSbasXq5ObH79ceyGNFYCsb1NQwgcAGA1UdIwSBuDCBtYAUbuSbasXq +5ObH79ceyGNFYCsb1NShgZGkgY4wgYsxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdV +cHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQjESMBAG +A1UEAxMJbG9jYWxob3N0MTEwLwYJKoZIhvcNAQkBFiJhYnN0cmFjdC5teXNxbC5k +ZXZlbG9wZXJAbXlzcWwuY29tggkA6QfRAZTuZsowDAYDVR0TBAUwAwEB/zANBgkq +hkiG9w0BAQQFAAOBgQAfA1lu/x+dxxmejrIawAue7pQ1dyqTBOrVqPw2WlvjHAK4 +zwRuIbAn9pZu1o/NAs8j8+f/au6pCcXJB4G20ry9E0cNe3b2isR2JPhMTib82MAf +PUAZQ45Bq5k6mZskfK54898vou2PJwoKCwS/JXSIh5bIaNW8W6DvFKpTbsSj4w== -----END CERTIFICATE----- diff --git a/client/client_priv.h b/client/client_priv.h index a9d5364df49..9e011144836 100644 --- a/client/client_priv.h +++ b/client/client_priv.h @@ -51,5 +51,5 @@ enum options_client #endif OPT_TRIGGERS, OPT_IGNORE_TABLE,OPT_INSERT_IGNORE,OPT_SHOW_WARNINGS,OPT_DROP_DATABASE, - OPT_TZ_UTC, OPT_AUTO_CLOSE + OPT_TZ_UTC, OPT_AUTO_CLOSE, OPT_SSL_VERIFY_SERVER_CERT }; diff --git a/client/mysql.cc b/client/mysql.cc index cd4cbf49918..7c1e70cfda2 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -3123,6 +3123,8 @@ sql_real_connect(char *host,char *database,char *user,char *password, if (opt_use_ssl) mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc index 5b52d524f8e..57ab4e071fb 100644 --- a/client/mysqladmin.cc +++ b/client/mysqladmin.cc @@ -340,6 +340,8 @@ int main(int argc,char *argv[]) if (opt_use_ssl) mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/client/mysqldump.c b/client/mysqldump.c index 78f12593f46..ee6d7b9d12b 100644 --- a/client/mysqldump.c +++ b/client/mysqldump.c @@ -905,6 +905,8 @@ static int dbConnect(char *host, char *user,char *passwd) if (opt_use_ssl) mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&mysql_connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/client/mysqlimport.c b/client/mysqlimport.c index 8694093f06b..1f9b96f91be 100644 --- a/client/mysqlimport.c +++ b/client/mysqlimport.c @@ -384,6 +384,8 @@ static MYSQL *db_connect(char *host, char *database, char *user, char *passwd) if (opt_use_ssl) mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&mysql_connection,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/client/mysqlshow.c b/client/mysqlshow.c index 504f0d9844b..d090495ff81 100644 --- a/client/mysqlshow.c +++ b/client/mysqlshow.c @@ -109,6 +109,8 @@ int main(int argc, char **argv) if (opt_use_ssl) mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); diff --git a/client/mysqltest.c b/client/mysqltest.c index e51d83270b5..7257958311f 100644 --- a/client/mysqltest.c +++ b/client/mysqltest.c @@ -108,7 +108,7 @@ enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD, OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC, OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH, OPT_SSL_CIPHER,OPT_PS_PROTOCOL,OPT_SP_PROTOCOL,OPT_CURSOR_PROTOCOL, - OPT_VIEW_PROTOCOL}; + OPT_VIEW_PROTOCOL, OPT_SSL_VERIFY_SERVER_CERT}; /* ************************************************************************ */ /* @@ -2378,8 +2378,12 @@ int do_connect(struct st_query *q) #ifdef HAVE_OPENSSL if (opt_use_ssl || con_ssl) + { mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&next_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + &opt_ssl_verify_server_cert); + } #endif if (con_sock && !free_con_sock && *con_sock && *con_sock != FN_LIBCHAR) con_sock=fn_format(buff, con_sock, TMPDIR, "",0); @@ -4604,9 +4608,14 @@ int main(int argc, char **argv) mysql_options(&cur_con->mysql, MYSQL_SET_CHARSET_NAME, charset_name); #ifdef HAVE_OPENSSL + opt_ssl_verify_server_cert= TRUE; /* Always on in mysqltest */ if (opt_use_ssl) + { mysql_ssl_set(&cur_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); + mysql_options(&cur_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + &opt_ssl_verify_server_cert); + } #endif if (!(cur_con->name = my_strdup("default", MYF(MY_WME)))) diff --git a/include/mysql.h b/include/mysql.h index 925a4525378..7149224dcdd 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -149,7 +149,8 @@ enum mysql_option MYSQL_OPT_WRITE_TIMEOUT, MYSQL_OPT_USE_RESULT, MYSQL_OPT_USE_REMOTE_CONNECTION, MYSQL_OPT_USE_EMBEDDED_CONNECTION, MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, - MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT + MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, + MYSQL_OPT_SSL_VERIFY_SERVER_CERT }; struct st_mysql_options { @@ -164,6 +165,7 @@ struct st_mysql_options { char *ssl_ca; /* PEM CA file */ char *ssl_capath; /* PEM directory of CA-s? */ char *ssl_cipher; /* cipher to use */ + my_bool ssl_verify_server_cert; /* if to verify server cert */ char *shared_memory_base_name; unsigned long max_allowed_packet; my_bool use_ssl; /* if to use SSL or not */ diff --git a/include/sslopt-longopts.h b/include/sslopt-longopts.h index dc3b0922327..f444a7eb7ce 100644 --- a/include/sslopt-longopts.h +++ b/include/sslopt-longopts.h @@ -37,5 +37,10 @@ {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl).", (gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, - +#ifdef MYSQL_CLIENT + {"ssl-verify-server-cert", OPT_SSL_VERIFY_SERVER_CERT, + "Verify servers \"Common Name\" in it's cert against hostname used when connecting. This option is disabled by default.", + (gptr*) &opt_ssl_verify_server_cert, (gptr*) &opt_ssl_verify_server_cert, + 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, +#endif #endif /* HAVE_OPENSSL */ diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index 164cf541381..8e5f3434396 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -21,4 +21,7 @@ static char *opt_ssl_cert = 0; static char *opt_ssl_ca = 0; static char *opt_ssl_capath = 0; static char *opt_ssl_cipher = 0; +#ifdef MYSQL_CLIENT +static my_bool opt_ssl_verify_server_cert= 0; +#endif #endif diff --git a/sql-common/client.c b/sql-common/client.c index b24b92014d6..13a816b05b9 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1500,6 +1500,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) , mysql->options.ssl_ca= strdup_if_not_null(ca); mysql->options.ssl_capath= strdup_if_not_null(capath); mysql->options.ssl_cipher= strdup_if_not_null(cipher); + mysql->options.ssl_verify_server_cert= FALSE; /* Off by default */ #endif /* HAVE_OPENSSL */ DBUG_RETURN(0); } @@ -1521,7 +1522,7 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused))) my_free(mysql->options.ssl_cert, MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->options.ssl_ca, MYF(MY_ALLOW_ZERO_PTR)); my_free(mysql->options.ssl_capath, MYF(MY_ALLOW_ZERO_PTR)); - my_free(mysql->options.ssl_cipher, MYF(MY_ALLOW_ZERO_PTR)); + my_free(mysql->options.ssl_cipher, MYF(MY_ALLOW_ZERO_PTR)); if (ssl_fd) SSL_CTX_free(ssl_fd->ssl_context); my_free(mysql->connector_fd,MYF(MY_ALLOW_ZERO_PTR)); @@ -1534,6 +1535,77 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused))) mysql->connector_fd = 0; DBUG_VOID_RETURN; } + +/* + Check the server's (subject) Common Name against the + hostname we connected to + + SYNOPSIS + ssl_verify_server_cert() + vio pointer to a SSL connected vio + server_hostname name of the server that we connected to + + RETURN VALUES + 0 Success + 1 Failed to validate server + + */ +static int ssl_verify_server_cert(Vio *vio, const char* server_hostname) +{ + SSL *ssl; + X509 *server_cert; + char *cp1, *cp2; + char buf[256]; + DBUG_ENTER("ssl_verify_server_cert"); + DBUG_PRINT("enter", ("server_hostname: %s", server_hostname)); + + if (!(ssl= (SSL*)vio->ssl_arg)) + { + DBUG_PRINT("error", ("No SSL pointer found")); + DBUG_RETURN(1); + } + + if (!server_hostname) + { + DBUG_PRINT("error", ("No server hostname supplied")); + DBUG_RETURN(1); + } + + if (!(server_cert= SSL_get_peer_certificate(ssl))) + { + DBUG_PRINT("error", ("Could not get server certificate")); + DBUG_RETURN(1); + } + + /* + We already know that the certificate exchanged was valid; the SSL library + handled that. Now we need to verify that the contents of the certificate + are what we expect. + */ + + X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); + X509_free (server_cert); + + DBUG_PRINT("info", ("hostname in cert: %s", buf)); + cp1 = strstr(buf, "/CN="); + if (cp1) + { + cp1 += 4; // Skip the "/CN=" that we found + // Search for next / which might be the delimiter for email + cp2 = strchr(cp1, '/'); + if (cp2) + *cp2 = '\0'; + DBUG_PRINT("info", ("Server hostname in cert: %s", cp1)); + if (!strcmp(cp1, server_hostname)) + { + /* Success */ + DBUG_RETURN(0); + } + } + DBUG_PRINT("error", ("SSL certificate validation failure")); + DBUG_RETURN(1); +} + #endif /* HAVE_OPENSSL */ @@ -2049,7 +2121,14 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, } DBUG_PRINT("info", ("IO layer change done!")); - /* TODO Verify server cert */ + /* Verify server cert */ + if (mysql->options.ssl_verify_server_cert && + ssl_verify_server_cert(mysql->net.vio, mysql->host)) + { + set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); + goto error; + } + } #endif /* HAVE_OPENSSL */ @@ -2789,6 +2868,9 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg) case MYSQL_OPT_RECONNECT: mysql->reconnect= *(my_bool *) arg; break; + case MYSQL_OPT_SSL_VERIFY_SERVER_CERT: + mysql->options.ssl_verify_server_cert= *(my_bool *) arg; + break; default: DBUG_RETURN(1); } diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index d6356f1adca..2b3e80a98e4 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -290,20 +290,20 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, const char *cipher) { struct st_VioSSLFd *ssl_fd; - int verify= SSL_VERIFY_NONE; + int verify= SSL_VERIFY_PEER; if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, ca_path, cipher, TLSv1_client_method()))) { return 0; } + /* Init the the VioSSLFd as a "connector" ie. the client side */ /* The verify_callback function is used to control the behaviour - when the SSL_VERIFY_PEER flag is set. Here it is SSL_VERIFY_NONE - and thus callback is set to NULL + when the SSL_VERIFY_PEER flag is set. */ - SSL_CTX_set_verify(ssl_fd->ssl_context, verify, NULL); + SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback); return ssl_fd; } From c77336c2607bb28236664205aec0f2e480cf24d8 Mon Sep 17 00:00:00 2001 From: "kroki@mysql.com" <> Date: Mon, 24 Apr 2006 18:06:43 +0400 Subject: [PATCH 04/53] Bug#16501: IS_USED_LOCK does not appear to work Update User_level_lock::thread_id on acquiring an existing lock, and reset it on lock release. --- mysql-test/r/func_misc.result | 36 +++++++++++++++++++++++++++++++++ mysql-test/t/func_misc.test | 38 +++++++++++++++++++++++++++++++++++ sql/item_func.cc | 2 ++ 3 files changed, 76 insertions(+) diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index 181ecf7b65b..a5beef859f0 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -57,3 +57,39 @@ t1 CREATE TABLE `t1` ( `length(uuid())` int(10) NOT NULL default '0' ) ENGINE=MyISAM DEFAULT CHARSET=latin1 drop table t1; +DROP TABLE IF EXISTS t1; +CREATE TABLE t1 (conn CHAR(7), connection_id INT); +INSERT INTO t1 VALUES ('default', CONNECTION_ID()); +SELECT GET_LOCK('bug16501',600); +GET_LOCK('bug16501',600) +1 +INSERT INTO t1 VALUES ('con1', CONNECTION_ID()); +SELECT IS_USED_LOCK('bug16501') = connection_id +FROM t1 +WHERE conn = 'default'; +IS_USED_LOCK('bug16501') = connection_id +1 + SELECT GET_LOCK('bug16501',600); +SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); +IS_USED_LOCK('bug16501') = CONNECTION_ID() +1 +SELECT RELEASE_LOCK('bug16501'); +RELEASE_LOCK('bug16501') +1 +SELECT IS_USED_LOCK('bug16501') = connection_id +FROM t1 +WHERE conn = 'con1'; +IS_USED_LOCK('bug16501') = connection_id +1 +GET_LOCK('bug16501',600) +1 +SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); +IS_USED_LOCK('bug16501') = CONNECTION_ID() +1 +SELECT RELEASE_LOCK('bug16501'); +RELEASE_LOCK('bug16501') +1 +SELECT IS_USED_LOCK('bug16501'); +IS_USED_LOCK('bug16501') +NULL +DROP TABLE t1; diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index 87d9d601c87..9c706161ba9 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -43,4 +43,42 @@ create table t1 as select uuid(), length(uuid()); show create table t1; drop table t1; + +# +# Bug#16501: IS_USED_LOCK does not appear to work +# +--disable_warnings +DROP TABLE IF EXISTS t1; +--enable_warnings + +CREATE TABLE t1 (conn CHAR(7), connection_id INT); +INSERT INTO t1 VALUES ('default', CONNECTION_ID()); + +SELECT GET_LOCK('bug16501',600); + +connect (con1,localhost,root,,); +INSERT INTO t1 VALUES ('con1', CONNECTION_ID()); +SELECT IS_USED_LOCK('bug16501') = connection_id +FROM t1 +WHERE conn = 'default'; +send SELECT GET_LOCK('bug16501',600); + +connection default; +SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); +SELECT RELEASE_LOCK('bug16501'); +SELECT IS_USED_LOCK('bug16501') = connection_id +FROM t1 +WHERE conn = 'con1'; + +connection con1; +reap; +SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); +SELECT RELEASE_LOCK('bug16501'); +SELECT IS_USED_LOCK('bug16501'); + +disconnect con1; +connection default; + +DROP TABLE t1; + # End of 4.1 tests diff --git a/sql/item_func.cc b/sql/item_func.cc index 174a8c55d01..1f170242113 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1972,6 +1972,7 @@ void item_user_lock_free(void) void item_user_lock_release(User_level_lock *ull) { ull->locked=0; + ull->thread_id= 0; if (mysql_bin_log.is_open()) { char buf[256]; @@ -2170,6 +2171,7 @@ longlong Item_func_get_lock::val_int() { ull->locked=1; ull->thread=thd->real_id; + ull->thread_id= thd->thread_id; thd->ull=ull; error=0; } From e6fedbdb39ab1b065d519798f54a824446ffe564 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 26 Apr 2006 15:29:52 +0200 Subject: [PATCH 05/53] Import from upstream yassl --- extra/yassl/mySTL/helpers.hpp | 5 ++ extra/yassl/taocrypt/include/asn.hpp | 19 ++++-- extra/yassl/taocrypt/src/asn.cpp | 64 ++++++++++++++++---- extra/yassl/taocrypt/src/make.bat | 2 +- extra/yassl/taocrypt/src/template_instnt.cpp | 1 - extra/yassl/testsuite/test.hpp | 4 +- 6 files changed, 73 insertions(+), 22 deletions(-) diff --git a/extra/yassl/mySTL/helpers.hpp b/extra/yassl/mySTL/helpers.hpp index 5aa14d838b1..df79025197a 100644 --- a/extra/yassl/mySTL/helpers.hpp +++ b/extra/yassl/mySTL/helpers.hpp @@ -44,6 +44,11 @@ return static_cast(d); } + // for compilers that want matching delete + inline void operator delete(void* ptr, Dummy* d) + { + } + typedef Dummy* yassl_pointer; namespace mySTL { diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index 6a1163fbb1c..7dc349e00db 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -79,7 +79,13 @@ enum ASNIdFlag enum DNTags { - COMMON_NAME = 0x03 + COMMON_NAME = 0x03, // CN + SUR_NAME = 0x04, // SN + COUNTRY_NAME = 0x06, // C + LOCALITY_NAME = 0x07, // L + STATE_NAME = 0x08, // ST + ORG_NAME = 0x0a, // O + ORGUNIT_NAME = 0x0b // OU }; @@ -92,7 +98,8 @@ enum Constants MAX_SEQ_SZ = 5, // enum(seq|con) + length(4) MAX_ALGO_SIZE = 9, MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4) - DSA_SIG_SZ = 40 + DSA_SIG_SZ = 40, + NAME_MAX = 512 // max total of all included names }; @@ -205,14 +212,14 @@ enum { SHA_SIZE = 20 }; // A Signing Authority class Signer { PublicKey key_; - char* name_; + char name_[NAME_MAX]; byte hash_[SHA_SIZE]; public: Signer(const byte* k, word32 kSz, const char* n, const byte* h); ~Signer(); const PublicKey& GetPublicKey() const { return key_; } - const char* GetCommonName() const { return name_; } + const char* GetName() const { return name_; } const byte* GetHash() const { return hash_; } private: @@ -257,8 +264,8 @@ private: byte subjectHash_[SHA_SIZE]; // hash of all Names byte issuerHash_[SHA_SIZE]; // hash of all Names byte* signature_; - char* issuer_; // CommonName - char* subject_; // CommonName + char issuer_[NAME_MAX]; // Names + char subject_[NAME_MAX]; // Names bool verify_; // Default to yes, but could be off void ReadHeader(); diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index 3efc26ab168..824d1a2056d 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -213,21 +213,17 @@ void PublicKey::AddToEnd(const byte* data, word32 len) Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h) - : key_(k, kSz), name_(0) + : key_(k, kSz) { - if (n) { int sz = strlen(n); - name_ = NEW_TC char[sz + 1]; memcpy(name_, n, sz); name_[sz] = 0; - } memcpy(hash_, h, SHA::DIGEST_SIZE); } Signer::~Signer() { - tcArrayDelete(name_); } @@ -424,17 +420,19 @@ void DH_Decoder::Decode(DH& key) CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers, bool noVerify, CertType ct) : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), - signature_(0), issuer_(0), subject_(0), verify_(!noVerify) + signature_(0), verify_(!noVerify) { + issuer_[0] = 0; + subject_[0] = 0; + if (decode) Decode(signers, ct); + } CertDecoder::~CertDecoder() { - tcArrayDelete(subject_); - tcArrayDelete(issuer_); tcArrayDelete(signature_); } @@ -672,8 +670,12 @@ void CertDecoder::GetName(NameType nt) SHA sha; word32 length = GetSequence(); // length of all distinguished names + assert (length < NAME_MAX); length += source_.get_index(); + char* ptr = (nt == ISSUER) ? issuer_ : subject_; + word32 idx = 0; + while (source_.get_index() < length) { GetSet(); GetSequence(); @@ -694,13 +696,49 @@ void CertDecoder::GetName(NameType nt) byte id = source_.next(); b = source_.next(); // strType word32 strLen = GetLength(source_); + bool copy = false; if (id == COMMON_NAME) { - char*& ptr = (nt == ISSUER) ? issuer_ : subject_; - ptr = NEW_TC char[strLen + 1]; - memcpy(ptr, source_.get_current(), strLen); - ptr[strLen] = 0; + memcpy(&ptr[idx], "/CN=", 4); + idx += 4; + copy = true; } + else if (id == SUR_NAME) { + memcpy(&ptr[idx], "/SN=", 4); + idx += 4; + copy = true; + } + else if (id == COUNTRY_NAME) { + memcpy(&ptr[idx], "/C=", 3); + idx += 3; + copy = true; + } + else if (id == LOCALITY_NAME) { + memcpy(&ptr[idx], "/L=", 3); + idx += 3; + copy = true; + } + else if (id == STATE_NAME) { + memcpy(&ptr[idx], "/ST=", 4); + idx += 4; + copy = true; + } + else if (id == ORG_NAME) { + memcpy(&ptr[idx], "/O=", 3); + idx += 3; + copy = true; + } + else if (id == ORGUNIT_NAME) { + memcpy(&ptr[idx], "/OU=", 4); + idx += 4; + copy = true; + } + + if (copy) { + memcpy(&ptr[idx], source_.get_current(), strLen); + idx += strLen; + } + sha.Update(source_.get_current(), strLen); source_.advance(strLen); } @@ -711,6 +749,8 @@ void CertDecoder::GetName(NameType nt) source_.advance(length); } } + ptr[idx++] = 0; + if (nt == ISSUER) sha.Final(issuerHash_); else diff --git a/extra/yassl/taocrypt/src/make.bat b/extra/yassl/taocrypt/src/make.bat index 5a2ae580b76..3acd50fc875 100644 --- a/extra/yassl/taocrypt/src/make.bat +++ b/extra/yassl/taocrypt/src/make.bat @@ -1,4 +1,4 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 diff --git a/extra/yassl/taocrypt/src/template_instnt.cpp b/extra/yassl/taocrypt/src/template_instnt.cpp index 12bcd8238f2..18a884364fa 100644 --- a/extra/yassl/taocrypt/src/template_instnt.cpp +++ b/extra/yassl/taocrypt/src/template_instnt.cpp @@ -30,7 +30,6 @@ #include "sha.hpp" #include "md5.hpp" #include "hmac.hpp" -#include "ripemd.hpp" #include "pwdbased.hpp" #include "algebra.hpp" #include "vector.hpp" diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp index 79d02b63558..7fe8656f6d2 100644 --- a/extra/yassl/testsuite/test.hpp +++ b/extra/yassl/testsuite/test.hpp @@ -305,8 +305,8 @@ inline void showPeer(SSL* ssl) char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); printf("peer's cert info:\n"); - printf("issuer is: %s\n", issuer); - printf("subject is: %s\n", subject); + printf("issuer : %s\n", issuer); + printf("subject: %s\n", subject); free(subject); free(issuer); From 06be3a2b8766f93b381c83334f08595b7993a29f Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 26 Apr 2006 18:10:14 +0200 Subject: [PATCH 06/53] Move inclusion of "ripemd.hpp" from yassl to taocrypt --- extra/yassl/src/template_instnt.cpp | 1 - extra/yassl/taocrypt/src/template_instnt.cpp | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp index 5782df213ea..d4a1650b8e2 100644 --- a/extra/yassl/src/template_instnt.cpp +++ b/extra/yassl/src/template_instnt.cpp @@ -31,7 +31,6 @@ #include "hmac.hpp" #include "md5.hpp" #include "sha.hpp" -#include "ripemd.hpp" #include "openssl/ssl.h" #ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION diff --git a/extra/yassl/taocrypt/src/template_instnt.cpp b/extra/yassl/taocrypt/src/template_instnt.cpp index 18a884364fa..5efd2d32a10 100644 --- a/extra/yassl/taocrypt/src/template_instnt.cpp +++ b/extra/yassl/taocrypt/src/template_instnt.cpp @@ -34,6 +34,7 @@ #include "algebra.hpp" #include "vector.hpp" #include "hash.hpp" +#include "ripemd.hpp" #ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION namespace TaoCrypt { From 97cf31a6a88778ceb000632316dbbd1180fd26dc Mon Sep 17 00:00:00 2001 From: "kent@mysql.com" <> Date: Wed, 26 Apr 2006 18:26:26 +0200 Subject: [PATCH 07/53] configure.in: Recloning, set back to 5.0.21 --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 74ac7ed4574..174c9a16d8e 100644 --- a/configure.in +++ b/configure.in @@ -7,7 +7,7 @@ AC_INIT(sql/mysqld.cc) AC_CANONICAL_SYSTEM # The Docs Makefile.am parses this line! # remember to also change ndb version below and update version.c in ndb -AM_INIT_AUTOMAKE(mysql, 5.0.22) +AM_INIT_AUTOMAKE(mysql, 5.0.21) AM_CONFIG_HEADER(config.h) PROTOCOL_VERSION=10 @@ -19,7 +19,7 @@ SHARED_LIB_VERSION=$SHARED_LIB_MAJOR_VERSION:0:0 # ndb version NDB_VERSION_MAJOR=5 NDB_VERSION_MINOR=0 -NDB_VERSION_BUILD=22 +NDB_VERSION_BUILD=21 NDB_VERSION_STATUS="" # Set all version vars based on $VERSION. How do we do this more elegant ? From 9318ac9ae128fdb1f15eeca7cc5d7ea2ea18f3bc Mon Sep 17 00:00:00 2001 From: "kroki@mysql.com" <> Date: Thu, 27 Apr 2006 14:54:36 +0400 Subject: [PATCH 08/53] Bug#16372: Server crashes when test 'conc_sys' is running Concurrent read and update of privilege structures (like simultaneous run of SHOW GRANTS and ADD USER) could result in server crash. Ensure that proper locking of ACL structures is done. No test case is provided because this bug can't be reproduced deterministically. --- sql/sql_acl.cc | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 4626e5892a4..204a38dfb64 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -894,6 +894,8 @@ static void acl_update_user(const char *user, const char *host, USER_RESOURCES *mqh, ulong privileges) { + safe_mutex_assert_owner(&acl_cache->lock); + for (uint i=0 ; i < acl_users.elements ; i++) { ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); @@ -942,6 +944,9 @@ static void acl_insert_user(const char *user, const char *host, ulong privileges) { ACL_USER acl_user; + + safe_mutex_assert_owner(&acl_cache->lock); + acl_user.user=*user ? strdup_root(&mem,user) : 0; update_hostname(&acl_user.host, *host ? strdup_root(&mem, host): 0); acl_user.access=privileges; @@ -973,6 +978,8 @@ static void acl_insert_user(const char *user, const char *host, static void acl_update_db(const char *user, const char *host, const char *db, ulong privileges) { + safe_mutex_assert_owner(&acl_cache->lock); + for (uint i=0 ; i < acl_dbs.elements ; i++) { ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*); @@ -1358,6 +1365,9 @@ find_acl_user(const char *host, const char *user, my_bool exact) { DBUG_ENTER("find_acl_user"); DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user)); + + safe_mutex_assert_owner(&acl_cache->lock); + for (uint i=0 ; i < acl_users.elements ; i++) { ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); @@ -1370,7 +1380,7 @@ find_acl_user(const char *host, const char *user, my_bool exact) if (!acl_user->user && !user[0] || acl_user->user && !strcmp(user,acl_user->user)) { - if (exact ? !my_strcasecmp(&my_charset_latin1, host, + if (exact ? !my_strcasecmp(system_charset_info, host, acl_user->host.hostname ? acl_user->host.hostname : "") : compare_hostname(&acl_user->host,host,host)) @@ -2445,6 +2455,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, create_new_users= test_if_create_new_users(thd); int result=0; rw_wrlock(&LOCK_grant); + pthread_mutex_lock(&acl_cache->lock); MEM_ROOT *old_root= thd->mem_root; thd->mem_root= &memex; @@ -2460,10 +2471,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, continue; } /* Create user if needed */ - pthread_mutex_lock(&acl_cache->lock); error=replace_user_table(thd, tables[0].table, *Str, 0, revoke_grant, create_new_users); - pthread_mutex_unlock(&acl_cache->lock); if (error) { result= -1; // Remember error @@ -2552,6 +2561,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, } grant_option=TRUE; thd->mem_root= old_root; + pthread_mutex_unlock(&acl_cache->lock); rw_unlock(&LOCK_grant); if (!result) send_ok(thd); @@ -3203,6 +3213,9 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) DBUG_RETURN(-1); } + rw_rdlock(&LOCK_grant); + VOID(pthread_mutex_lock(&acl_cache->lock)); + for (counter=0 ; counter < acl_users.elements ; counter++) { const char *user,*host; @@ -3217,6 +3230,9 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) } if (counter == acl_users.elements) { + VOID(pthread_mutex_unlock(&acl_cache->lock)); + rw_unlock(&LOCK_grant); + my_error(ER_NONEXISTING_GRANT, MYF(0), lex_user->user.str, lex_user->host.str); DBUG_RETURN(-1); @@ -3230,10 +3246,12 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user) lex_user->host.str,NullS); field_list.push_back(field); if (protocol->send_fields(&field_list,1)) - DBUG_RETURN(-1); + { + VOID(pthread_mutex_unlock(&acl_cache->lock)); + rw_unlock(&LOCK_grant); - rw_wrlock(&LOCK_grant); - VOID(pthread_mutex_lock(&acl_cache->lock)); + DBUG_RETURN(-1); + } /* Add first global access grants */ { @@ -3540,10 +3558,15 @@ void get_privilege_desc(char *to, uint max_length, ulong access) void get_mqh(const char *user, const char *host, USER_CONN *uc) { ACL_USER *acl_user; + + pthread_mutex_lock(&acl_cache->lock); + if (initialized && (acl_user= find_acl_user(host,user, FALSE))) uc->user_resources= acl_user->user_resource; else bzero((char*) &uc->user_resources, sizeof(uc->user_resources)); + + pthread_mutex_unlock(&acl_cache->lock); } int open_grant_tables(THD *thd, TABLE_LIST *tables) @@ -3602,6 +3625,8 @@ ACL_USER *check_acl_user(LEX_USER *user_name, ACL_USER *acl_user= 0; uint counter; + safe_mutex_assert_owner(&acl_cache->lock); + for (counter= 0 ; counter < acl_users.elements ; counter++) { const char *user,*host; From 53b842866edcb34c5a7036eb99b75f749d18f83e Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Fri, 28 Apr 2006 11:37:20 +0200 Subject: [PATCH 09/53] Fix small bug in udf_example.cc, it was processing one char too much and thus returning junk Add more DBUG_PRINT's in udf_handler::val_str Enable udf.test --- mysql-test/t/disabled.def | 1 - sql/item_func.cc | 15 ++++++++++----- sql/udf_example.cc | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/mysql-test/t/disabled.def b/mysql-test/t/disabled.def index 1b587eea40f..007847fab37 100644 --- a/mysql-test/t/disabled.def +++ b/mysql-test/t/disabled.def @@ -11,4 +11,3 @@ ############################################################################## ndb_load : Bug#17233 -udf : Not yet diff --git a/sql/item_func.cc b/sql/item_func.cc index 0447ab115ec..f2f2cd9b4ed 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -2734,9 +2734,10 @@ String *udf_handler::val_str(String *str,String *save_str) { uchar is_null_tmp=0; ulong res_length; + DBUG_ENTER("udf_handler::val_str"); if (get_arguments()) - return 0; + DBUG_RETURN(0); char * (*func)(UDF_INIT *, UDF_ARGS *, char *, ulong *, uchar *, uchar *)= (char* (*)(UDF_INIT *, UDF_ARGS *, char *, ulong *, uchar *, uchar *)) u_d->func; @@ -2746,22 +2747,26 @@ String *udf_handler::val_str(String *str,String *save_str) if (str->alloc(MAX_FIELD_WIDTH)) { error=1; - return 0; + DBUG_RETURN(0); } } char *res=func(&initid, &f_args, (char*) str->ptr(), &res_length, &is_null_tmp, &error); + DBUG_PRINT("info", ("udf func returned, res_length: %lu", res_length)); if (is_null_tmp || !res || error) // The !res is for safety { - return 0; + DBUG_PRINT("info", ("Null or error")); + DBUG_RETURN(0); } if (res == str->ptr()) { str->length(res_length); - return str; + DBUG_PRINT("exit", ("str: %s", str->ptr())); + DBUG_RETURN(str); } save_str->set(res, res_length, str->charset()); - return save_str; + DBUG_PRINT("exit", ("save_str: %s", save_str->ptr())); + DBUG_RETURN(save_str); } diff --git a/sql/udf_example.cc b/sql/udf_example.cc index f4f936f34ef..6ad066eacc2 100644 --- a/sql/udf_example.cc +++ b/sql/udf_example.cc @@ -344,7 +344,7 @@ char *metaphon(UDF_INIT *initid, UDF_ARGS *args, char *result, KSflag = 0; /* state flag for KS translation */ for (metaph_end = result + MAXMETAPH, n_start = n; - n <= n_end && result < metaph_end; n++ ) + n < n_end && result < metaph_end; n++ ) { if ( KSflag ) From a7a8143941b25efc91875444f24514eb44929059 Mon Sep 17 00:00:00 2001 From: "jani@a193-229-222-105.elisa-laajakaista.fi" <> Date: Sun, 30 Apr 2006 16:01:34 +0300 Subject: [PATCH 10/53] Fix for Bug#14515. --- sql/set_var.cc | 4 ---- sql/sql_show.cc | 7 +++---- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/sql/set_var.cc b/sql/set_var.cc index 681c70c4c02..97d4fba208c 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -3207,10 +3207,6 @@ ulong fix_sql_mode(ulong sql_mode) MODE_IGNORE_SPACE | MODE_NO_KEY_OPTIONS | MODE_NO_TABLE_OPTIONS | MODE_NO_FIELD_OPTIONS); - if (sql_mode & MODE_MYSQL40) - sql_mode|= MODE_NO_FIELD_OPTIONS; - if (sql_mode & MODE_MYSQL323) - sql_mode|= MODE_NO_FIELD_OPTIONS; return sql_mode; } diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 268292022e4..ecdf74a1fef 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1344,8 +1344,8 @@ store_create_info(THD *thd, TABLE *table, String *packet) has_default= (field->type() != FIELD_TYPE_BLOB && field->unireg_check != Field::NEXT_NUMBER && - !((thd->variables.sql_mode & (MODE_MYSQL323 | MODE_MYSQL40)) && - has_now_default)); + !((thd->variables.sql_mode & (MODE_MYSQL323 | MODE_MYSQL40)) + && has_now_default)); if (has_default) { @@ -1374,8 +1374,7 @@ store_create_info(THD *thd, TABLE *table, String *packet) packet->append(tmp); } - if (!(thd->variables.sql_mode & MODE_NO_FIELD_OPTIONS) && - table->timestamp_field == field && + if (!limited_mysql_mode && table->timestamp_field == field && field->unireg_check != Field::TIMESTAMP_DN_FIELD) packet->append(" on update CURRENT_TIMESTAMP",28); From e2c3c372317fa49c2a27ab9ae58171a0db49b174 Mon Sep 17 00:00:00 2001 From: "jani@a193-229-222-105.elisa-laajakaista.fi" <> Date: Mon, 1 May 2006 21:30:09 +0300 Subject: [PATCH 11/53] Added tests for Bug#14515 --- mysql-test/r/ansi.result | 31 ++++++++++++++++++++++++++++++- mysql-test/t/ansi.test | 12 ++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/ansi.result b/mysql-test/r/ansi.result index 212d28f918b..4eda9654efc 100644 --- a/mysql-test/r/ansi.result +++ b/mysql-test/r/ansi.result @@ -2,7 +2,7 @@ drop table if exists t1; set sql_mode="MySQL40"; select @@sql_mode; @@sql_mode -NO_FIELD_OPTIONS,MYSQL40 +MYSQL40 set @@sql_mode="ANSI"; select @@sql_mode; @@sql_mode @@ -17,3 +17,32 @@ SELECT id FROM t1 GROUP BY id2; id drop table t1; SET @@SQL_MODE=""; +CREATE TABLE t1 (i int auto_increment NOT NULL, PRIMARY KEY (i)); +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `i` int(11) NOT NULL auto_increment, + PRIMARY KEY (`i`) +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +SET @@SQL_MODE="MYSQL323"; +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `i` int(11) NOT NULL auto_increment, + PRIMARY KEY (`i`) +) TYPE=MyISAM +SET @@SQL_MODE="MYSQL40"; +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `i` int(11) NOT NULL auto_increment, + PRIMARY KEY (`i`) +) TYPE=MyISAM +SET @@SQL_MODE="NO_FIELD_OPTIONS"; +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `i` int(11) NOT NULL, + PRIMARY KEY (`i`) +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +DROP TABLE t1; diff --git a/mysql-test/t/ansi.test b/mysql-test/t/ansi.test index 444bf982b8a..fa7f999954e 100644 --- a/mysql-test/t/ansi.test +++ b/mysql-test/t/ansi.test @@ -26,4 +26,16 @@ drop table t1; SET @@SQL_MODE=""; +# Bug#14515 + +CREATE TABLE t1 (i int auto_increment NOT NULL, PRIMARY KEY (i)); +SHOW CREATE TABLE t1; +SET @@SQL_MODE="MYSQL323"; +SHOW CREATE TABLE t1; +SET @@SQL_MODE="MYSQL40"; +SHOW CREATE TABLE t1; +SET @@SQL_MODE="NO_FIELD_OPTIONS"; +SHOW CREATE TABLE t1; +DROP TABLE t1; + # End of 4.1 tests From f9194996c422b9865ed3db5cb3307535259726c6 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Tue, 2 May 2006 14:46:18 +0200 Subject: [PATCH 12/53] Use libtool --mode=execute when starting the mysqld as well. Add $exe_libtool to be used throughout the script --- mysql-test/mysql-test-run.pl | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 3b29aff2892..08b9ade72a1 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -189,6 +189,7 @@ our $exe_slave_mysqld; our $exe_im; our $exe_my_print_defaults; our $lib_udf_example; +our $exe_libtool; our $opt_bench= 0; our $opt_small_bench= 0; @@ -448,6 +449,7 @@ sub initial_setup () { { $glob_use_libtool= 0; } + $exe_libtool= "../libtool"; # We require that we are in the "mysql-test" directory # to run mysql-test-run @@ -2624,6 +2626,15 @@ sub mysqld_start ($$$$$) { $exe= undef; } + if ($glob_use_libtool and $opt_valgrind) + { + # Add "libtool --mode-execute" + # if running in valgrind(to avoid valgrinding bash) + unshift(@$args, "--mode=execute", $exe); + $exe= $exe_libtool; + } + + if ( $type eq 'master' ) { if ( ! defined $exe or @@ -3126,7 +3137,7 @@ sub run_mysqltest ($) { # Add "libtool --mode-execute" before the test to execute # if running in valgrind(to avoid valgrinding bash) unshift(@$args, "--mode=execute", $exe); - $exe= "libtool"; + $exe= $exe_libtool; } if ( $opt_check_testcases ) @@ -3198,7 +3209,7 @@ sub gdb_arguments { if ( $glob_use_libtool ) { - mtr_add_arg($$args, "libtool"); + mtr_add_arg($$args, $exe_libtool); mtr_add_arg($$args, "--mode=execute"); } @@ -3261,7 +3272,7 @@ sub ddd_arguments { $$args= []; if ( $glob_use_libtool ) { - $$exe= "libtool"; + $$exe= $exe_libtool; mtr_add_arg($$args, "--mode=execute"); mtr_add_arg($$args, "ddd"); } @@ -3282,6 +3293,8 @@ sub debugger_arguments { my $exe= shift; my $debugger= $opt_debugger || $opt_client_debugger; + # FIXME Need to change the below "eq"'s to + # "case unsensitive string contains" if ( $debugger eq "vcexpress" or $debugger eq "vc") { # vc[express] /debugexe exe arg1 .. argn From 21bf41fab0cf8952fc2eb3585346321de04acf84 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 3 May 2006 11:31:23 +0200 Subject: [PATCH 13/53] Generate new ca, client and server cert. Set CN in the server cert to localhost so that we can test --ssl-verify-server-cert --- SSL/cacert.pem | 34 ++++++++--------- SSL/client-cert.pem | 87 ++++++++++++++++---------------------------- SSL/client-key.pem | 20 ++++------ SSL/client-req.pem | 17 ++++----- SSL/server-cert.pem | 89 ++++++++++++++++----------------------------- SSL/server-key.pem | 20 ++++------ SSL/server-req.pem | 17 ++++----- 7 files changed, 106 insertions(+), 178 deletions(-) diff --git a/SSL/cacert.pem b/SSL/cacert.pem index a63dae57767..b445e77d7c4 100644 --- a/SSL/cacert.pem +++ b/SSL/cacert.pem @@ -1,21 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIDcTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux -EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB -YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0 -Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYxNDE2WhcNMTMw -OTA5MTYxNDE2WjCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP -BgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9w -ZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNx -bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrT7zp5tp5djXp+TEQs -5ZEds1XUglp/EQUQ1FMMb1Xe6gqJsQ62O+jsUe0nrUjXBrUCUy49k6mcnmQtZREj -l1pWKmzx1fgcYpxTwxaY7IKB2jik5IWprhVPmSQ+AWss43oolXMZWR+csKehqm3j -+YNZc9NsR4ydE71l0VEtJEQvAgMBAAGjgegwgeUwHQYDVR0OBBYEFIiYZdnz8osD -HWZgYSP6rXNt02iSMIG1BgNVHSMEga0wgaqAFIiYZdnz8osDHWZgYSP6rXNt02iS -oYGOpIGLMIGIMQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8GA1UE -ChMITXlTUUwgQUIxITAfBgNVBAMTGEFic3RyYWN0IE15U1FMIERldmVsb3BlcjEx -MC8GCSqGSIb3DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNv -bYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAGIL22MCIU/0sKDp -pZIhoabvNVDTfuhtene+WBCrzCzGXPZjB4+b/KAJJNvOR4zi43Kk7euu+PENs9M7 -nKpInMdhvT1RcCnUHJ3jBCvDDzXab2msqn3rxhwetWWbfE0OeEn/PoQcwiZCe7x5 -h+Zz+oUbvsEe4DjtDVgG4UH9nSSS +MIICrTCCAhagAwIBAgIJAIAO/Ybiptv1MA0GCSqGSIb3DQEBBAUAMEQxCzAJBgNV +BAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYD +VQQKEwhNeVNRTCBBQjAeFw0wNjA1MDMwODQ4NTRaFw0wOTAxMjcwODQ4NTRaMEQx +CzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxh +MREwDwYDVQQKEwhNeVNRTCBBQjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA ++C46EQl1u7tQ6gb9eqc8V079gr8YmDPCEqtjO8bCIbchpjOpDITx0WZz36Sn9E72 +GPJwNip4FxLaPRIA3xNQHM5cE5U53qznlRx1Fc4O3hcWCvyCqNDl/vzPAh3pI6Bl +Ku9hfHXpp93W812smVPe9haShEXGgbEPYGzvOfVdu/MCAwEAAaOBpjCBozAdBgNV +HQ4EFgQUjIy/6OCTmqtPHBFha6/qzVk3yTcwdAYDVR0jBG0wa4AUjIy/6OCTmqtP +HBFha6/qzVk3yTehSKRGMEQxCzAJBgNVBAYTAlNFMRAwDgYDVQQIEwdVcHBzYWxh +MRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhNeVNRTCBBQoIJAIAO/Ybiptv1 +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA8lD9zyB820Oq1aj7ZafX +De/hbdt9RIl2tzgw2K3r1KZGdXJVL0vSt5fZ51Nq9lg7OPJy3iXf+caBJEp0IJpB +uf4Gfr6zfXw+UlY6ZthRtHQHoXKcbskECjH5/ps/Uaa+dpVQ9O+Ii1rPzmgo6ztM +s+xZ46ESBt4WiHXm8kwbU9Y= -----END CERTIFICATE----- diff --git a/SSL/client-cert.pem b/SSL/client-cert.pem index 4c81162c911..fdd5c86a23f 100644 --- a/SSL/client-cert.pem +++ b/SSL/client-cert.pem @@ -1,67 +1,42 @@ Certificate: Data: - Version: 3 (0x2) + Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption - Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com + Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB Validity - Not Before: Sep 12 16:21:19 2003 GMT - Not After : Sep 9 16:21:19 2013 GMT - Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Client/Email=abstract.mysql.developer@mysql.com + Not Before: May 3 08:55:39 2006 GMT + Not After : Jan 27 08:55:39 2009 GMT + Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c4:03:0a:ee:e3:b1:12:fc:ee:b4:19:f4:e1:60: - 1d:e0:28:c3:96:2d:df:82:69:cd:74:7c:54:58:d0: - ae:b3:59:3f:0c:19:1c:99:10:a6:12:c9:cf:3a:64: - 05:43:8e:bf:d2:65:36:80:91:0b:65:b0:27:26:38: - c9:23:d8:36:a2:4a:f0:f7:c0:2f:68:38:70:01:27: - 29:ff:b2:c5:52:e1:6b:f1:c8:d7:c3:5c:ee:f0:37: - 6c:2a:9b:96:1a:05:9e:eb:33:a2:39:5a:77:66:62: - 27:75:1f:2f:6f:38:da:e5:9f:78:af:ca:6b:22:3f: - 57:2b:bc:a6:8f:47:d1:99:6f + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:d8:db:68:28:49:84:4d:d6:0f:5c:bc:3d:9a:ab: + 70:d5:3e:f5:b5:17:ba:ef:e1:f8:87:54:30:22:1f: + 81:07:bf:f9:24:7f:8a:54:10:e9:5f:e6:99:50:04: + d4:3b:55:a9:f1:52:ad:12:2b:5a:da:5c:be:8c:3e: + 5b:9e:b0:5a:19 Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 80:81:A9:22:EB:AB:D6:CA:7E:3F:8D:BB:D1:AC:2A:F4:87:9D:13:29 - X509v3 Authority Key Identifier: - keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92 - DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com - serial:00 - Signature Algorithm: md5WithRSAEncryption - 86:17:1c:f3:9f:10:1b:75:47:03:ca:54:ea:ef:f7:15:54:8d: - 8f:58:c9:64:7d:de:2e:bf:ea:a6:5d:72:56:c9:81:be:bb:1c: - 78:a5:91:d6:f8:77:df:9d:d2:cb:94:d9:06:61:4f:05:21:22: - 2a:ea:9e:c3:8b:4d:fe:94:c7:98:61:cd:7e:88:19:c9:92:01: - 1f:10:5b:c6:16:95:99:9b:32:01:3a:89:df:fa:0a:89:ac:fa: - b5:40:55:7a:ca:0a:bd:5d:8b:06:d8:7e:e1:44:8c:70:c8:63: - c7:77:6a:37:3d:a4:ac:57:dc:00:c1:c1:f3:72:17:5b:50:95: - ee:b7 + 07:57:bf:07:92:c2:8e:86:24:6b:0a:bf:e5:31:21:44:c3:60: + 02:a6:ac:9e:f7:db:7a:6e:fc:4f:d4:7b:54:18:80:47:d2:4a: + 63:0e:e3:f8:af:6e:58:e3:97:5a:2b:82:5d:76:20:d1:33:a0: + f5:43:a1:d1:51:f4:ca:c8:b3:1a:66:4e:0e:55:df:d2:e8:fa: + 83:18:42:f5:ec:66:40:f0:39:e8:f9:d7:cf:f6:dd:e4:7b:69: + dd:0c:92:d8:52:95:43:6f:29:3d:f0:8d:4c:dd:52:ea:6b:a0: + 39:0f:dc:59:a7:5c:37:6b:8b:05:44:b7:69:ea:a3:58:e0:4e: + ce:d6 -----BEGIN CERTIFICATE----- -MIIDkTCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux -EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB -YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0 -Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMTE5WhcNMTMw -OTA5MTYyMTE5WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G -A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIENsaWVudDExMC8GCSqGSIb3 -DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEAxAMK7uOxEvzutBn04WAd4CjDli3fgmnNdHxU -WNCus1k/DBkcmRCmEsnPOmQFQ46/0mU2gJELZbAnJjjJI9g2okrw98AvaDhwAScp -/7LFUuFr8cjXw1zu8DdsKpuWGgWe6zOiOVp3ZmIndR8vbzja5Z94r8prIj9XK7ym -j0fRmW8CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w -ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSAgaki66vWyn4/ -jbvRrCr0h50TKTCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB -jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT -CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv -BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C -AQAwDQYJKoZIhvcNAQEEBQADgYEAhhcc858QG3VHA8pU6u/3FVSNj1jJZH3eLr/q -pl1yVsmBvrsceKWR1vh3353Sy5TZBmFPBSEiKuqew4tN/pTHmGHNfogZyZIBHxBb -xhaVmZsyATqJ3/oKiaz6tUBVesoKvV2LBth+4USMcMhjx3dqNz2krFfcAMHB83IX -W1CV7rc= +MIIB5jCCAU8CAQEwDQYJKoZIhvcNAQEEBQAwRDELMAkGA1UEBhMCU0UxEDAOBgNV +BAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFC +MB4XDTA2MDUwMzA4NTUzOVoXDTA5MDEyNzA4NTUzOVowdzELMAkGA1UEBhMCU0Ux +EDAOBgNVBAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15 +U1FMIEFCMTEwLwYJKoZIhvcNAQkBFiJhYnN0cmFjdC5teXNxbC5kZXZlbG9wZXJA +bXlzcWwuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANjbaChJhE3WD1y8PZqr +cNU+9bUXuu/h+IdUMCIfgQe/+SR/ilQQ6V/mmVAE1DtVqfFSrRIrWtpcvow+W56w +WhkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAHV78HksKOhiRrCr/lMSFEw2ACpqye +99t6bvxP1HtUGIBH0kpjDuP4r25Y45daK4JddiDRM6D1Q6HRUfTKyLMaZk4OVd/S +6PqDGEL17GZA8Dno+dfP9t3ke2ndDJLYUpVDbyk98I1M3VLqa6A5D9xZp1w3a4sF +RLdp6qNY4E7O1g== -----END CERTIFICATE----- diff --git a/SSL/client-key.pem b/SSL/client-key.pem index 58fa805e620..22f8e23ab2a 100644 --- a/SSL/client-key.pem +++ b/SSL/client-key.pem @@ -1,15 +1,9 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDEAwru47ES/O60GfThYB3gKMOWLd+Cac10fFRY0K6zWT8MGRyZ -EKYSyc86ZAVDjr/SZTaAkQtlsCcmOMkj2DaiSvD3wC9oOHABJyn/ssVS4WvxyNfD -XO7wN2wqm5YaBZ7rM6I5WndmYid1Hy9vONrln3ivymsiP1crvKaPR9GZbwIDAQAB -AoGAcR7IaoGhKbIrGGl6d67+zuT3q24h9aOV3Mn7653TlNHGnvbHGFcRYPpyy+H5 -X7m8XnHm+F+80hzNGzPecP9Q12oPOyoZgeQn6bTK73OFkNcX7FAkNdyH4xVhf2aK -YOzTcQfq3gRCqXtVIg4qBShTMjJLE31R8H430Or62XmJgFECQQDjP+Kz+ecQwuTB -HADLm+GQgceIB1kLgdQoZ3deUxGvqtVImuDRViSM0F2srfJ4GfkEDhc27UI5f6ir -ZTOw4ww7AkEA3M9wCPgWNtbOXbYjaNA0IzHcjMDxQDVvJAmb3EiZlKQp4EfrESxR -ly/u08TyfwrK6q5WS7xE0ad8+95G1af4XQJBAI9+3ME20SB1YItMCniHYwSj3oHX -2fN5NKWax/Zoz+c0IV+qZMHq+kNso2oRoOUTyXk1CJWndcTnBnPMALr2c9cCQQCZ -VL7Cq6uZVx6kemcqUHH0AprZbt3YLYLI7pc5p3xmeHzPzoEQQstBhjp8+aU+zPrN -blRkcQ8E2x5yNA7SLLrNAkAhzkA+EK8hc0f9W3ncy+py0Rn0i5Ay0N3T715vkThf -CfOHE3L91dLlmYpL5xVqOpugY/2sHyxwctv97DgS6tHZ +MIIBOgIBAAJBANjbaChJhE3WD1y8PZqrcNU+9bUXuu/h+IdUMCIfgQe/+SR/ilQQ +6V/mmVAE1DtVqfFSrRIrWtpcvow+W56wWhkCAwEAAQJAK27WT6tZylUjQomZNQ89 +TBiOEbUtBbqWklQ0R8FTkH9uKV+8KYQ+k+tMkoAEGFfChB0YfofNQ2KZYWWw4yOB +WQIhAPXXDQt73aou10s+cmKM3C3WzLmIZtrvm9wNBXWDGxgTAiEA4dG4cXrZfa1M +TTbjzNU1/Jf50/M8SvZDWMPQWxJ8oqMCIH6zBpYUkHlVCsBMvsbrsc4uFfTIx7mu +I7WVQGr/1sbhAiBf4uFirjtztgZUMx5/d3k5DH80lG/hlLf8FQl/4lWx6QIhAPHw +CXfPUbUFl4r/i9Br5+exGol50qX4F3aP5Sh5EnZT -----END RSA PRIVATE KEY----- diff --git a/SSL/client-req.pem b/SSL/client-req.pem index b3667fb5ec6..16ef777b677 100644 --- a/SSL/client-req.pem +++ b/SSL/client-req.pem @@ -1,12 +1,9 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBvDCCASUCAQAwfDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP -BgNVBAoTCE15U1FMIEFCMRUwEwYDVQQDEwxNeVNRTCBDbGllbnQxMTAvBgkqhkiG -9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAMQDCu7jsRL87rQZ9OFgHeAow5Yt34JpzXR8 -VFjQrrNZPwwZHJkQphLJzzpkBUOOv9JlNoCRC2WwJyY4ySPYNqJK8PfAL2g4cAEn -Kf+yxVLha/HI18Nc7vA3bCqblhoFnuszojlad2ZiJ3UfL2842uWfeK/KayI/Vyu8 -po9H0ZlvAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAnKdk68dGJXvlj/GXwBUWN -oXWF7hq4fDmwyhmcFUqk8qZKPKFUxkcER0GLzYeUgvD2URSfaS3/YW0d7K7kXGwP -rB5edb+suaYf6mjm/w37xw/EJI9rdSKcB/3SSu8mALds7sUHDAO+MO0WkA/9d7t0 -LOsUqcDvMkKpZuYwNILwLw== +MIIBMTCB3AIBADB3MQswCQYDVQQGEwJTRTEQMA4GA1UECBMHVXBwc2FsYTEQMA4G +A1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxMTAvBgkqhkiG9w0BCQEW +ImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wXDANBgkqhkiG9w0B +AQEFAANLADBIAkEA2NtoKEmETdYPXLw9mqtw1T71tRe67+H4h1QwIh+BB7/5JH+K +VBDpX+aZUATUO1Wp8VKtEita2ly+jD5bnrBaGQIDAQABoAAwDQYJKoZIhvcNAQEE +BQADQQB/86MEaTPxaMR80nZevJS/FLFkt+zlp45x3glUZyaOnYb970YNimytZBrz +iS2s/0dNeSRwKbEMzKc/Qhe/GVJt -----END CERTIFICATE REQUEST----- diff --git a/SSL/server-cert.pem b/SSL/server-cert.pem index debf7026e3c..f420b4f3124 100644 --- a/SSL/server-cert.pem +++ b/SSL/server-cert.pem @@ -1,67 +1,42 @@ Certificate: Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) + Version: 1 (0x0) + Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption - Issuer: C=SE, L=Uppsala, O=MySQL AB, CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com + Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB Validity - Not Before: Sep 12 16:22:06 2003 GMT - Not After : Sep 9 16:22:06 2013 GMT - Subject: C=SE, L=Uppsala, O=MySQL AB, CN=MySQL Server/Email=abstract.mysql.developer@mysql.com + Not Before: May 3 08:54:13 2006 GMT + Not After : Jan 27 08:54:13 2009 GMT + Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e9:86:7a:55:84:88:4c:be:a4:f8:92:73:30:12: - 49:0b:7a:85:87:39:34:39:0d:7d:0b:8d:18:c2:17: - 95:13:52:d2:3f:55:10:57:c8:3f:5a:f5:b2:fa:8b: - d0:67:49:cc:aa:82:fc:9f:ce:00:b4:73:f3:36:d2: - 3a:d3:c2:b0:0e:14:c3:d4:b2:21:74:a1:f0:31:81: - 60:87:98:73:5c:10:c1:b1:1a:4d:f1:f3:b0:98:3f: - f0:d7:97:9b:2b:fd:d5:21:79:b2:2f:eb:64:15:c9: - 9b:9d:fc:9e:2d:d4:f8:04:5b:ea:a9:75:4b:42:c3: - 3d:0e:4d:2a:a8:b8:ca:99:8d + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:d9:fd:da:b3:fb:7c:e0:b0:03:be:97:c6:a4:36: + ac:71:af:bb:2d:e5:84:ed:f3:8f:2b:eb:11:e5:aa: + 66:ed:bf:62:6b:e3:ce:fa:80:ed:90:ff:b9:4a:39: + 20:40:b6:f2:99:bf:2f:33:b5:f2:ec:3a:90:60:1d: + 9e:94:7e:a4:1b Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 6E:E4:9B:6A:C5:EA:E4:E6:C7:EF:D7:1E:C8:63:45:60:2B:1B:D4:D4 - X509v3 Authority Key Identifier: - keyid:88:98:65:D9:F3:F2:8B:03:1D:66:60:61:23:FA:AD:73:6D:D3:68:92 - DirName:/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com - serial:00 - Signature Algorithm: md5WithRSAEncryption - 31:77:69:b9:bd:ab:29:f3:fc:5a:09:16:6f:5d:42:ea:ba:01: - 55:69:e3:75:cf:b8:d1:b7:b9:bf:da:63:85:8c:48:92:06:60: - 76:97:e0:00:78:4b:ad:da:ab:6a:90:6d:8b:03:a8:b1:e9:09: - 78:e1:29:98:56:12:60:6b:42:fe:e8:a7:c4:f8:d6:15:07:e8: - 2b:c2:d8:8a:e5:1b:2e:51:08:9b:56:e3:b3:7a:4c:3e:e5:be: - 4a:4d:f8:65:7b:a8:21:e0:ca:fe:8b:ab:d7:ec:f2:2d:f7:d0: - bf:d7:c5:23:1c:08:d8:aa:57:c7:f3:5f:ba:33:3f:78:d1:f4: - 8e:5e + de:5e:35:cd:7b:11:e6:7c:c5:7c:d6:27:4e:72:12:49:42:eb: + 6f:2c:96:f3:f4:00:78:a7:4f:9f:2d:7b:d7:30:39:af:49:4d: + df:b1:55:0d:30:be:23:6f:06:67:fd:dd:ba:98:66:36:c6:32: + b7:ed:63:fc:aa:49:cd:4f:72:98:3b:13:0e:f6:28:d7:d4:eb: + 04:6b:dc:e8:c7:04:80:92:e4:04:86:0b:ed:32:25:76:1d:a9: + 5c:a9:2c:18:2c:bd:bc:15:ed:e1:76:96:4d:bb:0d:41:44:06: + 2c:ad:45:bb:db:61:ad:17:11:cb:49:70:67:eb:c6:27:d3:91: + c8:f2 -----BEGIN CERTIFICATE----- -MIIDkTCCAvqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMCU0Ux -EDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMSEwHwYDVQQDExhB -YnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0 -Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wHhcNMDMwOTEyMTYyMjA2WhcNMTMw -OTA5MTYyMjA2WjB8MQswCQYDVQQGEwJTRTEQMA4GA1UEBxMHVXBwc2FsYTERMA8G -A1UEChMITXlTUUwgQUIxFTATBgNVBAMTDE15U1FMIFNlcnZlcjExMC8GCSqGSIb3 -DQEJARYiYWJzdHJhY3QubXlzcWwuZGV2ZWxvcGVyQG15c3FsLmNvbTCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEA6YZ6VYSITL6k+JJzMBJJC3qFhzk0OQ19C40Y -wheVE1LSP1UQV8g/WvWy+ovQZ0nMqoL8n84AtHPzNtI608KwDhTD1LIhdKHwMYFg -h5hzXBDBsRpN8fOwmD/w15ebK/3VIXmyL+tkFcmbnfyeLdT4BFvqqXVLQsM9Dk0q -qLjKmY0CAwEAAaOCARQwggEQMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w -ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRu5Jtqxerk5sfv -1x7IY0VgKxvU1DCBtQYDVR0jBIGtMIGqgBSImGXZ8/KLAx1mYGEj+q1zbdNokqGB -jqSBizCBiDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoT -CE15U1FMIEFCMSEwHwYDVQQDExhBYnN0cmFjdCBNeVNRTCBEZXZlbG9wZXIxMTAv -BgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb22C -AQAwDQYJKoZIhvcNAQEEBQADgYEAMXdpub2rKfP8WgkWb11C6roBVWnjdc+40be5 -v9pjhYxIkgZgdpfgAHhLrdqrapBtiwOosekJeOEpmFYSYGtC/uinxPjWFQfoK8LY -iuUbLlEIm1bjs3pMPuW+Sk34ZXuoIeDK/our1+zyLffQv9fFIxwI2KpXx/NfujM/ -eNH0jl4= +MIIB+zCCAWQCAQEwDQYJKoZIhvcNAQEEBQAwRDELMAkGA1UEBhMCU0UxEDAOBgNV +BAgTB1VwcHNhbGExEDAOBgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFC +MB4XDTA2MDUwMzA4NTQxM1oXDTA5MDEyNzA4NTQxM1owgYsxCzAJBgNVBAYTAlNF +MRAwDgYDVQQIEwdVcHBzYWxhMRAwDgYDVQQHEwdVcHBzYWxhMREwDwYDVQQKEwhN +eVNRTCBBQjESMBAGA1UEAxMJbG9jYWxob3N0MTEwLwYJKoZIhvcNAQkBFiJhYnN0 +cmFjdC5teXNxbC5kZXZlbG9wZXJAbXlzcWwuY29tMFwwDQYJKoZIhvcNAQEBBQAD +SwAwSAJBANn92rP7fOCwA76XxqQ2rHGvuy3lhO3zjyvrEeWqZu2/YmvjzvqA7ZD/ +uUo5IEC28pm/LzO18uw6kGAdnpR+pBsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQDe +XjXNexHmfMV81idOchJJQutvLJbz9AB4p0+fLXvXMDmvSU3fsVUNML4jbwZn/d26 +mGY2xjK37WP8qknNT3KYOxMO9ijX1OsEa9zoxwSAkuQEhgvtMiV2HalcqSwYLL28 +Fe3hdpZNuw1BRAYsrUW722GtFxHLSXBn68Yn05HI8g== -----END CERTIFICATE----- diff --git a/SSL/server-key.pem b/SSL/server-key.pem index 4292dc79929..a4842624c0c 100644 --- a/SSL/server-key.pem +++ b/SSL/server-key.pem @@ -1,15 +1,9 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDphnpVhIhMvqT4knMwEkkLeoWHOTQ5DX0LjRjCF5UTUtI/VRBX -yD9a9bL6i9BnScyqgvyfzgC0c/M20jrTwrAOFMPUsiF0ofAxgWCHmHNcEMGxGk3x -87CYP/DXl5sr/dUhebIv62QVyZud/J4t1PgEW+qpdUtCwz0OTSqouMqZjQIDAQAB -AoGBALTq11nrjIEQbdSZ+R1z/R0kddB2U+wjdA3/6P9tr7PBxVsFdtzbKaI5mcib -iwCKX0J2qmrP+SHUdsexBZxLR4KV/Z55v9Pym99Dy+DxDA95zURyCMKRBIzlU5uN -F7USEQoltLUCsmZwNWdit0gfxSWdddkHNuI0uxTzHwuDcUlNAkEA/76zVremngNL -DlekM9NPn/8E/TXBHN1b1jdUKd7WymSJykdcm3viU98dFNZFWF8B0jiTcuBKXgpR -vTShNab/swJBAOnCGp554BLhioTyyk8qjRLt3xEsjsDljJULHVLYWcUqIkMf97GL -VLBhl6ZEI9i0WduqvgZ+Bacd0uHqIHz1Yb8CQQDm1CjqTDiGxlIoT9JVNJTZxEOs -h6gVdXY+kxHT+N3FL5luiZp8fAR7zxVgiUVtzdLG+2madfapiobcT3RyCJkhAkBI -64AaR7KasTjg2Ew7/e4cJZAcb2XozrLYG6t+GHeIhehCQEqoW+qDSy5fc4orI7eU -SuMUa2OgCjGqv7p6wKFJAkEAznmum/MbVOBpC4FsdnIGkxyFKIbh2OLY2aUb2KkK -Ouf4S8Y5Ldgszi0fnDPRaxWJzewwZKvcff2zj+mYZeAXbA== +MIIBOgIBAAJBANn92rP7fOCwA76XxqQ2rHGvuy3lhO3zjyvrEeWqZu2/YmvjzvqA +7ZD/uUo5IEC28pm/LzO18uw6kGAdnpR+pBsCAwEAAQJBAMieYdpmRoUaODf9wqh6 +ULXH/sG8i1vaXRcUHcJ50oRVfVK8/tGGvUuTDu6MeINTdahNDlYfjwOjKWVXys1w +h6ECIQDs6s7DfczK2bKCLt0zqg24mZL3rOpGmDU+TatwN1yVgwIhAOuMzdVTX39p +328+5WxJvBOFfxmSmqdDhIFpnRMvgguJAiByvKjT/km+970+1OllyvaIL0AA2OpA +tBgdC0p6tyUMdwIgKuHAWzTJbu28UolVxQgLaFZmVCZ/ZzIAfnrWsLZ2a1kCIBq/ +ywJ2cpyFlgazu8AH6KCQa0ok9s70ElaB6FEC85Al -----END RSA PRIVATE KEY----- diff --git a/SSL/server-req.pem b/SSL/server-req.pem index 7c3db0660ad..f9a6d8940c2 100644 --- a/SSL/server-req.pem +++ b/SSL/server-req.pem @@ -1,12 +1,9 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBvDCCASUCAQAwfDELMAkGA1UEBhMCU0UxEDAOBgNVBAcTB1VwcHNhbGExETAP -BgNVBAoTCE15U1FMIEFCMRUwEwYDVQQDEwxNeVNRTCBTZXJ2ZXIxMTAvBgkqhkiG -9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAOmGelWEiEy+pPiSczASSQt6hYc5NDkNfQuN -GMIXlRNS0j9VEFfIP1r1svqL0GdJzKqC/J/OALRz8zbSOtPCsA4Uw9SyIXSh8DGB -YIeYc1wQwbEaTfHzsJg/8NeXmyv91SF5si/rZBXJm538ni3U+ARb6ql1S0LDPQ5N -Kqi4ypmNAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCagJxGHBC+G5aSh3OguFn6 -z+qAC7u3B181kPBgNv20zMgLeq7YiAh3iNx4XO2+QXRGzMznFKx1tFr/mavCpgLs -p3+dCvQt5FHEFFK1D1pDeXy4146X07hOTtC9jc/jSWeVnH4ujuX5gMtZqisOyYWV -/gpw6dBtkTYlhS+y86kM/Q== +MIIBRjCB8QIBADCBizELMAkGA1UEBhMCU0UxEDAOBgNVBAgTB1VwcHNhbGExEDAO +BgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMRIwEAYDVQQDEwlsb2Nh +bGhvc3QxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBt +eXNxbC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2f3as/t84LADvpfGpDas +ca+7LeWE7fOPK+sR5apm7b9ia+PO+oDtkP+5SjkgQLbymb8vM7Xy7DqQYB2elH6k +GwIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQAJH+9fYD3tmUS8p3f2HlN1lfRM/Jt/ +OtVAsnJ1qcHOhAA24FOARs8ZtxwvDQP57/rLkf43kbFbpDWFRtSyUXa6 -----END CERTIFICATE REQUEST----- From 0d49a17801207346e24efcd458ce5340758548c0 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 3 May 2006 11:50:45 +0200 Subject: [PATCH 14/53] Update NOTES with information how we generate new keys --- SSL/NOTES | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/SSL/NOTES b/SSL/NOTES index 413c724c583..a1109db8c80 100644 --- a/SSL/NOTES +++ b/SSL/NOTES @@ -40,7 +40,69 @@ openssl s_server -port 1111 -cert ../SSL/server-cert.pem -key ../SSL/server-key. +------------------------------------------- +How to generate new keys: +First we need the private key of the CA cert. Since we always throw +away the old private key for the CA, we need to generate a totally new +CA cert. Our CA cert is self signed and we will use that to sign the +server and client keys. As long as we distibute the cacert.pem they can +b oth be validated against that. + + +1) openssl genrsa 512 > cecert.pem + +2) openssl req -new -x509 -nodes -md5 -days 1000 -key cacert.pem > cacert.pem + +We now have a cacert.pem which is the public key and a cakey.pem which is the +private key of the CA. + +Steps to generate the server key. + +3) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem + +4) copy ca-key.pem ca-cert.srl + +5) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem + + +-- adding metadata to beginning + +6) openssl x509 -in server-cert.pem -text > tmp.pem + +7) mv tmp.pem server-cert.pem + +-- And almost the same for the client. + +8) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout client-key.pem > client-req.pem + +9) openssl x509 -req -in client-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem + + +-- adding metadata to beginning + +10) openssl x509 -in client-cert.pem -text > tmp.pem + +11) mv tmp.pem client-cert.pem + +The new certs are now generated. They can be verified against the cacert to test they are ok. This is actually what is done in the MySQL client and server. + +12) openssl verify -CAfile cacert.pem server-cert.pem +server-cert.pem: OK +13) openssl verify -CAfile cacert.pem client-cert.pm +client-cert.pem: OK + + +The files we add to our repository and thus distribute are +* cacert.pem - CA's public key, used to verify the client/servers pblic keys +* server-key.pem - servers private key +* server-cert.pem - servers public key +* client-key.pem - clients private key +* client-cert.pem - clients public key + + + +== OLD NOTES below == -------------------------------------------- CA stuff: From ff7be64f9bfe5cb6ea2f69445961a5a3f1201be6 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 3 May 2006 11:53:16 +0200 Subject: [PATCH 15/53] Remove client-req-pem and server-req.pem --- SSL/Makefile.am | 4 ++-- SSL/client-req.pem | 9 --------- SSL/server-req.pem | 9 --------- 3 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 SSL/client-req.pem delete mode 100644 SSL/server-req.pem diff --git a/SSL/Makefile.am b/SSL/Makefile.am index bd3aad1e3b2..6edc6146a29 100644 --- a/SSL/Makefile.am +++ b/SSL/Makefile.am @@ -17,8 +17,8 @@ ## Process this file with automake to create Makefile.in EXTRA_DIST= NOTES cacert.pem client-cert.pem client-key.pem \ - client-req.pem run-client run-server server-cert.pem \ - server-key.pem server-req.pem + run-client run-server server-cert.pem \ + server-key.pem # Don't update the files from bitkeeper %::SCCS/s.% diff --git a/SSL/client-req.pem b/SSL/client-req.pem deleted file mode 100644 index 16ef777b677..00000000000 --- a/SSL/client-req.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBMTCB3AIBADB3MQswCQYDVQQGEwJTRTEQMA4GA1UECBMHVXBwc2FsYTEQMA4G -A1UEBxMHVXBwc2FsYTERMA8GA1UEChMITXlTUUwgQUIxMTAvBgkqhkiG9w0BCQEW -ImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBteXNxbC5jb20wXDANBgkqhkiG9w0B -AQEFAANLADBIAkEA2NtoKEmETdYPXLw9mqtw1T71tRe67+H4h1QwIh+BB7/5JH+K -VBDpX+aZUATUO1Wp8VKtEita2ly+jD5bnrBaGQIDAQABoAAwDQYJKoZIhvcNAQEE -BQADQQB/86MEaTPxaMR80nZevJS/FLFkt+zlp45x3glUZyaOnYb970YNimytZBrz -iS2s/0dNeSRwKbEMzKc/Qhe/GVJt ------END CERTIFICATE REQUEST----- diff --git a/SSL/server-req.pem b/SSL/server-req.pem deleted file mode 100644 index f9a6d8940c2..00000000000 --- a/SSL/server-req.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBRjCB8QIBADCBizELMAkGA1UEBhMCU0UxEDAOBgNVBAgTB1VwcHNhbGExEDAO -BgNVBAcTB1VwcHNhbGExETAPBgNVBAoTCE15U1FMIEFCMRIwEAYDVQQDEwlsb2Nh -bGhvc3QxMTAvBgkqhkiG9w0BCQEWImFic3RyYWN0Lm15c3FsLmRldmVsb3BlckBt -eXNxbC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2f3as/t84LADvpfGpDas -ca+7LeWE7fOPK+sR5apm7b9ia+PO+oDtkP+5SjkgQLbymb8vM7Xy7DqQYB2elH6k -GwIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQAJH+9fYD3tmUS8p3f2HlN1lfRM/Jt/ -OtVAsnJ1qcHOhAA24FOARs8ZtxwvDQP57/rLkf43kbFbpDWFRtSyUXa6 ------END CERTIFICATE REQUEST----- From 7d9efcc206841649c8bd75a376616236cbc8877a Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 12:05:04 +0200 Subject: [PATCH 16/53] Make cert's in std_data that we cpoy from SSL/ depend on the cert's in SSL/ --- mysql-test/Makefile.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mysql-test/Makefile.am b/mysql-test/Makefile.am index 33598748397..73074397086 100644 --- a/mysql-test/Makefile.am +++ b/mysql-test/Makefile.am @@ -100,15 +100,15 @@ install-data-local: uninstall-local: @RM@ -f -r $(DESTDIR)$(testdir) -std_data/client-key.pem: +std_data/client-key.pem: $(top_srcdir)/SSL/$(@F) @CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data -std_data/client-cert.pem: +std_data/client-cert.pem: $(top_srcdir)/SSL/$(@F) @CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data -std_data/cacert.pem: +std_data/cacert.pem: $(top_srcdir)/SSL/$(@F) @CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data -std_data/server-cert.pem: +std_data/server-cert.pem: $(top_srcdir)/SSL/$(@F) @CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data -std_data/server-key.pem: +std_data/server-key.pem: $(top_srcdir)/SSL/$(@F) @CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data SUFFIXES = .sh From e2854b8a7fe36e5cf1935bfcd502a86e7c03bf98 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 3 May 2006 13:08:24 +0200 Subject: [PATCH 17/53] Update yaSSL to version 1.3.0 --- extra/yassl/README | 35 ++- extra/yassl/certs/ca-cert.pem | 53 +++++ extra/yassl/certs/client-cert.pem | 52 +++++ extra/yassl/certs/client-key.pem | 9 + extra/yassl/certs/dsa-cert.pem | 68 ++++++ extra/yassl/certs/dsa512.pem | 8 + extra/yassl/certs/server-cert.pem | 38 ++++ extra/yassl/certs/server-key.pem | 9 + extra/yassl/certs/taoCert.txt | 50 +++++ extra/yassl/examples/client/client.cpp | 6 +- extra/yassl/include/openssl/err.h | 2 +- extra/yassl/include/openssl/md4.h | 1 + extra/yassl/include/openssl/md5.h | 3 + extra/yassl/include/openssl/pem.h | 1 + extra/yassl/include/openssl/ssl.h | 112 +++++++++- extra/yassl/include/openssl/x509.h | 1 + extra/yassl/include/openssl/x509v3.h | 1 + extra/yassl/include/yassl_int.hpp | 41 +++- extra/yassl/lib/dummy | 1 + extra/yassl/mySTL/helpers.hpp | 5 + extra/yassl/src/cert_wrapper.cpp | 9 +- extra/yassl/src/ssl.cpp | 290 ++++++++++++++++++++++++- extra/yassl/src/template_instnt.cpp | 5 + extra/yassl/src/yassl_int.cpp | 103 ++++++++- extra/yassl/taocrypt/include/asn.hpp | 25 ++- extra/yassl/taocrypt/src/asn.cpp | 74 ++++++- extra/yassl/taocrypt/src/integer.cpp | 6 +- extra/yassl/taocrypt/src/make.bat | 2 +- extra/yassl/taocrypt/src/misc.cpp | 9 + extra/yassl/taocrypt/taocrypt.dsp | 3 +- extra/yassl/testsuite/test.hpp | 4 +- extra/yassl/testsuite/testsuite.cpp | 6 +- extra/yassl/testsuite/testsuite.dsp | 4 +- 33 files changed, 979 insertions(+), 57 deletions(-) create mode 100644 extra/yassl/certs/ca-cert.pem create mode 100644 extra/yassl/certs/client-cert.pem create mode 100644 extra/yassl/certs/client-key.pem create mode 100644 extra/yassl/certs/dsa-cert.pem create mode 100644 extra/yassl/certs/dsa512.pem create mode 100644 extra/yassl/certs/server-cert.pem create mode 100644 extra/yassl/certs/server-key.pem create mode 100644 extra/yassl/certs/taoCert.txt create mode 100644 extra/yassl/include/openssl/md4.h create mode 100644 extra/yassl/include/openssl/pem.h create mode 100644 extra/yassl/include/openssl/x509.h create mode 100644 extra/yassl/include/openssl/x509v3.h create mode 100644 extra/yassl/lib/dummy diff --git a/extra/yassl/README b/extra/yassl/README index ad59fe3965e..62209723f66 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -1,4 +1,37 @@ -yaSSL Release notes, version 1.2.2 (03/27/06) +yaSSL Release notes, version 1.3.0 (04/26/06) + + + This release of yaSSL contains minor bug fixes, portability enhancements, + and libcurl support. + +See normal build instructions below under 1.0.6. + + +--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + To build for libcurl the library needs to be built without C++ globals since + the linker will be called in a C context, also libcurl configure will expect + OpenSSL library names so some symbolic links are created. + + ./configure --enable-pure-c + make + make openssl-links + + (then go to your libcurl home and tell libcurl about yaSSL) + ./configure --with-ssl=/yaSSL-HomeDir + make + + +--To build for libcurl on Win32: + + Simply add the yaSSL project as a dependency to libcurl, add + yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and + define USE_SSLEAY and USE_OPENSSL + + please email todd@yassl.com if you have any questions. + + +*******************yaSSL Release notes, version 1.2.2 (03/27/06) This release of yaSSL contains minor bug fixes and portability enhancements. diff --git a/extra/yassl/certs/ca-cert.pem b/extra/yassl/certs/ca-cert.pem new file mode 100644 index 00000000000..981dd004fc6 --- /dev/null +++ b/extra/yassl/certs/ca-cert.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 20:12:32 2005 GMT + Not After : Oct 15 20:12:32 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6: + 90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26: + c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7: + 6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34: + 7d:79:97:5e:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84 + X509v3 Authority Key Identifier: + keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84 + DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: md5WithRSAEncryption + 27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d: + 28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29: + a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47: + 03:ea:0b:4c:67:45:4b:ab:f3:39 +-----BEGIN CERTIFICATE----- +MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx +DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh +d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb +BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3 +MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP +BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3 +LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh +c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy +W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h +AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV +HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG +EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE +ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv +bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21 +86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk= +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/client-cert.pem b/extra/yassl/certs/client-cert.pem new file mode 100644 index 00000000000..81110f17252 --- /dev/null +++ b/extra/yassl/certs/client-cert.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 19:33:15 2005 GMT + Not After : Oct 15 19:33:15 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86: + 36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2: + 26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28: + 65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd: + 46:2a:a0:45:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD + X509v3 Authority Key Identifier: + keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD + DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: md5WithRSAEncryption + c5:82:26:0c:1f:61:01:14:b0:ce:18:99:64:91:0e:f1:f8:90: + 3e:a3:0e:be:38:7c:97:ba:05:c9:2a:dc:dd:62:2d:12:61:79: + 7a:86:b1:97:5d:1e:e8:f7:e8:32:34:f7:8f:b1:08:3d:13:71: + a6:3c:15:91:85:12:35:6e:78:87 +-----BEGIN CERTIFICATE----- +MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP +MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT +U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A +eWFzc2wuY29tMB4XDTA1MDExODE5MzMxNVoXDTA3MTAxNTE5MzMxNVoweDELMAkG +A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM +BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN +AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH ++LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA +ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC +wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4 +MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu +ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq +hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEEBQADQQDFgiYMH2EBFLDOGJlkkQ7x+JA+ow6+OHyXugXJKtzdYi0SYXl6 +hrGXXR7o9+gyNPePsQg9E3GmPBWRhRI1bniH +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/client-key.pem b/extra/yassl/certs/client-key.pem new file mode 100644 index 00000000000..6898b2796fa --- /dev/null +++ b/extra/yassl/certs/client-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz +Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l +n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg +QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT +8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP +YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA +uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L +-----END RSA PRIVATE KEY----- diff --git a/extra/yassl/certs/dsa-cert.pem b/extra/yassl/certs/dsa-cert.pem new file mode 100644 index 00000000000..ecca18dae82 --- /dev/null +++ b/extra/yassl/certs/dsa-cert.pem @@ -0,0 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: dsaWithSHA1 + Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com + Validity + Not Before: Jan 23 22:54:51 2005 GMT + Not After : Oct 20 22:54:51 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80: + ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53: + 47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed: + f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73: + ef:bb:b9:82 + P: + 00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb: + 95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e: + df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a: + cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18: + b9:42:fd:1b:11 + Q: + 00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f: + a6:b7:dd:4d:03:09 + G: + 12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c: + b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0: + 71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a: + 04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a: + 10:46:19:31 + X509v3 extensions: + X509v3 Subject Key Identifier: + BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2 + X509v3 Authority Key Identifier: + keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2 + DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: dsaWithSHA1 + 30:2b:02:14:74:46:9f:91:7b:24:17:3b:ee:0f:10:e3:76:62: + f4:dc:81:e6:fd:fe:02:13:08:f4:87:0a:ab:ba:9c:de:3a:69: + 72:59:b8:ec:e9:57:f4:bf:37 +-----BEGIN CERTIFICATE----- +MIIDMTCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD +VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE +U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz +bC5jb20wHhcNMDUwMTIzMjI1NDUxWhcNMDcxMDIwMjI1NDUxWjB4MQswCQYDVQQG +EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE +ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW +DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+ +Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5 +Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l +jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA +AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z +JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK +IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow +eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh +bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ +KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG +SM44BAMDLgAwKwIUdEafkXskFzvuDxDjdmL03IHm/f4CEwj0hwqrupzeOmlyWbjs +6Vf0vzc= +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/dsa512.pem b/extra/yassl/certs/dsa512.pem new file mode 100644 index 00000000000..04a3dd94a77 --- /dev/null +++ b/extra/yassl/certs/dsa512.pem @@ -0,0 +1,8 @@ +-----BEGIN DSA PRIVATE KEY----- +MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol +m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ +AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE +1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+ +VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc +E2V27tjDFY02uA== +-----END DSA PRIVATE KEY----- diff --git a/extra/yassl/certs/server-cert.pem b/extra/yassl/certs/server-cert.pem new file mode 100644 index 00000000000..403dabdf5fa --- /dev/null +++ b/extra/yassl/certs/server-cert.pem @@ -0,0 +1,38 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 20:50:59 2005 GMT + Not After : Oct 15 20:50:59 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9: + 95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0: + a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be: + 6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd: + f2:25:93:22:e7 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 08:36:07:8c:3a:7f:f9:91:0a:82:d1:6a:c1:34:be:bc:2d:b2: + 20:98:dc:45:50:53:9c:66:e6:26:71:bd:fa:d2:b4:91:d3:53: + c0:20:05:c0:b6:84:9a:5f:3f:61:75:f5:fd:c6:ec:e2:f6:9f: + a2:13:17:a9:b7:83:60:cc:cb:eb +-----BEGIN CERTIFICATE----- +MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD +VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290 +aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI +hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAxMTgyMDUwNTlaFw0wNzEwMTUy +MDUwNTlaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH +EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh +b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G +CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg +0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI +hvcNAQEEBQADQQAINgeMOn/5kQqC0WrBNL68LbIgmNxFUFOcZuYmcb360rSR01PA +IAXAtoSaXz9hdfX9xuzi9p+iExept4NgzMvr +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/server-key.pem b/extra/yassl/certs/server-key.pem new file mode 100644 index 00000000000..d6055c4cfd8 --- /dev/null +++ b/extra/yassl/certs/server-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU +ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC +1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI +2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE +B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw +7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL +WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI= +-----END RSA PRIVATE KEY----- diff --git a/extra/yassl/certs/taoCert.txt b/extra/yassl/certs/taoCert.txt new file mode 100644 index 00000000000..585293e4f2b --- /dev/null +++ b/extra/yassl/certs/taoCert.txt @@ -0,0 +1,50 @@ + +***** Create a self signed cert ************ + +1) openssl genrsa 512 > client-key.pem + +2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem + +-- adding metadata to beginning + +3) openssl x509 -in client-cert.pem -text > tmp.pem + +4) mv tmp.pem client-cert.pem + + +***** Create a CA, signing authority ********** + +same as self signed, use ca prefix instead of client + + +***** Create a cert signed by CA ************** + +1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem + +2) copy ca-key.pem ca-cert.srl (why ????) + +3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem + + + +***** To create a dsa cert ******************** + +1) openssl dsaparam 512 > dsa512.param # creates group params + +2) openssl gendsa dsa512.param > dsa512.pem # creates private key + +3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem + + + + +***** To convert from PEM to DER ************** + +a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER + +to convert rsa private PEM to DER : + +b) openssl rsa -in key.pem -outform DER -out key.der + + + diff --git a/extra/yassl/examples/client/client.cpp b/extra/yassl/examples/client/client.cpp index 704a8e76637..3acd091baad 100644 --- a/extra/yassl/examples/client/client.cpp +++ b/extra/yassl/examples/client/client.cpp @@ -33,10 +33,10 @@ void client_test(void* args) const char* cipher = 0; int index = 0; char list[1024]; - strcpy(list, "cipherlist"); + strncpy(list, "cipherlist", 11); while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) { - strcat(list, ":"); - strcat(list, cipher); + strncat(list, ":", 2); + strncat(list, cipher, strlen(cipher) + 1); } printf("%s\n", list); printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl)); diff --git a/extra/yassl/include/openssl/err.h b/extra/yassl/include/openssl/err.h index 054d0940509..45ac1ca2469 100644 --- a/extra/yassl/include/openssl/err.h +++ b/extra/yassl/include/openssl/err.h @@ -1,6 +1,6 @@ /* err.h for openssl */ -#ifndef ysSSL_err_h__ +#ifndef yaSSL_err_h__ #define yaSSL_err_h__ diff --git a/extra/yassl/include/openssl/md4.h b/extra/yassl/include/openssl/md4.h new file mode 100644 index 00000000000..2e99f977fca --- /dev/null +++ b/extra/yassl/include/openssl/md4.h @@ -0,0 +1 @@ +/* md4.h for libcurl */ diff --git a/extra/yassl/include/openssl/md5.h b/extra/yassl/include/openssl/md5.h index a1025b92782..dfaf9799c44 100644 --- a/extra/yassl/include/openssl/md5.h +++ b/extra/yassl/include/openssl/md5.h @@ -1 +1,4 @@ /* md5.h for openssl */ + +#include "ssl.h" /* in there for now */ + diff --git a/extra/yassl/include/openssl/pem.h b/extra/yassl/include/openssl/pem.h new file mode 100644 index 00000000000..b4c63d56a4d --- /dev/null +++ b/extra/yassl/include/openssl/pem.h @@ -0,0 +1 @@ +/* pem.h for libcurl */ diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index b6840d006df..03a0cfad15b 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -29,6 +29,7 @@ #define yaSSL_openssl_h__ #include /* ERR_print fp */ +#include "opensslv.h" /* for version number */ #include "rsa.h" #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) @@ -102,7 +103,6 @@ void X509_free(X509*); typedef struct BIO BIO; /* ASN stuff */ -typedef struct ASN1_TIME ASN1_TIME; @@ -345,8 +345,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*); void OpenSSL_add_all_algorithms(void); -void SSL_library_init(); -void SSLeay_add_ssl_algorithms(void); +int SSL_library_init(); +int SSLeay_add_ssl_algorithms(void); SSL_CIPHER* SSL_get_current_cipher(SSL*); @@ -371,6 +371,10 @@ typedef unsigned char DES_cblock[8]; typedef const DES_cblock const_DES_cblock; typedef DES_cblock DES_key_schedule; +enum { + DES_ENCRYPT = 1, + DES_DECRYPT = 0 +}; const EVP_MD* EVP_md5(void); const EVP_CIPHER* EVP_des_ede3_cbc(void); @@ -392,6 +396,108 @@ int RAND_write_file(const char*); int RAND_load_file(const char*, long); +/* for libcurl */ +int RAND_status(void); + +int DES_set_key(const_DES_cblock*, DES_key_schedule*); +void DES_set_odd_parity(DES_cblock*); +void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); +void SSL_SESSION_free(SSL_SESSION* session); + +X509* SSL_get_certificate(SSL* ssl); +EVP_PKEY* SSL_get_privatekey(SSL* ssl); +EVP_PKEY* X509_get_pubkey(X509* x); + +int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from); +void EVP_PKEY_free(EVP_PKEY* pkey); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +void ERR_free_strings(void); +void EVP_cleanup(void); + +void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx); + +#define GEN_IPADD 7 +#define NID_subject_alt_name 85 +#define STACK_OF(x) x + + +/* defined here because libcurl dereferences */ +typedef struct ASN1_STRING { + int type; + int length; + unsigned char* data; +} ASN1_STRING; + + +typedef struct GENERAL_NAME { + int type; + union { + ASN1_STRING* ia5; + } d; +} GENERAL_NAME; + +void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x); + +int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x); +GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i); + + +unsigned char* ASN1_STRING_data(ASN1_STRING* x); +int ASN1_STRING_length(ASN1_STRING* x); +int ASN1_STRING_type(ASN1_STRING *x); + +typedef ASN1_STRING X509_NAME_ENTRY; + +int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos); + +ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne); +X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc); + +#define OPENSSL_malloc(x) malloc(x) +#define OPENSSL_free(x) free(x) + +int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in); + +SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */ +SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */ + + +SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ + + +#define CRYPTO_free(x) free(x) +#define ASN1_TIME ASN1_STRING + +ASN1_TIME* X509_get_notBefore(X509* x); +ASN1_TIME* X509_get_notAfter(X509* x); + + +#define ASN1_UTCTIME ASN1_STRING +#define NID_commonName 13 +#define V_ASN1_UTF8STRING 12 +#define GEN_DNS 2 + + +typedef struct MD4_CTX { + void* ptr; +} MD4_CTX; + +void MD4_Init(MD4_CTX*); +void MD4_Update(MD4_CTX*, const void*, unsigned long); +void MD4_Final(unsigned char*, MD4_CTX*); + + +typedef struct MD5_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} MD5_CTX; + +void MD5_Init(MD5_CTX*); +void MD5_Update(MD5_CTX*, const void*, unsigned long); +void MD5_Final(unsigned char*, MD5_CTX*); + + #define SSL_DEFAULT_CIPHER_LIST "" /* default all */ diff --git a/extra/yassl/include/openssl/x509.h b/extra/yassl/include/openssl/x509.h new file mode 100644 index 00000000000..dcd847c0337 --- /dev/null +++ b/extra/yassl/include/openssl/x509.h @@ -0,0 +1 @@ +/* x509.h for libcurl */ diff --git a/extra/yassl/include/openssl/x509v3.h b/extra/yassl/include/openssl/x509v3.h new file mode 100644 index 00000000000..adf94af8f48 --- /dev/null +++ b/extra/yassl/include/openssl/x509v3.h @@ -0,0 +1 @@ +/* x509v3.h for libcurl */ diff --git a/extra/yassl/include/yassl_int.hpp b/extra/yassl/include/yassl_int.hpp index 935bae582ea..97ae468d2f9 100644 --- a/extra/yassl/include/yassl_int.hpp +++ b/extra/yassl/include/yassl_int.hpp @@ -34,6 +34,7 @@ #include "cert_wrapper.hpp" #include "log.hpp" #include "lock.hpp" +#include "openssl/ssl.h" // ASN1_STRING and DH namespace yaSSL { @@ -126,32 +127,70 @@ private: }; +// hold add crypt references provided to callers +class CryptProvider { + mySTL::list digestList_; + mySTL::list cipherList_; + CryptProvider() {} // only GetCryptProvider creates +public: + ~CryptProvider(); + + Digest* NewMd5(); + BulkCipher* NewDesEde(); + + friend CryptProvider& GetCryptProvider(); +private: + CryptProvider(const CryptProvider&); // hide copy + CryptProvider& operator=(const CryptProvider&); // and assign +}; + +CryptProvider& GetCryptProvider(); + #undef X509_NAME // wincrypt.h clash // openSSL X509 names class X509_NAME { char* name_; + size_t sz_; + ASN1_STRING entry_; public: X509_NAME(const char*, size_t sz); ~X509_NAME(); char* GetName(); + ASN1_STRING* GetEntry(int i); private: X509_NAME(const X509_NAME&); // hide copy X509_NAME& operator=(const X509_NAME&); // and assign }; +class StringHolder { + ASN1_STRING asnString_; +public: + StringHolder(const char* str, int sz); + ~StringHolder(); + + ASN1_STRING* GetString(); +}; + + // openSSL X509 class X509 { X509_NAME issuer_; X509_NAME subject_; + StringHolder beforeDate_; // not valid before + StringHolder afterDate_; // not valid after public: - X509(const char* i, size_t, const char* s, size_t); + X509(const char* i, size_t, const char* s, size_t, + const char* b, int, const char* a, int); ~X509() {} X509_NAME* GetIssuer(); X509_NAME* GetSubject(); + + ASN1_STRING* GetBefore(); + ASN1_STRING* GetAfter(); private: X509(const X509&); // hide copy X509& operator=(const X509&); // and assign diff --git a/extra/yassl/lib/dummy b/extra/yassl/lib/dummy new file mode 100644 index 00000000000..85c1efd587f --- /dev/null +++ b/extra/yassl/lib/dummy @@ -0,0 +1 @@ +// this is a dummy file diff --git a/extra/yassl/mySTL/helpers.hpp b/extra/yassl/mySTL/helpers.hpp index 5aa14d838b1..df79025197a 100644 --- a/extra/yassl/mySTL/helpers.hpp +++ b/extra/yassl/mySTL/helpers.hpp @@ -44,6 +44,11 @@ return static_cast(d); } + // for compilers that want matching delete + inline void operator delete(void* ptr, Dummy* d) + { + } + typedef Dummy* yassl_pointer; namespace mySTL { diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index b98c7faf1d0..ae609b510ba 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -271,10 +271,13 @@ int CertManager::Validate() else peerKeyType_ = dsa_sa_algo; - int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0; - int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0; + int iSz = strlen(cert.GetIssuer()) + 1; + int sSz = strlen(cert.GetCommonName()) + 1; + int bSz = strlen(cert.GetBeforeDate()) + 1; + int aSz = strlen(cert.GetAfterDate()) + 1; peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), - sSz); + sSz, cert.GetBeforeDate(), bSz, + cert.GetAfterDate(), aSz); } return 0; } diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 1aab14009d3..97e0e9a1717 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -1,4 +1,4 @@ -/* ssl.cpp + /* ssl.cpp * * Copyright (C) 2003 Sawtooth Consulting Ltd. * @@ -36,6 +36,7 @@ #include "openssl/ssl.h" #include "handshake.hpp" #include "yassl_int.hpp" +#include "md5.hpp" // for TaoCrypt MD5 size assert #include #ifdef _WIN32 @@ -723,8 +724,10 @@ void OpenSSL_add_all_algorithms() // compatibility only {} -void SSL_library_init() // compatiblity only -{} +int SSL_library_init() // compatiblity only +{ + return 1; +} DH* DH_new(void) @@ -804,15 +807,13 @@ const char* X509_verify_cert_error_string(long /* error */) const EVP_MD* EVP_md5(void) { - // TODO: FIX add to some list for destruction - return NEW_YS MD5; + return GetCryptProvider().NewMd5(); } const EVP_CIPHER* EVP_des_ede3_cbc(void) { - // TODO: FIX add to some list for destruction - return NEW_YS DES_EDE; + return GetCryptProvider().NewDesEde(); } @@ -897,6 +898,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz, } +// functions for libcurl +int RAND_status() +{ + return 1; /* TaoCrypt provides enough seed */ +} + + +int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule) +{ + memcpy(schedule, key, sizeof(const_DES_cblock)); + return 1; +} + + +void DES_set_odd_parity(DES_cblock* key) +{ + // not needed now for TaoCrypt +} + + +void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output, + DES_key_schedule* key, int enc) +{ + DES des; + + if (enc) { + des.set_encryptKey(*key, 0); + des.encrypt(*output, *input, DES_BLOCK); + } + else { + des.set_decryptKey(*key, 0); + des.decrypt(*output, *input, DES_BLOCK); + } +} + + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata) +{ + // yaSSL doesn't support yet, unencrypt your PEM file with userdata + // before handing off to yaSSL +} + + +X509* SSL_get_certificate(SSL* ssl) +{ + // only used to pass to get_privatekey which isn't used + return 0; +} + + +EVP_PKEY* SSL_get_privatekey(SSL* ssl) +{ + // only called, not used + return 0; +} + + +void SSL_SESSION_free(SSL_SESSION* session) +{ + // managed by singleton +} + + + +EVP_PKEY* X509_get_pubkey(X509* x) +{ + // called, not used though + return 0; +} + + +int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from) +{ + // called, not used though + return 0; +} + + +void EVP_PKEY_free(EVP_PKEY* pkey) +{ + // never allocated from above +} + + +void ERR_error_string_n(unsigned long e, char *buf, size_t len) +{ + if (len) ERR_error_string(e, buf); +} + + +void ERR_free_strings(void) +{ + // handled internally +} + + +void EVP_cleanup(void) +{ + // nothing to do yet +} + + +ASN1_TIME* X509_get_notBefore(X509* x) +{ + if (x) return x->GetBefore(); + return 0; +} + + +ASN1_TIME* X509_get_notAfter(X509* x) +{ + if (x) return x->GetAfter(); + return 0; +} + + +SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */ +{ + return SSLv3_client_method(); +} + + +SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */ +{ + return 0; +} + + +SSL_SESSION* SSL_get1_session(SSL* ssl) /* what's ref count */ +{ + return SSL_get_session(ssl); +} + + +void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x) +{ + // no extension names supported yet +} + + +int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x) +{ + // no extension names supported yet + return 0; +} + + +GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i) +{ + // no extension names supported yet + return 0; +} + + +unsigned char* ASN1_STRING_data(ASN1_STRING* x) +{ + if (x) return x->data; + return 0; +} + + +int ASN1_STRING_length(ASN1_STRING* x) +{ + if (x) return x->length; + return 0; +} + + +int ASN1_STRING_type(ASN1_STRING *x) +{ + if (x) return x->type; + return 0; +} + + +int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos) +{ + int idx = -1; // not found + const char* start = &name->GetName()[lastpos + 1]; + + switch (nid) { + case NID_commonName: + char* found = strstr(start, "/CN="); + if (found) { + found += 4; // advance to str + idx = found - start + lastpos + 1; + } + break; + } + + return idx; +} + + +ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne) +{ + // the same in yaSSL + return ne; +} + + +X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc) +{ + return name->GetEntry(loc); +} + + +// already formatted, caller responsible for freeing *out +int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in) +{ + if (!in) return 0; + + *out = (unsigned char*)malloc(in->length + 1); + if (*out) { + memcpy(*out, in->data, in->length); + (*out)[in->length] = 0; + } + return in->length; +} + + +void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx) +{ + // no extensions supported yet + return 0; +} + + +void MD4_Init(MD4_CTX* md4) +{ + assert(0); // not yet supported, build compat. only +} + + +void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz) +{ +} + + +void MD4_Final(unsigned char* hash, MD4_CTX* md4) +{ +} + + +void MD5_Init(MD5_CTX* md5) +{ + // make sure we have a big enough buffer + typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1]; + (void) sizeof(ok); + + // using TaoCrypt since no dynamic memory allocated + // and no destructor will be called + new (reinterpret_cast(md5->buffer)) TaoCrypt::MD5(); +} + + +void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz) +{ + reinterpret_cast(md5->buffer)->Update( + static_cast(data), static_cast(sz)); +} + + +void MD5_Final(unsigned char* hash, MD5_CTX* md5) +{ + reinterpret_cast(md5->buffer)->Final(hash); +} + + // functions for stunnel void RAND_screen() @@ -1098,8 +1368,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz, } - void SSLeay_add_ssl_algorithms() // compatibility only - {} + int SSLeay_add_ssl_algorithms() // compatibility only + { + return 1; + } void ERR_remove_state(unsigned long) diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp index 5782df213ea..134deb00c75 100644 --- a/extra/yassl/src/template_instnt.cpp +++ b/extra/yassl/src/template_instnt.cpp @@ -51,12 +51,16 @@ template class list; template class list; template class list; template class list; +template class list; +template class list; template void destroy*>(mySTL::pair*, mySTL::pair*); template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); +template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); +template yaSSL::del_ptr_zero for_each::iterator, yaSSL::del_ptr_zero>(mySTL::list::iterator, mySTL::list::iterator, yaSSL::del_ptr_zero); } namespace yaSSL { @@ -82,6 +86,7 @@ template void ysDelete(X509*); template void ysDelete(Message*); template void ysDelete(sslFactory*); template void ysDelete(Sessions*); +template void ysDelete(CryptProvider*); template void ysArrayDelete(unsigned char*); template void ysArrayDelete(char*); } diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 396461a6ed5..2847217b417 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -28,7 +28,6 @@ #include "yassl_int.hpp" #include "handshake.hpp" #include "timer.hpp" -#include "openssl/ssl.h" // for DH #ifdef YASSL_PURE_C @@ -1375,16 +1374,51 @@ Sessions& GetSessions() static sslFactory* sslFactoryInstance = 0; -sslFactory& GetSSL_Factory(){ +sslFactory& GetSSL_Factory() +{ if (!sslFactoryInstance) sslFactoryInstance = NEW_YS sslFactory; return *sslFactoryInstance; } +static CryptProvider* cryptProviderInstance = 0; + +CryptProvider& GetCryptProvider() +{ + if (!cryptProviderInstance) + cryptProviderInstance = NEW_YS CryptProvider; + return *cryptProviderInstance; +} + + +CryptProvider::~CryptProvider() +{ + mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero()); + mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero()); +} + + +Digest* CryptProvider::NewMd5() +{ + Digest* ptr = NEW_YS MD5(); + digestList_.push_back(ptr); + return ptr; +} + + +BulkCipher* CryptProvider::NewDesEde() +{ + BulkCipher* ptr = NEW_YS DES_EDE(); + cipherList_.push_back(ptr); + return ptr; +} + + void CleanUp() { TaoCrypt::CleanUp(); + ysDelete(cryptProviderInstance); ysDelete(sslFactoryInstance); ysDelete(sessionsInstance); } @@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b) X509_NAME::X509_NAME(const char* n, size_t sz) - : name_(0) + : name_(0), sz_(sz) { if (sz) { name_ = NEW_YS char[sz]; memcpy(name_, n, sz); } + entry_.data = 0; } X509_NAME::~X509_NAME() { ysArrayDelete(name_); + ysArrayDelete(entry_.data); } @@ -1999,8 +2035,10 @@ char* X509_NAME::GetName() } -X509::X509(const char* i, size_t iSz, const char* s, size_t sSz) - : issuer_(i, iSz), subject_(s, sSz) +X509::X509(const char* i, size_t iSz, const char* s, size_t sSz, + const char* b, int bSz, const char* a, int aSz) + : issuer_(i, iSz), subject_(s, sSz), + beforeDate_(b, bSz), afterDate_(a, aSz) {} @@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject() } +ASN1_STRING* X509::GetBefore() +{ + return beforeDate_.GetString(); +} + + +ASN1_STRING* X509::GetAfter() +{ + return afterDate_.GetString(); +} + + +ASN1_STRING* X509_NAME::GetEntry(int i) +{ + if (i < 0 || i >= int(sz_)) + return 0; + + if (entry_.data) + ysArrayDelete(entry_.data); + entry_.data = NEW_YS byte[sz_]; // max size; + + memcpy(entry_.data, &name_[i], sz_ - i); + if (entry_.data[sz_ -i - 1]) { + entry_.data[sz_ - i] = 0; + entry_.length = sz_ - i; + } + else + entry_.length = sz_ - i - 1; + entry_.type = 0; + + return &entry_; +} + + +StringHolder::StringHolder(const char* str, int sz) +{ + asnString_.length = sz; + asnString_.data = NEW_YS byte[sz + 1]; + memcpy(asnString_.data, str, sz); + asnString_.type = 0; // not used for now +} + + +StringHolder::~StringHolder() +{ + ysArrayDelete(asnString_.data); +} + + +ASN1_STRING* StringHolder::GetString() +{ + return &asnString_; +} + + } // namespace diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index 6a1163fbb1c..da4c0ce1349 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -79,20 +79,27 @@ enum ASNIdFlag enum DNTags { - COMMON_NAME = 0x03 + COMMON_NAME = 0x03, // CN + SUR_NAME = 0x04, // SN + COUNTRY_NAME = 0x06, // C + LOCALITY_NAME = 0x07, // L + STATE_NAME = 0x08, // ST + ORG_NAME = 0x0a, // O + ORGUNIT_NAME = 0x0b // OU }; enum Constants { MIN_DATE_SZ = 13, - MAX_DATE_SZ = 15, + MAX_DATE_SZ = 16, MAX_ALGO_SZ = 16, MAX_LENGTH_SZ = 5, MAX_SEQ_SZ = 5, // enum(seq|con) + length(4) MAX_ALGO_SIZE = 9, MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4) - DSA_SIG_SZ = 40 + DSA_SIG_SZ = 40, + NAME_MAX = 512 // max total of all included names }; @@ -205,14 +212,14 @@ enum { SHA_SIZE = 20 }; // A Signing Authority class Signer { PublicKey key_; - char* name_; + char name_[NAME_MAX]; byte hash_[SHA_SIZE]; public: Signer(const byte* k, word32 kSz, const char* n, const byte* h); ~Signer(); const PublicKey& GetPublicKey() const { return key_; } - const char* GetCommonName() const { return name_; } + const char* GetName() const { return name_; } const byte* GetHash() const { return hash_; } private: @@ -245,6 +252,8 @@ public: const char* GetIssuer() const { return issuer_; } const char* GetCommonName() const { return subject_; } const byte* GetHash() const { return subjectHash_; } + const char* GetBeforeDate() const { return beforeDate_; } + const char* GetAfterDate() const { return afterDate_; } void DecodeToKey(); private: @@ -257,8 +266,10 @@ private: byte subjectHash_[SHA_SIZE]; // hash of all Names byte issuerHash_[SHA_SIZE]; // hash of all Names byte* signature_; - char* issuer_; // CommonName - char* subject_; // CommonName + char issuer_[NAME_MAX]; // Names + char subject_[NAME_MAX]; // Names + char beforeDate_[MAX_DATE_SZ]; // valid before date + char afterDate_[MAX_DATE_SZ]; // valid after date bool verify_; // Default to yes, but could be off void ReadHeader(); diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index 3efc26ab168..383fe65dea6 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -213,21 +213,17 @@ void PublicKey::AddToEnd(const byte* data, word32 len) Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h) - : key_(k, kSz), name_(0) + : key_(k, kSz) { - if (n) { int sz = strlen(n); - name_ = NEW_TC char[sz + 1]; memcpy(name_, n, sz); name_[sz] = 0; - } memcpy(hash_, h, SHA::DIGEST_SIZE); } Signer::~Signer() { - tcArrayDelete(name_); } @@ -424,17 +420,19 @@ void DH_Decoder::Decode(DH& key) CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers, bool noVerify, CertType ct) : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), - signature_(0), issuer_(0), subject_(0), verify_(!noVerify) + signature_(0), verify_(!noVerify) { + issuer_[0] = 0; + subject_[0] = 0; + if (decode) Decode(signers, ct); + } CertDecoder::~CertDecoder() { - tcArrayDelete(subject_); - tcArrayDelete(issuer_); tcArrayDelete(signature_); } @@ -672,8 +670,12 @@ void CertDecoder::GetName(NameType nt) SHA sha; word32 length = GetSequence(); // length of all distinguished names + assert (length < NAME_MAX); length += source_.get_index(); + char* ptr = (nt == ISSUER) ? issuer_ : subject_; + word32 idx = 0; + while (source_.get_index() < length) { GetSet(); GetSequence(); @@ -694,13 +696,49 @@ void CertDecoder::GetName(NameType nt) byte id = source_.next(); b = source_.next(); // strType word32 strLen = GetLength(source_); + bool copy = false; if (id == COMMON_NAME) { - char*& ptr = (nt == ISSUER) ? issuer_ : subject_; - ptr = NEW_TC char[strLen + 1]; - memcpy(ptr, source_.get_current(), strLen); - ptr[strLen] = 0; + memcpy(&ptr[idx], "/CN=", 4); + idx += 4; + copy = true; } + else if (id == SUR_NAME) { + memcpy(&ptr[idx], "/SN=", 4); + idx += 4; + copy = true; + } + else if (id == COUNTRY_NAME) { + memcpy(&ptr[idx], "/C=", 3); + idx += 3; + copy = true; + } + else if (id == LOCALITY_NAME) { + memcpy(&ptr[idx], "/L=", 3); + idx += 3; + copy = true; + } + else if (id == STATE_NAME) { + memcpy(&ptr[idx], "/ST=", 4); + idx += 4; + copy = true; + } + else if (id == ORG_NAME) { + memcpy(&ptr[idx], "/O=", 3); + idx += 3; + copy = true; + } + else if (id == ORGUNIT_NAME) { + memcpy(&ptr[idx], "/OU=", 4); + idx += 4; + copy = true; + } + + if (copy) { + memcpy(&ptr[idx], source_.get_current(), strLen); + idx += strLen; + } + sha.Update(source_.get_current(), strLen); source_.advance(strLen); } @@ -711,6 +749,8 @@ void CertDecoder::GetName(NameType nt) source_.advance(length); } } + ptr[idx++] = 0; + if (nt == ISSUER) sha.Final(issuerHash_); else @@ -744,6 +784,16 @@ void CertDecoder::GetDate(DateType dt) source_.SetError(BEFORE_DATE_E); else source_.SetError(AFTER_DATE_E); + + // save for later use + if (dt == BEFORE) { + memcpy(beforeDate_, date, length); + beforeDate_[length] = 0; + } + else { // after + memcpy(afterDate_, date, length); + afterDate_[length] = 0; + } } diff --git a/extra/yassl/taocrypt/src/integer.cpp b/extra/yassl/taocrypt/src/integer.cpp index 82a248ff7da..885ddfbf630 100644 --- a/extra/yassl/taocrypt/src/integer.cpp +++ b/extra/yassl/taocrypt/src/integer.cpp @@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b) product.reg_.CleanNew(RoundupSize(aSize + bSize)); product.sign_ = Integer::POSITIVE; - WordBlock workspace(aSize + bSize); + AlignedWordBlock workspace(aSize + bSize); AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize); } @@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient, quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2)); quotient.sign_ = Integer::POSITIVE; - WordBlock T(aSize+2*bSize+4); + AlignedWordBlock T(aSize+2*bSize+4); Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(), T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize); @@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const return !u ? Zero() : (m*(*this-u)+1)/(*this); } - WordBlock T(m.reg_.size() * 4); + AlignedWordBlock T(m.reg_.size() * 4); Integer r((word)0, m.reg_.size()); unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(), reg_.get_buffer(), reg_.size(), diff --git a/extra/yassl/taocrypt/src/make.bat b/extra/yassl/taocrypt/src/make.bat index 5a2ae580b76..3acd50fc875 100644 --- a/extra/yassl/taocrypt/src/make.bat +++ b/extra/yassl/taocrypt/src/make.bat @@ -1,4 +1,4 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 diff --git a/extra/yassl/taocrypt/src/misc.cpp b/extra/yassl/taocrypt/src/misc.cpp index 3d0539187a7..4ef163a7f5d 100644 --- a/extra/yassl/taocrypt/src/misc.cpp +++ b/extra/yassl/taocrypt/src/misc.cpp @@ -25,6 +25,15 @@ #include "runtime.hpp" #include "misc.hpp" + +extern "C" { + + // for libcurl configure test, these are the signatures they use + // locking handled internally by library + char CRYPTO_lock() { return 0;} + char CRYPTO_add_lock() { return 0;} +} // extern "C" + #ifdef YASSL_PURE_C void* operator new(size_t sz, TaoCrypt::new_t) diff --git a/extra/yassl/taocrypt/taocrypt.dsp b/extra/yassl/taocrypt/taocrypt.dsp index 13b9a07419b..b741cef0096 100644 --- a/extra/yassl/taocrypt/taocrypt.dsp +++ b/extra/yassl/taocrypt/taocrypt.dsp @@ -64,7 +64,8 @@ LIB32=link.exe -lib # PROP Intermediate_Dir "Debug" # PROP Target_Dir "" # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c -# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /FR /YX /FD /GZ /c +# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c +# SUBTRACT CPP /Fr # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp index 79d02b63558..7fe8656f6d2 100644 --- a/extra/yassl/testsuite/test.hpp +++ b/extra/yassl/testsuite/test.hpp @@ -305,8 +305,8 @@ inline void showPeer(SSL* ssl) char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); printf("peer's cert info:\n"); - printf("issuer is: %s\n", issuer); - printf("subject is: %s\n", subject); + printf("issuer : %s\n", issuer); + printf("subject: %s\n", subject); free(subject); free(issuer); diff --git a/extra/yassl/testsuite/testsuite.cpp b/extra/yassl/testsuite/testsuite.cpp index af988432a86..f8bbf698c70 100644 --- a/extra/yassl/testsuite/testsuite.cpp +++ b/extra/yassl/testsuite/testsuite.cpp @@ -146,10 +146,10 @@ int test_openSSL_des() (byte*)key, iv); byte cipher[16]; - DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[8], - &key[16], &iv, true); + DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[1], + &key[2], &iv, true); byte plain[16]; - DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[8], &key[16], + DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[1], &key[2], &iv, false); return 0; } diff --git a/extra/yassl/testsuite/testsuite.dsp b/extra/yassl/testsuite/testsuite.dsp index f896aa7f020..24c325fa878 100644 --- a/extra/yassl/testsuite/testsuite.dsp +++ b/extra/yassl/testsuite/testsuite.dsp @@ -42,7 +42,7 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD CPP /nologo /MT /W3 /GX- /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c +# ADD CPP /nologo /MT /W3 /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe @@ -67,7 +67,7 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c -# ADD CPP /nologo /MTd /W3 /Gm /GX- /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c +# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe From 987c85adb5efd476e56c322986e96c21f1955004 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 3 May 2006 13:11:04 +0200 Subject: [PATCH 18/53] Add certs/ file --- extra/yassl/certs/client-cert.der | Bin 0 -> 701 bytes extra/yassl/certs/client-key.der | Bin 0 -> 320 bytes extra/yassl/certs/dh1024.dat | 2 ++ extra/yassl/certs/dsa512.der | Bin 0 -> 252 bytes 4 files changed, 2 insertions(+) create mode 100644 extra/yassl/certs/client-cert.der create mode 100644 extra/yassl/certs/client-key.der create mode 100644 extra/yassl/certs/dh1024.dat create mode 100644 extra/yassl/certs/dsa512.der diff --git a/extra/yassl/certs/client-cert.der b/extra/yassl/certs/client-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..0127ead34a546064330d0a4fcb0293ad0a513c78 GIT binary patch literal 701 zcmXqLV%l!d#FV&znTe5!iIKs8myJ`a&7$81fnLfP}b&St}ERgMAFe3`9VDW?|m) z@^Zb(#Ny%{z2y8{LshT~&Kg7_dpL zTSm^lbkpU{=~H?BmT9D3Jtx#OkBwmw=iPHwYIohV7PuBNF*7nSE^fSP(0Iu}78qo* zd@N!tBI{J+e)%qr)^5M|QR}PIf&b^WZdq&4xCkV#%+ff^pmBNwRy7N2mQ)Q~AT%#?|IAAd}+TgqGNBFqb2*162BVmR%D6H;0sG5}K)h6h1P_ibA93DS) zveUC?l??rMC}q{o5`vxv0HO)q&N?RDMk=61aRLJY009C(Uk184Rd0i^Z|i@I0F5P| z_+>Hj#u7hK_5p7td@{iFghCjjIhmezk-#qJ#XQmN!M442X6iCPK*Q2QXb2!d0wDnJ zrUj&?pl(26QkX%QfJyK6z{X=~1daPKOUPe)Ie!@fApqMRVn$`uk+YNWH-En$5%y}m zTabyn=MDKKhQT%=JQ)HYW<@ijP7+`|v^ zVG1Ri@*x3g&8mzy=gMZ=R`d^jdeIoULj4;N0u=zQB`K>4p9vhntpgx-f2OzHO#=x6 zKoW?V+UL*c!cZIQhO-Q%7jd2qIS; zyA5}d&s#R_^CW_hip`LG+jsdFEpv14ySah_6eEM@zG|$b#|#`3Wp?h^!xfD-xC#pN C)No_~ literal 0 HcmV?d00001 From bb5c6d43827200dc27ba8bde0e0945c635beb52f Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Wed, 3 May 2006 13:20:51 +0200 Subject: [PATCH 19/53] Add original unmodified certs file --- extra/yassl/certs/client-cert.der | Bin 701 -> 699 bytes extra/yassl/certs/client-key.der | Bin 320 -> 318 bytes extra/yassl/certs/dh1024.dat | 3 +-- extra/yassl/certs/dsa512.der | Bin 252 -> 250 bytes 4 files changed, 1 insertion(+), 2 deletions(-) diff --git a/extra/yassl/certs/client-cert.der b/extra/yassl/certs/client-cert.der index 0127ead34a546064330d0a4fcb0293ad0a513c78..b28e2753376659d0034cdf6313c0c61d8c2033d3 100644 GIT binary patch delta 7 OcmdnXx|?;wZYBT>lLGJn delta 10 RcmdnZx|emsZYCx!E&vsS0|o#9 diff --git a/extra/yassl/certs/client-key.der b/extra/yassl/certs/client-key.der index 8021a40c28ed894b11867ca71a9acf0c64342997..6e8b432a07c4d197b514a05153da23ffcd388759 100644 GIT binary patch delta 7 OcmX@Ww2x_n9U}k>o&s_J delta 10 RcmdnTbbx7t9U~JL7XT9!0*C+r diff --git a/extra/yassl/certs/dh1024.dat b/extra/yassl/certs/dh1024.dat index 2db8fa78fe3..86a95518278 100644 --- a/extra/yassl/certs/dh1024.dat +++ b/extra/yassl/certs/dh1024.dat @@ -1,2 +1 @@ -30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102 - +30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102 \ No newline at end of file diff --git a/extra/yassl/certs/dsa512.der b/extra/yassl/certs/dsa512.der index 3cfc20dd0e94ddb7bf642d438bb36ee053934709..fe79ccb612bb03eec2a8238246d05c9f0cc4cfbc 100644 GIT binary patch delta 6 Ncmeyv_=|DEF8~Yp1A_nn delta 9 Qcmeyx_=j=AFD5Q702ZMGnE(I) From 5563a2f32f329a98a925b25a20d5ec273f6dc4af Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 14:04:54 +0200 Subject: [PATCH 20/53] Add support for specifyihng the number of reconnec retries oin the command line --- client/mysqltest.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/client/mysqltest.c b/client/mysqltest.c index 7257958311f..828845f1dcd 100644 --- a/client/mysqltest.c +++ b/client/mysqltest.c @@ -87,14 +87,6 @@ #endif #define MAX_SERVER_ARGS 64 -/* - Sometimes in a test the client starts before - the server - to solve the problem, we try again - after some sleep if connection fails the first - time -*/ -#define CON_RETRY_SLEEP 2 -#define MAX_CON_TRIES 5 #define SLAVE_POLL_INTERVAL 300000 /* 0.3 of a sec */ #define DEFAULT_DELIMITER ";" @@ -108,7 +100,7 @@ enum {OPT_MANAGER_USER=256,OPT_MANAGER_HOST,OPT_MANAGER_PASSWD, OPT_MANAGER_PORT,OPT_MANAGER_WAIT_TIMEOUT, OPT_SKIP_SAFEMALLOC, OPT_SSL_SSL, OPT_SSL_KEY, OPT_SSL_CERT, OPT_SSL_CA, OPT_SSL_CAPATH, OPT_SSL_CIPHER,OPT_PS_PROTOCOL,OPT_SP_PROTOCOL,OPT_CURSOR_PROTOCOL, - OPT_VIEW_PROTOCOL, OPT_SSL_VERIFY_SERVER_CERT}; + OPT_VIEW_PROTOCOL, OPT_SSL_VERIFY_SERVER_CERT, OPT_MAX_CONNECT_RETRIES}; /* ************************************************************************ */ /* @@ -157,6 +149,7 @@ static int record = 0, opt_sleep=0; static char *db = 0, *pass=0; const char *user = 0, *host = 0, *unix_sock = 0, *opt_basedir="./"; static int port = 0; +static int opt_max_connect_retries; static my_bool opt_big_test= 0, opt_compress= 0, silent= 0, verbose = 0; static my_bool tty_password= 0; static my_bool ps_protocol= 0, ps_protocol_enabled= 0; @@ -2125,9 +2118,16 @@ void init_manager() db, port, sock NOTE - This function will try to connect to the given server MAX_CON_TRIES - times and sleep CON_RETRY_SLEEP seconds between attempts before - finally giving up. This helps in situation when the client starts + + Sometimes in a test the client starts before + the server - to solve the problem, we try again + after some sleep if connection fails the first + time + + This function will try to connect to the given server + "opt_max_connect_retries" times and sleep "connection_retry_sleep" + seconds between attempts before finally giving up. + This helps in situation when the client starts before the server (which happens sometimes). It will ignore any errors during these retries. One should use connect_n_handle_errors() if he expects a connection error and wants @@ -2142,8 +2142,9 @@ int safe_connect(MYSQL* mysql, const char *host, const char *user, { int con_error= 1; my_bool reconnect= 1; + static int connection_retry_sleep= 2; /* Seconds */ int i; - for (i= 0; i < MAX_CON_TRIES; ++i) + for (i= 0; i < opt_max_connect_retries; i++) { if (mysql_real_connect(mysql, host,user, pass, db, port, sock, CLIENT_MULTI_STATEMENTS | CLIENT_REMEMBER_OPTIONS)) @@ -2151,7 +2152,7 @@ int safe_connect(MYSQL* mysql, const char *host, const char *user, con_error= 0; break; } - sleep(CON_RETRY_SLEEP); + sleep(connection_retry_sleep); } /* TODO: change this to 0 in future versions, but the 'kill' test relies on @@ -2887,6 +2888,10 @@ static struct my_option my_long_options[] = {"compress", 'C', "Use the compressed server/client protocol.", (gptr*) &opt_compress, (gptr*) &opt_compress, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, + {"max-connect-retries", OPT_MAX_CONNECT_RETRIES, + "Max number of connection attempts when connecting to server", + (gptr*) &opt_max_connect_retries, (gptr*) &opt_max_connect_retries, 0, + GET_INT, REQUIRED_ARG, 5, 1, 10, 0, 0, 0}, {"cursor-protocol", OPT_CURSOR_PROTOCOL, "Use cursors for prepared statements.", (gptr*) &cursor_protocol, (gptr*) &cursor_protocol, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, From 99475e7f4c2e802f5c7453b7fa45eb7248fb0f6e Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 14:06:34 +0200 Subject: [PATCH 21/53] Add tests for connecting to server with invalid and blank certs. --- mysql-test/r/openssl_1.result | 11 +++++++-- mysql-test/t/openssl_1.test | 42 +++++++++++++++++++++++++++++++++-- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 91382619b6c..1fcfb11525e 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -3,8 +3,8 @@ create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com"; flush privileges; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value @@ -41,3 +41,10 @@ ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1 drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost; drop table t1; +mysqltest: Could not open connection 'default': 2026 SSL connection error +mysqltest: Could not open connection 'default': 2026 SSL connection error +mysqltest: Could not open connection 'default': 2026 SSL connection error +Error when connection to server using SSL:Unable to get private key from '' +mysqltest: Could not open connection 'default': 2026 SSL connection error +Error when connection to server using SSL:Unable to get certificate from '' +mysqltest: Could not open connection 'default': 2026 SSL connection error diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 4cc9113048f..afee381f5b7 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -10,8 +10,8 @@ insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com"; -grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/Email=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/Email=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com"; +grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com"; flush privileges; connect (con1,localhost,ssl_user1,,,,,SSL); @@ -54,3 +54,41 @@ ssl_user3@localhost, ssl_user4@localhost; drop table t1; # End of 4.1 tests + +# +# Test that we can't open connection to server if we are using +# a different cacert +# +--exec echo "this query should not execute;" > $MYSQLTEST_VARDIR/tmp/test.sql +--error 1 +--exec $MYSQL_TEST --ssl-ca=$MYSQL_TEST_DIR/std_data/untrusted-cacert.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# +# Test that we can't open connection to server if we are using +# a blank ca +# +--error 1 +--exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# +# Test that we can't open connection to server if we are using +# a nonexistent ca file +# +--error 1 +--exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# +# Test that we can't open connection to server if we are using +# a blank client-key +# +--error 1 +--exec $MYSQL_TEST --ssl-key= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# +# Test that we can't open connection to server if we are using +# a blank client-cert +# +--error 1 +--exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + + From e1b41812b71148159fb46592776071e1215e7b8f Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 14:09:08 +0200 Subject: [PATCH 22/53] Load CA certs before setting local certs. Make it possible to get the yaSSL error message printed in the DBUG log file. --- vio/viossl.c | 26 ++++++++++++++++++-------- vio/viosslfactories.c | 21 +++++++++++---------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/vio/viossl.c b/vio/viossl.c index aa4cdda9f01..38654f05521 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -51,20 +51,30 @@ static int SSL_set_fd_bsd(SSL *s, int fd) static void -report_errors() +report_errors(SSL* ssl) { unsigned long l; const char *file; const char *data; int line,flags; + char buf[512]; + DBUG_ENTER("report_errors"); while ((l= ERR_get_error_line_data(&file,&line,&data,&flags))) { - char buf[512]; DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), file,line,(flags&ERR_TXT_STRING)?data:"")) ; } + +#ifdef HAVE_YASSL + /* + The above calls to ERR_* doesn't return any messages when we + are using yaSSL since error is stored in the SSL object we used. + */ + if (ssl) + DBUG_PRINT("error", ("yaSSL: %s", ERR_error_string(SSL_get_error(ssl, l), buf))); +#endif DBUG_PRINT("info", ("errno: %d", socket_errno)); DBUG_VOID_RETURN; } @@ -81,7 +91,7 @@ int vio_ssl_read(Vio *vio, gptr buf, int size) { int err= SSL_get_error((SSL*) vio->ssl_arg, r); DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err)); - report_errors(); + report_errors((SSL*) vio->ssl_arg); } DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); @@ -95,7 +105,7 @@ int vio_ssl_write(Vio *vio, const gptr buf, int size) DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d", vio->sd, buf, size)); if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0) - report_errors(); + report_errors((SSL*) vio->ssl_arg); DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); } @@ -148,7 +158,7 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (!(ssl= SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); - report_errors(); + report_errors(ssl); vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); @@ -162,7 +172,7 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (SSL_do_handshake(ssl) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); - report_errors(); + report_errors(ssl); SSL_free(ssl); vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); @@ -223,7 +233,7 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (!(ssl= SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); - report_errors(); + report_errors(ssl); vio_reset(vio, old_type, vio->sd, 0, FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); @@ -237,7 +247,7 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (SSL_do_handshake(ssl) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); - report_errors(); + report_errors(ssl); SSL_free(ssl); vio->ssl_arg= 0; vio_reset(vio, old_type, vio->sd, 0, FALSE); diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 2b3e80a98e4..f1d2b077367 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -103,7 +103,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) /* FIX stderr */ fprintf(stderr,"Error when connection to server using SSL:"); ERR_print_errors_fp(stderr); - fprintf(stderr,"Unable to get private key from '%s'\n", cert_file); + fprintf(stderr,"Unable to get private key from '%s'\n", key_file); fflush(stderr); DBUG_RETURN(1); } @@ -252,14 +252,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } - if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file)) - { - DBUG_PRINT("error", ("vio_set_cert_stuff failed")); - report_errors(); - my_free((void*)ssl_fd,MYF(0)); - DBUG_RETURN(0); - } - + /* Load certs from the trusted ca */ if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); @@ -272,6 +265,14 @@ new_VioSSLFd(const char *key_file, const char *cert_file, } } + if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file)) + { + DBUG_PRINT("error", ("vio_set_cert_stuff failed")); + report_errors(); + my_free((void*)ssl_fd,MYF(0)); + DBUG_RETURN(0); + } + /* DH stuff */ dh=get_dh512(); SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh); @@ -297,7 +298,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, return 0; } - /* Init the the VioSSLFd as a "connector" ie. the client side */ + /* Init the VioSSLFd as a "connector" ie. the client side */ /* The verify_callback function is used to control the behaviour From f0ac0fdf06a8ceff4d8768239115cca6697dfeeb Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 14:10:22 +0200 Subject: [PATCH 23/53] Add an untrusted cacert used when testing --- mysql-test/std_data/untrusted-cacert.pem | 53 ++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 mysql-test/std_data/untrusted-cacert.pem diff --git a/mysql-test/std_data/untrusted-cacert.pem b/mysql-test/std_data/untrusted-cacert.pem new file mode 100644 index 00000000000..981dd004fc6 --- /dev/null +++ b/mysql-test/std_data/untrusted-cacert.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 20:12:32 2005 GMT + Not After : Oct 15 20:12:32 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6: + 90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26: + c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7: + 6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34: + 7d:79:97:5e:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84 + X509v3 Authority Key Identifier: + keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84 + DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: md5WithRSAEncryption + 27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d: + 28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29: + a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47: + 03:ea:0b:4c:67:45:4b:ab:f3:39 +-----BEGIN CERTIFICATE----- +MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx +DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh +d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb +BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3 +MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP +BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3 +LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh +c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy +W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h +AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV +HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG +EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE +ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv +bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21 +86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk= +-----END CERTIFICATE----- From 7c8c14c4358476df753d101de2d1e72754dbac6f Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 15:53:59 +0200 Subject: [PATCH 24/53] Move "max-connect-retries" option to get alpabetichal order --- client/mysqltest.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/mysqltest.c b/client/mysqltest.c index 828845f1dcd..daaf378028e 100644 --- a/client/mysqltest.c +++ b/client/mysqltest.c @@ -2888,10 +2888,6 @@ static struct my_option my_long_options[] = {"compress", 'C', "Use the compressed server/client protocol.", (gptr*) &opt_compress, (gptr*) &opt_compress, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, - {"max-connect-retries", OPT_MAX_CONNECT_RETRIES, - "Max number of connection attempts when connecting to server", - (gptr*) &opt_max_connect_retries, (gptr*) &opt_max_connect_retries, 0, - GET_INT, REQUIRED_ARG, 5, 1, 10, 0, 0, 0}, {"cursor-protocol", OPT_CURSOR_PROTOCOL, "Use cursors for prepared statements.", (gptr*) &cursor_protocol, (gptr*) &cursor_protocol, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, @@ -2920,6 +2916,10 @@ static struct my_option my_long_options[] = {"manager-wait-timeout", OPT_MANAGER_WAIT_TIMEOUT, "Undocumented: Used for debugging.", (gptr*) &manager_wait_timeout, (gptr*) &manager_wait_timeout, 0, GET_INT, REQUIRED_ARG, 3, 0, 0, 0, 0, 0}, + {"max-connect-retries", OPT_MAX_CONNECT_RETRIES, + "Max number of connection attempts when connecting to server", + (gptr*) &opt_max_connect_retries, (gptr*) &opt_max_connect_retries, 0, + GET_INT, REQUIRED_ARG, 5, 1, 10, 0, 0, 0}, {"password", 'p', "Password to use when connecting to server.", 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0}, {"port", 'P', "Port number to use for connection.", (gptr*) &port, From 896704c648fc8a2e59b4f5b87a4d4a9851b427c0 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 16:59:02 +0200 Subject: [PATCH 25/53] Remove C++ comments Formatting --- sql-common/client.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sql-common/client.c b/sql-common/client.c index 9f445c02df9..26ebc9cc6b0 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1608,14 +1608,14 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname) X509_free (server_cert); DBUG_PRINT("info", ("hostname in cert: %s", buf)); - cp1 = strstr(buf, "/CN="); + cp1= strstr(buf, "/CN="); if (cp1) { - cp1 += 4; // Skip the "/CN=" that we found - // Search for next / which might be the delimiter for email - cp2 = strchr(cp1, '/'); + cp1+= 4; /* Skip the "/CN=" that we found */ + /* Search for next / which might be the delimiter for email */ + cp2= strchr(cp1, '/'); if (cp2) - *cp2 = '\0'; + *cp2= '\0'; DBUG_PRINT("info", ("Server hostname in cert: %s", cp1)); if (!strcmp(cp1, server_hostname)) { From 7aba56f4520edf3d49be9ffa3b54bfc3fb99630c Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 17:55:30 +0200 Subject: [PATCH 26/53] Use "const char*" for variable found, forte complains "Cannot use const char* to initialize char*" otherwise --- extra/yassl/src/ssl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 97e0e9a1717..e80df5a5e48 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -1080,7 +1080,7 @@ int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos) switch (nid) { case NID_commonName: - char* found = strstr(start, "/CN="); + const char* found = strstr(start, "/CN="); if (found) { found += 4; // advance to str idx = found - start + lastpos + 1; From 667435103d2e4f3d471d8753979170db8a5b61ab Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Wed, 3 May 2006 20:04:57 +0200 Subject: [PATCH 27/53] Check if "../libtool" is available and use it only when it is. --- mysql-test/mysql-test-run.pl | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 08b9ade72a1..78a665d4f00 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -134,7 +134,6 @@ our $glob_win32= 0; # OS and native Win32 executables our $glob_win32_perl= 0; # ActiveState Win32 Perl our $glob_cygwin_perl= 0; # Cygwin Perl our $glob_cygwin_shell= undef; -our $glob_use_libtool= 1; our $glob_mysql_test_dir= undef; our $glob_mysql_bench_dir= undef; our $glob_hostname= undef; @@ -444,13 +443,6 @@ sub initial_setup () { $glob_cygwin_perl= ($^O eq "cygwin"); $glob_win32= ($glob_win32_perl or $glob_cygwin_perl); - # Use libtool on all platforms except windows - if ( $glob_win32 ) - { - $glob_use_libtool= 0; - } - $exe_libtool= "../libtool"; - # We require that we are in the "mysql-test" directory # to run mysql-test-run @@ -1001,6 +993,21 @@ sub snapshot_setup () { sub executable_setup () { + # + # Check if libtool is available in this distribution/clone + # we need it when valgrinding or debugging non installed binary + # Otherwise valgrind will valgrind the libtool wrapper or bash + # and gdb will not find the real executable to debug + # + if ( -x "../libtool") + { + $exe_libtool= "../libtool"; + if ($opt_valgrind or $glob_debugger) + { + mtr_report("Using \"$exe_libtool\" when running valgrind or debugger"); + } + } + if ( $opt_source_dist ) { if ( $glob_win32 ) @@ -2626,7 +2633,7 @@ sub mysqld_start ($$$$$) { $exe= undef; } - if ($glob_use_libtool and $opt_valgrind) + if ($exe_libtool and $opt_valgrind) { # Add "libtool --mode-execute" # if running in valgrind(to avoid valgrinding bash) @@ -3132,7 +3139,7 @@ sub run_mysqltest ($) { debugger_arguments(\$args, \$exe, "client"); } - if ($glob_use_libtool and $opt_valgrind) + if ($exe_libtool and $opt_valgrind) { # Add "libtool --mode-execute" before the test to execute # if running in valgrind(to avoid valgrinding bash) @@ -3207,7 +3214,7 @@ sub gdb_arguments { mtr_add_arg($$args, "$type"); mtr_add_arg($$args, "-e"); - if ( $glob_use_libtool ) + if ( $exe_libtool ) { mtr_add_arg($$args, $exe_libtool); mtr_add_arg($$args, "--mode=execute"); @@ -3270,7 +3277,7 @@ sub ddd_arguments { my $save_exe= $$exe; $$args= []; - if ( $glob_use_libtool ) + if ( $exe_libtool ) { $$exe= $exe_libtool; mtr_add_arg($$args, "--mode=execute"); From 5becb110e00c91004a29ffe5e697e8c1f229f702 Mon Sep 17 00:00:00 2001 From: "tnurnberg@mysql.com" <> Date: Thu, 4 May 2006 03:12:51 +0200 Subject: [PATCH 28/53] Bug#19025 4.1 mysqldump doesn't correctly dump "auto_increment = [int]" mysqldump / SHOW CREATE TABLE will show the NEXT available value for the PK, rather than the *first* one that was available (that named in the original CREATE TABLE ... AUTO_INCREMENT = ... statement). This should produce correct and robust behaviour for the obvious use cases -- when no data were inserted, then we'll produce a statement featuring the same value the original CREATE TABLE had; if we dump with values, INSERTing the values on the target machine should set the correct next_ID anyway (and if not, we'll still have our AUTO_INCREMENT = ... to do that). Lastly, just the CREATE statement (with no data) for a table that saw inserts would still result in a table that new values could safely be inserted to). There seems to be no robust way however to see whether the next_ID field is > 1 because it was set to something else with CREATE TABLE ... AUTO_INCREMENT = ..., or because there is an AUTO_INCREMENT column in the table (but no initial value was set with AUTO_INCREMENT = ...) and then one or more rows were INSERTed, counting up next_ID. This means that in both cases, we'll generate an AUTO_INCREMENT = ... clause in SHOW CREATE TABLE / mysqldump. As we also show info on, say, charsets even if the user did not explicitly give that info in their own CREATE TABLE, this shouldn't be an issue. As per above, the next_ID will be affected by any INSERTs that have taken place, though. This /should/ result in correct and robust behaviour, but it may look non-intuitive to some users if they CREATE TABLE ... AUTO_INCREMENT = 1000 and later (after some INSERTs) have SHOW CREATE TABLE give them a different value (say, CREATE TABLE ... AUTO_INCREMENT = 1006), so the docs should possibly feature a caveat to that effect. It's not very intuitive the way it works now (with the fix), but it's *correct*. We're not storing the original value anyway, if we wanted that, we'd have to change on-disk representation? If we do dump/load cycles with empty DBs, nothing will change. This changeset includes an additional test case that proves that tables with rows will create the same next_ID for AUTO_INCREMENT = ... across dump/restore cycles. Confirmed by support as likely solution for client's problem. --- mysql-test/r/auto_increment.result | 24 +++++++++++++++++++ mysql-test/r/gis-rtree.result | 2 +- mysql-test/r/mysqldump.result | 38 ++++++++++++++++++++++++++++++ mysql-test/r/symlink.result | 4 ++-- mysql-test/t/auto_increment.test | 21 ++++++++++++++++- mysql-test/t/mysqldump.test | 32 ++++++++++++++++++++++++- sql/sql_show.cc | 18 ++++++++++++++ 7 files changed, 134 insertions(+), 5 deletions(-) diff --git a/mysql-test/r/auto_increment.result b/mysql-test/r/auto_increment.result index 9f3695cb1b1..426f20212c3 100644 --- a/mysql-test/r/auto_increment.result +++ b/mysql-test/r/auto_increment.result @@ -355,3 +355,27 @@ CHECK TABLE t1; Table Op Msg_type Msg_text test.t1 check status OK DROP TABLE IF EXISTS t1; +CREATE TABLE `t1` ( +t1_name VARCHAR(255) DEFAULT NULL, +t1_id INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, +KEY (t1_name), +PRIMARY KEY (t1_id) +) AUTO_INCREMENT = 1000; +INSERT INTO t1 (t1_name) VALUES('MySQL'); +INSERT INTO t1 (t1_name) VALUES('MySQL'); +INSERT INTO t1 (t1_name) VALUES('MySQL'); +SELECT * from t1; +t1_name t1_id +MySQL 1000 +MySQL 1001 +MySQL 1002 +SHOW CREATE TABLE `t1`; +Table Create Table +t1 CREATE TABLE `t1` ( + `t1_name` varchar(255) default NULL, + `t1_id` int(10) unsigned NOT NULL auto_increment, + PRIMARY KEY (`t1_id`), + KEY `t1_name` (`t1_name`) +) ENGINE=MyISAM AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 +DROP TABLE `t1`; +End of 4.1 tests diff --git a/mysql-test/r/gis-rtree.result b/mysql-test/r/gis-rtree.result index 5283ef4d889..f479fc41ffb 100644 --- a/mysql-test/r/gis-rtree.result +++ b/mysql-test/r/gis-rtree.result @@ -294,7 +294,7 @@ t2 CREATE TABLE `t2` ( `g` geometry NOT NULL default '', PRIMARY KEY (`fid`), SPATIAL KEY `g` (`g`(32)) -) ENGINE=MyISAM DEFAULT CHARSET=latin1 +) ENGINE=MyISAM AUTO_INCREMENT=101 DEFAULT CHARSET=latin1 SELECT count(*) FROM t2; count(*) 100 diff --git a/mysql-test/r/mysqldump.result b/mysql-test/r/mysqldump.result index fb72abe9b45..4109e9d13ec 100644 --- a/mysql-test/r/mysqldump.result +++ b/mysql-test/r/mysqldump.result @@ -1503,3 +1503,41 @@ select * from t1; a b Osnabrück Köln drop table t1; +create table `t1` ( +t1_name varchar(255) default null, +t1_id int(10) unsigned not null auto_increment, +key (t1_name), +primary key (t1_id) +) auto_increment = 1000 default charset=latin1; +insert into t1 (t1_name) values('bla'); +insert into t1 (t1_name) values('bla'); +insert into t1 (t1_name) values('bla'); +select * from t1; +t1_name t1_id +bla 1000 +bla 1001 +bla 1002 +show create table `t1`; +Table Create Table +t1 CREATE TABLE `t1` ( + `t1_name` varchar(255) default NULL, + `t1_id` int(10) unsigned NOT NULL auto_increment, + PRIMARY KEY (`t1_id`), + KEY `t1_name` (`t1_name`) +) ENGINE=MyISAM AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 +DROP TABLE `t1`; +select * from t1; +t1_name t1_id +bla 1000 +bla 1001 +bla 1002 +show create table `t1`; +Table Create Table +t1 CREATE TABLE `t1` ( + `t1_name` varchar(255) default NULL, + `t1_id` int(10) unsigned NOT NULL auto_increment, + PRIMARY KEY (`t1_id`), + KEY `t1_name` (`t1_name`) +) ENGINE=MyISAM AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 +drop table `t1`; +End of 4.1 tests diff --git a/mysql-test/r/symlink.result b/mysql-test/r/symlink.result index 26612ec81fd..caff53f8fd7 100644 --- a/mysql-test/r/symlink.result +++ b/mysql-test/r/symlink.result @@ -40,7 +40,7 @@ t9 CREATE TABLE `t9` ( `b` char(16) NOT NULL default '', `c` int(11) NOT NULL default '0', PRIMARY KEY (`a`) -) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='TEST_DIR/var/tmp/' INDEX DIRECTORY='TEST_DIR/var/run/' +) ENGINE=MyISAM AUTO_INCREMENT=16725 DEFAULT CHARSET=latin1 DATA DIRECTORY='TEST_DIR/var/tmp/' INDEX DIRECTORY='TEST_DIR/var/run/' alter table t9 rename t8, add column d int not null; alter table t8 rename t7; rename table t7 to t9; @@ -62,7 +62,7 @@ t9 CREATE TABLE `t9` ( `c` int(11) NOT NULL default '0', `d` int(11) NOT NULL default '0', PRIMARY KEY (`a`) -) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='TEST_DIR/var/tmp/' INDEX DIRECTORY='TEST_DIR/var/run/' +) ENGINE=MyISAM AUTO_INCREMENT=16725 DEFAULT CHARSET=latin1 DATA DIRECTORY='TEST_DIR/var/tmp/' INDEX DIRECTORY='TEST_DIR/var/run/' drop database mysqltest; create table t1 (a int not null) engine=myisam; show create table t1; diff --git a/mysql-test/t/auto_increment.test b/mysql-test/t/auto_increment.test index b6a0aeb9a19..eed2ea44d05 100644 --- a/mysql-test/t/auto_increment.test +++ b/mysql-test/t/auto_increment.test @@ -219,4 +219,23 @@ INSERT INTO t1 (b) VALUES ('bbbb'); CHECK TABLE t1; DROP TABLE IF EXISTS t1; -# End of 4.1 tests +# BUG #19025: + +CREATE TABLE `t1` ( + t1_name VARCHAR(255) DEFAULT NULL, + t1_id INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + KEY (t1_name), + PRIMARY KEY (t1_id) +) AUTO_INCREMENT = 1000; + +INSERT INTO t1 (t1_name) VALUES('MySQL'); +INSERT INTO t1 (t1_name) VALUES('MySQL'); +INSERT INTO t1 (t1_name) VALUES('MySQL'); + +SELECT * from t1; + +SHOW CREATE TABLE `t1`; + +DROP TABLE `t1`; + +--echo End of 4.1 tests diff --git a/mysql-test/t/mysqldump.test b/mysql-test/t/mysqldump.test index ad1fb534836..3b83f8fea01 100644 --- a/mysql-test/t/mysqldump.test +++ b/mysql-test/t/mysqldump.test @@ -647,4 +647,34 @@ select * from t1; select * from t1; drop table t1; -# End of 4.1 tests + +# +# BUG #19025 mysqldump doesn't correctly dump "auto_increment = [int]" +# +create table `t1` ( + t1_name varchar(255) default null, + t1_id int(10) unsigned not null auto_increment, + key (t1_name), + primary key (t1_id) +) auto_increment = 1000 default charset=latin1; + +insert into t1 (t1_name) values('bla'); +insert into t1 (t1_name) values('bla'); +insert into t1 (t1_name) values('bla'); + +select * from t1; + +show create table `t1`; + +--exec $MYSQL_DUMP --skip-comments test t1 > $MYSQLTEST_VARDIR/tmp/bug19025.sql +DROP TABLE `t1`; + +--exec $MYSQL test < $MYSQLTEST_VARDIR/tmp/bug19025.sql + +select * from t1; + +show create table `t1`; + +drop table `t1`; + +--echo End of 4.1 tests diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 268292022e4..3ed55297949 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1480,6 +1480,24 @@ store_create_info(THD *thd, TABLE *table, String *packet) packet->append(" ENGINE=", 8); packet->append(file->table_type()); + /* + Add AUTO_INCREMENT=... if there is an AUTO_INCREMENT column, + and NEXT_ID > 1 (the default). We must not print the clause + for engines that do not support this as it would break the + import of dumps, but as of this writing, the test for whether + AUTO_INCREMENT columns are allowed and wether AUTO_INCREMENT=... + is supported is identical, !(file->table_flags() & HA_NO_AUTO_INCREMENT)) + Because of that, we do not explicitly test for the feature, + but may extrapolate its existence from that of an AUTO_INCREMENT column. + */ + + if(create_info.auto_increment_value > 1) + { + packet->append(" AUTO_INCREMENT=", 16); + end= longlong10_to_str(create_info.auto_increment_value, buff,10); + packet->append(buff, (uint) (end - buff)); + } + if (table->table_charset && !(thd->variables.sql_mode & MODE_MYSQL323) && !(thd->variables.sql_mode & MODE_MYSQL40)) From 15babe1495ae280d8ed4f484aec21a3aee4b6e57 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Thu, 4 May 2006 10:28:49 +0200 Subject: [PATCH 29/53] Put the "test_running_as_root.txt" file in the vardir to avoid that two mysql-test-run's running in parallel uses the same file --- mysql-test/mysql-test-run.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index 78a665d4f00..f3060b8f19f 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -1344,7 +1344,7 @@ sub kill_and_cleanup () { sub check_running_as_root () { # Check if running as root # i.e a file can be read regardless what mode we set it to - my $test_file= "test_running_as_root.txt"; + my $test_file= "$opt_vardir/test_running_as_root.txt"; mtr_tofile($test_file, "MySQL"); chmod(oct("0000"), $test_file); From 697069af2c68cfc7aa378625d34ed040c81abb4f Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Thu, 4 May 2006 10:30:08 +0200 Subject: [PATCH 30/53] Fix warnings --- vio/viossl.c | 60 ++++++++++++++++++++++--------------------- vio/viosslfactories.c | 2 +- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/vio/viossl.c b/vio/viossl.c index 38654f05521..e869493c604 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -56,8 +56,10 @@ report_errors(SSL* ssl) unsigned long l; const char *file; const char *data; - int line,flags; + int line, flags; +#ifndef DBUG_OFF char buf[512]; +#endif DBUG_ENTER("report_errors"); @@ -67,15 +69,11 @@ report_errors(SSL* ssl) file,line,(flags&ERR_TXT_STRING)?data:"")) ; } -#ifdef HAVE_YASSL - /* - The above calls to ERR_* doesn't return any messages when we - are using yaSSL since error is stored in the SSL object we used. - */ if (ssl) - DBUG_PRINT("error", ("yaSSL: %s", ERR_error_string(SSL_get_error(ssl, l), buf))); -#endif - DBUG_PRINT("info", ("errno: %d", socket_errno)); + DBUG_PRINT("error", ("error: %s", + ERR_error_string(SSL_get_error(ssl, l), buf))); + + DBUG_PRINT("info", ("socket_errno: %d", socket_errno)); DBUG_VOID_RETURN; } @@ -87,12 +85,11 @@ int vio_ssl_read(Vio *vio, gptr buf, int size) DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d, ssl_: 0x%p", vio->sd, buf, size, vio->ssl_arg)); - if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0) - { - int err= SSL_get_error((SSL*) vio->ssl_arg, r); - DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err)); + r= SSL_read((SSL*) vio->ssl_arg, buf, size); +#ifndef DBUG_OFF + if (r < 0) report_errors((SSL*) vio->ssl_arg); - } +#endif DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); } @@ -104,8 +101,11 @@ int vio_ssl_write(Vio *vio, const gptr buf, int size) DBUG_ENTER("vio_ssl_write"); DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d", vio->sd, buf, size)); - if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0) + r= SSL_write((SSL*) vio->ssl_arg, buf, size); +#ifndef DBUG_OFF + if (r < 0) report_errors((SSL*) vio->ssl_arg); +#endif DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); } @@ -142,7 +142,6 @@ int vio_ssl_close(Vio *vio) int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) { SSL *ssl; - X509 *client_cert; my_bool unused; my_bool net_blocking; enum enum_vio_type old_type; @@ -183,6 +182,7 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) #ifndef DBUG_OFF { char buf[1024]; + X509 *client_cert; DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl))); if ((client_cert= SSL_get_peer_certificate (ssl))) @@ -217,7 +217,6 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) { SSL *ssl; - X509 *server_cert; my_bool unused; my_bool net_blocking; enum enum_vio_type old_type; @@ -255,20 +254,23 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) DBUG_RETURN(1); } #ifndef DBUG_OFF - DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl))); - - if ((server_cert= SSL_get_peer_certificate (ssl))) { - char buf[256]; - DBUG_PRINT("info",("Server certificate:")); - X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); - DBUG_PRINT("info",("\t subject: %s", buf)); - X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf)); - DBUG_PRINT("info",("\t issuer: %s", buf)); - X509_free (server_cert); + X509 *server_cert; + DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl))); + + if ((server_cert= SSL_get_peer_certificate (ssl))) + { + char buf[256]; + DBUG_PRINT("info",("Server certificate:")); + X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); + DBUG_PRINT("info",("\t subject: %s", buf)); + X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf)); + DBUG_PRINT("info",("\t issuer: %s", buf)); + X509_free (server_cert); + } + else + DBUG_PRINT("info",("Server does not have certificate.")); } - else - DBUG_PRINT("info",("Server does not have certificate.")); #endif DBUG_RETURN(0); diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index f1d2b077367..058a19dfa0c 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -339,7 +339,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, Use the ssl_fd pointer */ SSL_CTX_set_session_id_context(ssl_fd->ssl_context, - ssl_fd, + (const unsigned char *)ssl_fd, sizeof(ssl_fd)); return ssl_fd; From 8f7a52ce6cbd6c1228b23cd7b2658fc791ad11e3 Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Thu, 4 May 2006 17:44:09 +0200 Subject: [PATCH 31/53] Move "check_running_as_root" to after var directory has been created --- mysql-test/mysql-test-run.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl index f3060b8f19f..90155aee9d9 100755 --- a/mysql-test/mysql-test-run.pl +++ b/mysql-test/mysql-test-run.pl @@ -376,7 +376,6 @@ sub main () { check_ndbcluster_support(); # We check whether to actually use it later check_ssl_support(); - check_running_as_root(); environment_setup(); signal_setup(); @@ -1661,6 +1660,7 @@ sub initialize_servers () { save_installed_db(); } } + check_running_as_root(); } } From 4c866961ed47db470cdd25c82a9cbf36d1ec1e6c Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Thu, 4 May 2006 17:47:25 +0200 Subject: [PATCH 32/53] Bug#18474 Unlistable directories yield no info from information_schema, part2 - Move "chmod" part of information_schema test to separate file --- mysql-test/r/information_schema.result | 5 ----- mysql-test/r/information_schema_chmod.result | 5 +++++ mysql-test/t/information_schema.test | 9 --------- mysql-test/t/information_schema_chmod.test | 20 ++++++++++++++++++++ 4 files changed, 25 insertions(+), 14 deletions(-) create mode 100644 mysql-test/r/information_schema_chmod.result create mode 100644 mysql-test/t/information_schema_chmod.test diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index d5fb046d319..5224971890a 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1083,11 +1083,6 @@ DROP TABLE t1; DROP VIEW v1; DROP FUNCTION func1; DROP FUNCTION func2; -create database mysqltest; -create table mysqltest.t1(a int); -select table_schema from information_schema.tables where table_schema='mysqltest'; -table_schema -drop database mysqltest; select column_type, group_concat(table_schema, '.', table_name), count(*) as num from information_schema.columns where table_schema='information_schema' and diff --git a/mysql-test/r/information_schema_chmod.result b/mysql-test/r/information_schema_chmod.result new file mode 100644 index 00000000000..36124559439 --- /dev/null +++ b/mysql-test/r/information_schema_chmod.result @@ -0,0 +1,5 @@ +create database mysqltest; +create table mysqltest.t1(a int); +select table_schema from information_schema.tables where table_schema='mysqltest'; +table_schema +drop database mysqltest; diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index 90b0fd95eee..11178adbc9b 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -793,15 +793,6 @@ DROP VIEW v1; DROP FUNCTION func1; DROP FUNCTION func2; -# -# Bug #15851 Unlistable directories yield no info from information_schema -# -create database mysqltest; -create table mysqltest.t1(a int); ---exec chmod -r $MYSQLTEST_VARDIR/master-data/mysqltest -select table_schema from information_schema.tables where table_schema='mysqltest'; ---exec chmod +r $MYSQLTEST_VARDIR/master-data/mysqltest -drop database mysqltest; # # Bug#15307 GROUP_CONCAT() with ORDER BY returns empty set on information_schema diff --git a/mysql-test/t/information_schema_chmod.test b/mysql-test/t/information_schema_chmod.test new file mode 100644 index 00000000000..fb850b8e38d --- /dev/null +++ b/mysql-test/t/information_schema_chmod.test @@ -0,0 +1,20 @@ +# +# Due to "Bug#18474 Unlistable directories yield no info from +# information_schema, part2" this test can't be run on Window with our +# current test framework. When "chmod -r" is done within cygwin the +# MySQL Server can still read the directory. +# Manual testing shows the functionalty to skip unlistable directories +# works on windows +# +--source include/not_windows.inc + + +# +# Bug #15851 Unlistable directories yield no info from information_schema +# +create database mysqltest; +create table mysqltest.t1(a int); +--exec chmod -r $MYSQLTEST_VARDIR/master-data/mysqltest +select table_schema from information_schema.tables where table_schema='mysqltest'; +--exec chmod +r $MYSQLTEST_VARDIR/master-data/mysqltest +drop database mysqltest; From 526e1a70e2dd6b53f879cb6bad18698b76ca38bd Mon Sep 17 00:00:00 2001 From: "jani@ua141d10.elisa.omakaista.fi" <> Date: Thu, 4 May 2006 19:31:10 +0300 Subject: [PATCH 33/53] Fix for Bug#11326. --- mysql-test/r/date_formats.result | 18 ++++++++++++++++++ mysql-test/t/date_formats.test | 11 +++++++++++ sql/item_timefunc.cc | 3 ++- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/date_formats.result b/mysql-test/r/date_formats.result index 014eeed27e7..edfe17b0cb4 100644 --- a/mysql-test/r/date_formats.result +++ b/mysql-test/r/date_formats.result @@ -473,3 +473,21 @@ NULL select str_to_date( 1, IF(1=1,NULL,NULL) ); str_to_date( 1, IF(1=1,NULL,NULL) ) NULL +SELECT TIME_FORMAT("24:00:00", '%r'); +TIME_FORMAT("24:00:00", '%r') +12:00:00 AM +SELECT TIME_FORMAT("00:00:00", '%r'); +TIME_FORMAT("00:00:00", '%r') +12:00:00 AM +SELECT TIME_FORMAT("12:00:00", '%r'); +TIME_FORMAT("12:00:00", '%r') +12:00:00 PM +SELECT TIME_FORMAT("15:00:00", '%r'); +TIME_FORMAT("15:00:00", '%r') +03:00:00 PM +SELECT TIME_FORMAT("01:00:00", '%r'); +TIME_FORMAT("01:00:00", '%r') +01:00:00 AM +SELECT TIME_FORMAT("25:00:00", '%r'); +TIME_FORMAT("25:00:00", '%r') +01:00:00 AM diff --git a/mysql-test/t/date_formats.test b/mysql-test/t/date_formats.test index 78b4482a94a..143cddbc4fe 100644 --- a/mysql-test/t/date_formats.test +++ b/mysql-test/t/date_formats.test @@ -276,3 +276,14 @@ select str_to_date( 1, NULL ); select str_to_date( NULL, 1 ); select str_to_date( 1, IF(1=1,NULL,NULL) ); # End of 4.1 tests + +# +# Bug#11326 +# + +SELECT TIME_FORMAT("24:00:00", '%r'); +SELECT TIME_FORMAT("00:00:00", '%r'); +SELECT TIME_FORMAT("12:00:00", '%r'); +SELECT TIME_FORMAT("15:00:00", '%r'); +SELECT TIME_FORMAT("01:00:00", '%r'); +SELECT TIME_FORMAT("25:00:00", '%r'); diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index f3d6858755c..f26b5aae37a 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -620,7 +620,8 @@ bool make_date_time(DATE_TIME_FORMAT *format, TIME *l_time, case 'r': length= my_sprintf(intbuff, (intbuff, - (l_time->hour < 12) ? "%02d:%02d:%02d AM" : "%02d:%02d:%02d PM", + ((l_time->hour % 24) < 12) ? + "%02d:%02d:%02d AM" : "%02d:%02d:%02d PM", (l_time->hour+11)%12+1, l_time->minute, l_time->second)); From 06d6b7472be3eb2a37719018349829daef672acd Mon Sep 17 00:00:00 2001 From: "jani@ua141d10.elisa.omakaista.fi" <> Date: Thu, 4 May 2006 20:19:37 +0300 Subject: [PATCH 34/53] Fixed Bug#11324: TIME_FORMAT using "%l:%i" returns 36:00 with 24:00:00 in TIME column --- mysql-test/r/date_formats.result | 18 ++++++++++++++++++ mysql-test/t/date_formats.test | 11 +++++++++++ sql/item_timefunc.cc | 2 +- 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/date_formats.result b/mysql-test/r/date_formats.result index edfe17b0cb4..24abdfcf148 100644 --- a/mysql-test/r/date_formats.result +++ b/mysql-test/r/date_formats.result @@ -491,3 +491,21 @@ TIME_FORMAT("01:00:00", '%r') SELECT TIME_FORMAT("25:00:00", '%r'); TIME_FORMAT("25:00:00", '%r') 01:00:00 AM +SELECT TIME_FORMAT("00:00:00", '%l %p'); +TIME_FORMAT("00:00:00", '%l %p') +12 AM +SELECT TIME_FORMAT("01:00:00", '%l %p'); +TIME_FORMAT("01:00:00", '%l %p') +1 AM +SELECT TIME_FORMAT("12:00:00", '%l %p'); +TIME_FORMAT("12:00:00", '%l %p') +12 PM +SELECT TIME_FORMAT("23:00:00", '%l %p'); +TIME_FORMAT("23:00:00", '%l %p') +11 PM +SELECT TIME_FORMAT("24:00:00", '%l %p'); +TIME_FORMAT("24:00:00", '%l %p') +12 AM +SELECT TIME_FORMAT("25:00:00", '%l %p'); +TIME_FORMAT("25:00:00", '%l %p') +1 AM diff --git a/mysql-test/t/date_formats.test b/mysql-test/t/date_formats.test index 143cddbc4fe..f3d507e69e6 100644 --- a/mysql-test/t/date_formats.test +++ b/mysql-test/t/date_formats.test @@ -287,3 +287,14 @@ SELECT TIME_FORMAT("12:00:00", '%r'); SELECT TIME_FORMAT("15:00:00", '%r'); SELECT TIME_FORMAT("01:00:00", '%r'); SELECT TIME_FORMAT("25:00:00", '%r'); + +# +# Bug#11324 +# + +SELECT TIME_FORMAT("00:00:00", '%l %p'); +SELECT TIME_FORMAT("01:00:00", '%l %p'); +SELECT TIME_FORMAT("12:00:00", '%l %p'); +SELECT TIME_FORMAT("23:00:00", '%l %p'); +SELECT TIME_FORMAT("24:00:00", '%l %p'); +SELECT TIME_FORMAT("25:00:00", '%l %p'); diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index f26b5aae37a..670fb94fc2c 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -609,7 +609,7 @@ bool make_date_time(DATE_TIME_FORMAT *format, TIME *l_time, break; case 'l': days_i= l_time->hour/24; - hours_i= (l_time->hour%24 + 11)%12+1 + 24*days_i; + hours_i= (l_time->hour%24 + 11)%12+1; length= int10_to_str(hours_i, intbuff, 10) - intbuff; str->append_with_prefill(intbuff, length, 1, '0'); break; From 46f7b3366c04db5e283d6d1cddff70b8ed92fa23 Mon Sep 17 00:00:00 2001 From: "jani@ua141d10.elisa.omakaista.fi" <> Date: Thu, 4 May 2006 21:21:22 +0300 Subject: [PATCH 35/53] Fixed a test case that got broken during merge. --- mysql-test/r/symlink.result | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysql-test/r/symlink.result b/mysql-test/r/symlink.result index 74f9eba802c..3ce7cc0c835 100644 --- a/mysql-test/r/symlink.result +++ b/mysql-test/r/symlink.result @@ -53,7 +53,7 @@ t9 CREATE TABLE `t9` ( `c` int(11) NOT NULL, `d` int(11) NOT NULL, PRIMARY KEY (`a`) -) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/' INDEX DIRECTORY='MYSQLTEST_VARDIR/run/' +) ENGINE=MyISAM AUTO_INCREMENT=16725 DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/' INDEX DIRECTORY='MYSQLTEST_VARDIR/run/' Got one of the listed errors Got one of the listed errors Got one of the listed errors From 2842d28d148252036c02c6e3efff47313e65da0d Mon Sep 17 00:00:00 2001 From: "paul@polar.kitebird.com" <> Date: Thu, 4 May 2006 16:14:19 -0500 Subject: [PATCH 36/53] .del-changelog-4.0.xml~8f56ee8a913e848b: Delete: Docs/changelog-4.0.xml --- Docs/changelog-4.0.xml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100755 Docs/changelog-4.0.xml diff --git a/Docs/changelog-4.0.xml b/Docs/changelog-4.0.xml deleted file mode 100755 index f0f9aa881f1..00000000000 --- a/Docs/changelog-4.0.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - Changes in release 4.0.x - - - - This is a dummy changelog file. Don't use it yet. - - - From a1e6218461418e885540db5093d63043ad291ad9 Mon Sep 17 00:00:00 2001 From: "paul@polar.kitebird.com" <> Date: Thu, 4 May 2006 16:16:18 -0500 Subject: [PATCH 37/53] .del-changelog-4.1.xml~8aa496ebed09d868: Delete: Docs/changelog-4.1.xml --- Docs/changelog-4.1.xml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100755 Docs/changelog-4.1.xml diff --git a/Docs/changelog-4.1.xml b/Docs/changelog-4.1.xml deleted file mode 100755 index 644f2940d0f..00000000000 --- a/Docs/changelog-4.1.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - Changes in release 4.1.x - - - - This is a dummy changelog file. Don't use it yet. - - - From 61632812e237d996b8124b6448acdc5d3e6fcd31 Mon Sep 17 00:00:00 2001 From: "paul@polar.kitebird.com" <> Date: Thu, 4 May 2006 16:21:10 -0500 Subject: [PATCH 38/53] .del-changelog-5.0.xml~f4c50926ccdd7434: Delete: Docs/changelog-5.0.xml --- Docs/changelog-5.0.xml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100755 Docs/changelog-5.0.xml diff --git a/Docs/changelog-5.0.xml b/Docs/changelog-5.0.xml deleted file mode 100755 index deb059716ad..00000000000 --- a/Docs/changelog-5.0.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - Changes in release 5.0.x - - - - This is a dummy changelog file. Don't use it yet. - - - From 8b933cd63d7c95bebb1a89fdea88fe9c54e6afd1 Mon Sep 17 00:00:00 2001 From: "jani@ua141d10.elisa.omakaista.fi" <> Date: Fri, 5 May 2006 00:27:12 +0300 Subject: [PATCH 39/53] Added more comments to the test cases. --- mysql-test/t/date_formats.test | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mysql-test/t/date_formats.test b/mysql-test/t/date_formats.test index 94a192e12f2..c3dd68abb86 100644 --- a/mysql-test/t/date_formats.test +++ b/mysql-test/t/date_formats.test @@ -280,6 +280,10 @@ select str_to_date( 1, IF(1=1,NULL,NULL) ); # # Bug#11326 +# TIME_FORMAT using "%r" returns wrong hour using 24:00:00 in TIME column +# +# This tests that 24:00:00 does not return PM, when it should be AM. +# Some other values are being tested same time. # SELECT TIME_FORMAT("24:00:00", '%r'); @@ -291,6 +295,10 @@ SELECT TIME_FORMAT("25:00:00", '%r'); # # Bug#11324 +# TIME_FORMAT using "%l:%i" returns 36:00 with 24:00:00 in TIME column +# +# This tests that 24:00:00 does not change to "36:00 AM". Testing +# some other values same time. # SELECT TIME_FORMAT("00:00:00", '%l %p'); From 5ce418b260461908b84e5e0f34ddc106ef3be99e Mon Sep 17 00:00:00 2001 From: "pekka@mysql.com" <> Date: Fri, 5 May 2006 00:53:34 +0200 Subject: [PATCH 40/53] ndb - bug#17421, changes NDB API pushdown LIKE arg to plain char --- mysql-test/r/ndb_condition_pushdown.result | 60 ++++++++++++++++++++++ mysql-test/t/ndb_condition_pushdown.test | 37 +++++++++++++ ndb/include/ndbapi/NdbOperation.hpp | 4 ++ ndb/include/util/NdbSqlUtil.hpp | 9 ++-- ndb/src/common/util/NdbSqlUtil.cpp | 24 +++++---- 5 files changed, 117 insertions(+), 17 deletions(-) diff --git a/mysql-test/r/ndb_condition_pushdown.result b/mysql-test/r/ndb_condition_pushdown.result index c516740d02c..27a510b252f 100644 --- a/mysql-test/r/ndb_condition_pushdown.result +++ b/mysql-test/r/ndb_condition_pushdown.result @@ -1782,5 +1782,65 @@ select * from t5 where b like '%jo%' order by a; a b 1 jonas 3 johan +drop table t1; +create table t1 (a int, b varchar(3), primary key using hash(a)) +engine=ndb; +insert into t1 values (1,'a'), (2,'ab'), (3,'abc'); +set engine_condition_pushdown = off; +select * from t1 where b like 'ab'; +a b +2 ab +select * from t1 where b like 'ab' or b like 'ab'; +a b +2 ab +select * from t1 where b like 'abc'; +a b +3 abc +select * from t1 where b like 'abc' or b like 'abc'; +a b +3 abc +set engine_condition_pushdown = on; +select * from t1 where b like 'ab'; +a b +2 ab +select * from t1 where b like 'ab' or b like 'ab'; +a b +2 ab +select * from t1 where b like 'abc'; +a b +3 abc +select * from t1 where b like 'abc' or b like 'abc'; +a b +3 abc +drop table t1; +create table t1 (a int, b char(3), primary key using hash(a)) +engine=ndb; +insert into t1 values (1,'a'), (2,'ab'), (3,'abc'); +set engine_condition_pushdown = off; +select * from t1 where b like 'ab'; +a b +2 ab +select * from t1 where b like 'ab' or b like 'ab'; +a b +2 ab +select * from t1 where b like 'abc'; +a b +3 abc +select * from t1 where b like 'abc' or b like 'abc'; +a b +3 abc +set engine_condition_pushdown = on; +select * from t1 where b like 'ab'; +a b +2 ab +select * from t1 where b like 'ab' or b like 'ab'; +a b +2 ab +select * from t1 where b like 'abc'; +a b +3 abc +select * from t1 where b like 'abc' or b like 'abc'; +a b +3 abc set engine_condition_pushdown = @old_ecpd; DROP TABLE t1,t2,t3,t4,t5; diff --git a/mysql-test/t/ndb_condition_pushdown.test b/mysql-test/t/ndb_condition_pushdown.test index 1e6e105bc61..398ca3c502c 100644 --- a/mysql-test/t/ndb_condition_pushdown.test +++ b/mysql-test/t/ndb_condition_pushdown.test @@ -1649,5 +1649,42 @@ set engine_condition_pushdown = on; explain select * from t5 where b like '%jo%'; select * from t5 where b like '%jo%' order by a; +# bug#17421 -1 +drop table t1; +create table t1 (a int, b varchar(3), primary key using hash(a)) +engine=ndb; +insert into t1 values (1,'a'), (2,'ab'), (3,'abc'); +# in TUP the constants 'ab' 'abc' were expected in varchar format +# "like" returned error which became "false" +# scan filter negates "or" which exposes the bug +set engine_condition_pushdown = off; +select * from t1 where b like 'ab'; +select * from t1 where b like 'ab' or b like 'ab'; +select * from t1 where b like 'abc'; +select * from t1 where b like 'abc' or b like 'abc'; +set engine_condition_pushdown = on; +select * from t1 where b like 'ab'; +select * from t1 where b like 'ab' or b like 'ab'; +select * from t1 where b like 'abc'; +select * from t1 where b like 'abc' or b like 'abc'; + +# bug#17421 -2 +drop table t1; +create table t1 (a int, b char(3), primary key using hash(a)) +engine=ndb; +insert into t1 values (1,'a'), (2,'ab'), (3,'abc'); +# test that incorrect MySQL behaviour is preserved +# 'ab ' LIKE 'ab' is true in MySQL +set engine_condition_pushdown = off; +select * from t1 where b like 'ab'; +select * from t1 where b like 'ab' or b like 'ab'; +select * from t1 where b like 'abc'; +select * from t1 where b like 'abc' or b like 'abc'; +set engine_condition_pushdown = on; +select * from t1 where b like 'ab'; +select * from t1 where b like 'ab' or b like 'ab'; +select * from t1 where b like 'abc'; +select * from t1 where b like 'abc' or b like 'abc'; + set engine_condition_pushdown = @old_ecpd; DROP TABLE t1,t2,t3,t4,t5; diff --git a/ndb/include/ndbapi/NdbOperation.hpp b/ndb/include/ndbapi/NdbOperation.hpp index 6237740c3c6..4db541f7fe4 100644 --- a/ndb/include/ndbapi/NdbOperation.hpp +++ b/ndb/include/ndbapi/NdbOperation.hpp @@ -631,6 +631,10 @@ public: bool nopad, Uint32 Label); int branch_col_ge(Uint32 ColId, const void * val, Uint32 len, bool nopad, Uint32 Label); + /** + * The argument is always plain char, even if the field is varchar + * (changed in 5.0.22). + */ int branch_col_like(Uint32 ColId, const void *, Uint32 len, bool nopad, Uint32 Label); int branch_col_notlike(Uint32 ColId, const void *, Uint32 len, diff --git a/ndb/include/util/NdbSqlUtil.hpp b/ndb/include/util/NdbSqlUtil.hpp index 36a75136c45..ff2d9766f81 100644 --- a/ndb/include/util/NdbSqlUtil.hpp +++ b/ndb/include/util/NdbSqlUtil.hpp @@ -45,14 +45,11 @@ public: typedef int Cmp(const void* info, const void* p1, unsigned n1, const void* p2, unsigned n2, bool full); /** - * Prototype for "like" comparison. Defined for string types. Second - * argument must have same type-specific format. Returns 0 on match, - * +1 on no match, and -1 on bad data. + * Prototype for "like" comparison. Defined for string types. First + * argument can be fixed or var* type, second argument is fixed. + * Returns 0 on match, +1 on no match, and -1 on bad data. * * Uses default special chars ( \ % _ ). - * - * TODO convert special chars to the cs so that ucs2 etc works - * TODO allow user-defined escape ( \ ) */ typedef int Like(const void* info, const void* p1, unsigned n1, const void* p2, unsigned n2); diff --git a/ndb/src/common/util/NdbSqlUtil.cpp b/ndb/src/common/util/NdbSqlUtil.cpp index f2506eda6d4..f3d70a5734a 100644 --- a/ndb/src/common/util/NdbSqlUtil.cpp +++ b/ndb/src/common/util/NdbSqlUtil.cpp @@ -805,7 +805,9 @@ NdbSqlUtil::likeChar(const void* info, const void* p1, unsigned n1, const void* const char* v1 = (const char*)p1; const char* v2 = (const char*)p2; CHARSET_INFO* cs = (CHARSET_INFO*)(info); - int k = (cs->coll->wildcmp)(cs, v1, v1 + n1, v2, v2 + n2, ndb_wild_prefix, ndb_wild_one, ndb_wild_many); + // strip end spaces to match (incorrect) MySQL behaviour + n1 = (*cs->cset->lengthsp)(cs, v1, n1); + int k = (*cs->coll->wildcmp)(cs, v1, v1 + n1, v2, v2 + n2, ndb_wild_prefix, ndb_wild_one, ndb_wild_many); return k == 0 ? 0 : +1; } @@ -820,16 +822,16 @@ int NdbSqlUtil::likeVarchar(const void* info, const void* p1, unsigned n1, const void* p2, unsigned n2) { const unsigned lb = 1; - if (n1 >= lb && n2 >= lb) { + if (n1 >= lb) { const uchar* v1 = (const uchar*)p1; const uchar* v2 = (const uchar*)p2; unsigned m1 = *v1; - unsigned m2 = *v2; - if (lb + m1 <= n1 && lb + m2 <= n2) { + unsigned m2 = n2; + if (lb + m1 <= n1) { const char* w1 = (const char*)v1 + lb; - const char* w2 = (const char*)v2 + lb; + const char* w2 = (const char*)v2; CHARSET_INFO* cs = (CHARSET_INFO*)(info); - int k = (cs->coll->wildcmp)(cs, w1, w1 + m1, w2, w2 + m2, ndb_wild_prefix, ndb_wild_one, ndb_wild_many); + int k = (*cs->coll->wildcmp)(cs, w1, w1 + m1, w2, w2 + m2, ndb_wild_prefix, ndb_wild_one, ndb_wild_many); return k == 0 ? 0 : +1; } } @@ -847,16 +849,16 @@ int NdbSqlUtil::likeLongvarchar(const void* info, const void* p1, unsigned n1, const void* p2, unsigned n2) { const unsigned lb = 2; - if (n1 >= lb && n2 >= lb) { + if (n1 >= lb) { const uchar* v1 = (const uchar*)p1; const uchar* v2 = (const uchar*)p2; unsigned m1 = uint2korr(v1); - unsigned m2 = uint2korr(v2); - if (lb + m1 <= n1 && lb + m2 <= n2) { + unsigned m2 = n2; + if (lb + m1 <= n1) { const char* w1 = (const char*)v1 + lb; - const char* w2 = (const char*)v2 + lb; + const char* w2 = (const char*)v2; CHARSET_INFO* cs = (CHARSET_INFO*)(info); - int k = (cs->coll->wildcmp)(cs, w1, w1 + m1, w2, w2 + m2, ndb_wild_prefix, ndb_wild_one, ndb_wild_many); + int k = (*cs->coll->wildcmp)(cs, w1, w1 + m1, w2, w2 + m2, ndb_wild_prefix, ndb_wild_one, ndb_wild_many); return k == 0 ? 0 : +1; } } From 8c57924a6a45530b2cdcdb96031c16f3ee5ffc7c Mon Sep 17 00:00:00 2001 From: "aelkin@mysql.com" <> Date: Fri, 5 May 2006 11:21:21 +0300 Subject: [PATCH 41/53] Bug#19136: Crashing log-bin and uninitialized user variables in a derived table The reason of the bug is in that `get_var_with_binlog' performs missed assingment of the variables as side-effect. Doing that it eventually calls `free_underlaid_joins' to pass as an argument `thd->lex->select_lex' of the lex which belongs to the user query, not to one which is emulated i.e SET @var1:=NULL. `get_var_with_binlog' is refined to supply a temporary lex to sql_set_variables's stack. --- mysql-test/r/rpl_user_variables.result | 1 + mysql-test/t/rpl_user_variables.test | 6 ++++++ sql/item_func.cc | 10 ++++++++++ 3 files changed, 17 insertions(+) diff --git a/mysql-test/r/rpl_user_variables.result b/mysql-test/r/rpl_user_variables.result index 85768270ba3..8af2c3e0b22 100644 --- a/mysql-test/r/rpl_user_variables.result +++ b/mysql-test/r/rpl_user_variables.result @@ -105,5 +105,6 @@ slave-bin.000001 1370 User var 2 1370 @`a`=5 slave-bin.000001 1412 Query 1 1412 use `test`; insert into t1 values (@a),(@a) slave-bin.000001 1478 User var 2 1478 @`a`=NULL slave-bin.000001 1503 Query 1 1503 use `test`; insert into t1 values (@a),(@a),(@a*5) +insert into t1 select * FROM (select @var1 union select @var2) AS t2; drop table t1; stop slave; diff --git a/mysql-test/t/rpl_user_variables.test b/mysql-test/t/rpl_user_variables.test index 5cf502e05bd..6597413c22e 100644 --- a/mysql-test/t/rpl_user_variables.test +++ b/mysql-test/t/rpl_user_variables.test @@ -47,9 +47,15 @@ connection slave; sync_with_master; select * from t1; show binlog events from 141; + +# +# BUG19136: Crashing log-bin and uninitialized user variables in a derived table +# just to check nothing bad happens anymore connection master; +insert into t1 select * FROM (select @var1 union select @var2) AS t2; drop table t1; save_master_pos; + connection slave; sync_with_master; stop slave; diff --git a/sql/item_func.cc b/sql/item_func.cc index 174a8c55d01..15e272cdef8 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -2733,14 +2733,24 @@ int get_var_with_binlog(THD *thd, LEX_STRING &name, sql_set_variables(), we could instead manually call check() and update(); this would save memory and time; but calling sql_set_variables() makes one unique place to maintain (sql_set_variables()). + + Manipulation with lex is necessary since free_underlaid_joins + is going to release memory belonging to the main query. */ List tmp_var_list; + LEX *sav_lex= thd->lex, lex_tmp; + thd->lex= &lex_tmp; + lex_start(thd, NULL, 0); tmp_var_list.push_back(new set_var_user(new Item_func_set_user_var(name, new Item_null()))); /* Create the variable */ if (sql_set_variables(thd, &tmp_var_list)) + { + thd->lex= sav_lex; goto err; + } + thd->lex= sav_lex; if (!(var_entry= get_variable(&thd->user_vars, name, 0))) goto err; } From 01faaacd2502419e3c7e15f15d2444af22f312da Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Fri, 5 May 2006 10:33:04 +0200 Subject: [PATCH 42/53] Import from yaSSL --- extra/yassl/examples/client/client.cpp | 2 + .../yassl/examples/echoclient/echoclient.cpp | 1 + .../yassl/examples/echoserver/echoserver.cpp | 2 + extra/yassl/examples/server/server.cpp | 2 + extra/yassl/include/openssl/ssl.h | 6 ++ extra/yassl/include/yassl_types.hpp | 4 - extra/yassl/src/make.bat | 2 +- extra/yassl/src/ssl.cpp | 94 ++++++++++--------- extra/yassl/src/yassl_imp.cpp | 4 +- extra/yassl/src/yassl_int.cpp | 2 +- extra/yassl/taocrypt/benchmark/make.bat | 5 +- extra/yassl/taocrypt/src/make.bat | 1 - extra/yassl/taocrypt/test/make.bat | 2 +- extra/yassl/testsuite/make.bat | 2 +- extra/yassl/testsuite/testsuite.cpp | 1 + 15 files changed, 72 insertions(+), 58 deletions(-) diff --git a/extra/yassl/examples/client/client.cpp b/extra/yassl/examples/client/client.cpp index 3acd091baad..94bf753210b 100644 --- a/extra/yassl/examples/client/client.cpp +++ b/extra/yassl/examples/client/client.cpp @@ -89,6 +89,8 @@ void client_test(void* args) args.argv = argv; client_test(&args); + yaSSL_CleanUp(); + return args.return_code; } diff --git a/extra/yassl/examples/echoclient/echoclient.cpp b/extra/yassl/examples/echoclient/echoclient.cpp index ca557cca8af..fd3f7dd48a3 100644 --- a/extra/yassl/examples/echoclient/echoclient.cpp +++ b/extra/yassl/examples/echoclient/echoclient.cpp @@ -82,6 +82,7 @@ void echoclient_test(void* args) args.argv = argv; echoclient_test(&args); + yaSSL_CleanUp(); return args.return_code; } diff --git a/extra/yassl/examples/echoserver/echoserver.cpp b/extra/yassl/examples/echoserver/echoserver.cpp index 14a37a7e175..3243cc21a7c 100644 --- a/extra/yassl/examples/echoserver/echoserver.cpp +++ b/extra/yassl/examples/echoserver/echoserver.cpp @@ -15,6 +15,8 @@ args.argv = argv; echoserver_test(&args); + yaSSL_CleanUp(); + return args.return_code; } diff --git a/extra/yassl/examples/server/server.cpp b/extra/yassl/examples/server/server.cpp index 4d3f121cf2c..73cff19e371 100644 --- a/extra/yassl/examples/server/server.cpp +++ b/extra/yassl/examples/server/server.cpp @@ -67,6 +67,8 @@ THREAD_RETURN YASSL_API server_test(void* args) args.argv = argv; server_test(&args); + yaSSL_CleanUp(); + return args.return_code; } diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 03a0cfad15b..08075a8df5b 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -32,6 +32,12 @@ #include "opensslv.h" /* for version number */ #include "rsa.h" + +extern "C" void yaSSL_CleanUp(); /* call once at end of application use to + free static singleton memory holders, + not a leak per se, but helpful when + looking for them */ + #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) namespace yaSSL { extern "C" { diff --git a/extra/yassl/include/yassl_types.hpp b/extra/yassl/include/yassl_types.hpp index bfb6467182b..76c807cd05f 100644 --- a/extra/yassl/include/yassl_types.hpp +++ b/extra/yassl/include/yassl_types.hpp @@ -35,10 +35,6 @@ namespace yaSSL { -// Delete static singleton memory holders -void CleanUp(); - - #ifdef YASSL_PURE_C // library allocation diff --git a/extra/yassl/src/make.bat b/extra/yassl/src/make.bat index 4c79a9c6406..148427a6f41 100644 --- a/extra/yassl/src/make.bat +++ b/extra/yassl/src/make.bat @@ -1,4 +1,4 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../mySTL /I../taocrypt/include /W3 /c /ZI diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 97e0e9a1717..66196514a87 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -53,6 +53,53 @@ namespace yaSSL { using mySTL::min; +int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) +{ + if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM) + return SSL_BAD_FILETYPE; + + FILE* input = fopen(file, "rb"); + if (!input) + return SSL_BAD_FILE; + + if (type == CA) { + x509* ptr = PemToDer(file, Cert); + if (!ptr) { + fclose(input); + return SSL_BAD_FILE; + } + ctx->AddCA(ptr); // takes ownership + } + else { + x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_; + + if (format == SSL_FILETYPE_ASN1) { + fseek(input, 0, SEEK_END); + long sz = ftell(input); + rewind(input); + x = NEW_YS x509(sz); // takes ownership + size_t bytes = fread(x->use_buffer(), sz, 1, input); + if (bytes != 1) { + fclose(input); + return SSL_BAD_FILE; + } + } + else { + x = PemToDer(file, type); + if (!x) { + fclose(input); + return SSL_BAD_FILE; + } + } + } + fclose(input); + return SSL_SUCCESS; +} + + +extern "C" { + + SSL_METHOD* SSLv3_method() { return SSLv3_client_method(); @@ -449,50 +496,6 @@ long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh) } -int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) -{ - if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM) - return SSL_BAD_FILETYPE; - - FILE* input = fopen(file, "rb"); - if (!input) - return SSL_BAD_FILE; - - if (type == CA) { - x509* ptr = PemToDer(file, Cert); - if (!ptr) { - fclose(input); - return SSL_BAD_FILE; - } - ctx->AddCA(ptr); // takes ownership - } - else { - x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_; - - if (format == SSL_FILETYPE_ASN1) { - fseek(input, 0, SEEK_END); - long sz = ftell(input); - rewind(input); - x = NEW_YS x509(sz); // takes ownership - size_t bytes = fread(x->use_buffer(), sz, 1, input); - if (bytes != 1) { - fclose(input); - return SSL_BAD_FILE; - } - } - else { - x = PemToDer(file, type); - if (!x) { - fclose(input); - return SSL_BAD_FILE; - } - } - } - fclose(input); - return SSL_SUCCESS; -} - - int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format) { return read_file(ctx, file, format, Cert); @@ -1080,7 +1083,7 @@ int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos) switch (nid) { case NID_commonName: - char* found = strstr(start, "/CN="); + const char* found = strstr(start, "/CN="); if (found) { found += 4; // advance to str idx = found - start + lastpos + 1; @@ -1401,4 +1404,5 @@ void MD5_Final(unsigned char* hash, MD5_CTX* md5) // end stunnel needs +} // extern "C" } // namespace diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 1d2d5396ea0..4d6d1fc7aff 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -1975,7 +1975,9 @@ Connection::Connection(ProtocolVersion v, RandomPool& ran) : pre_master_secret_(0), sequence_number_(0), peer_sequence_number_(0), pre_secret_len_(0), send_server_key_(false), master_clean_(false), TLS_(v.major_ >= 3 && v.minor_ >= 1), version_(v), random_(ran) -{} +{ + memset(sessionID_, 0, sizeof(sessionID_)); +} Connection::~Connection() diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 2847217b417..f7fb1abfa3f 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1415,7 +1415,7 @@ BulkCipher* CryptProvider::NewDesEde() } -void CleanUp() +extern "C" void yaSSL_CleanUp() { TaoCrypt::CleanUp(); ysDelete(cryptProviderInstance); diff --git a/extra/yassl/taocrypt/benchmark/make.bat b/extra/yassl/taocrypt/benchmark/make.bat index 63391578cfa..4ebe4b32417 100644 --- a/extra/yassl/taocrypt/benchmark/make.bat +++ b/extra/yassl/taocrypt/benchmark/make.bat @@ -1,10 +1,9 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 -#set myFLAGS= /I../include /I../../mySTL /c /W3 cl %myFLAGS% benchmark.cpp -link.exe /out:benchmark.exe ../src/taocrypt.lib benchmark.obj +link.exe /out:benchmark.exe ../src/taocrypt.lib benchmark.obj advapi32.lib diff --git a/extra/yassl/taocrypt/src/make.bat b/extra/yassl/taocrypt/src/make.bat index 3acd50fc875..ecf7e8f8469 100644 --- a/extra/yassl/taocrypt/src/make.bat +++ b/extra/yassl/taocrypt/src/make.bat @@ -2,7 +2,6 @@ REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 -#set myFLAGS= /I../include /I../../mySTL /c /W3 /O1 cl %myFLAGS% aes.cpp cl %myFLAGS% aestables.cpp diff --git a/extra/yassl/taocrypt/test/make.bat b/extra/yassl/taocrypt/test/make.bat index e1a4cbce7cd..5f01db68d0d 100644 --- a/extra/yassl/taocrypt/test/make.bat +++ b/extra/yassl/taocrypt/test/make.bat @@ -1,4 +1,4 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 diff --git a/extra/yassl/testsuite/make.bat b/extra/yassl/testsuite/make.bat index d8a55b0d3af..1bc7ce0513d 100644 --- a/extra/yassl/testsuite/make.bat +++ b/extra/yassl/testsuite/make.bat @@ -1,4 +1,4 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../taocrypt/include /I../mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER" diff --git a/extra/yassl/testsuite/testsuite.cpp b/extra/yassl/testsuite/testsuite.cpp index f8bbf698c70..1cf6a78ebe7 100644 --- a/extra/yassl/testsuite/testsuite.cpp +++ b/extra/yassl/testsuite/testsuite.cpp @@ -91,6 +91,7 @@ int main(int argc, char** argv) assert(memcmp(input, output, sizeof(input)) == 0); printf("\nAll tests passed!\n"); + yaSSL_CleanUp(); return 0; } From 15ec5dfeca586ca90e798345a4d76ccf3540eec5 Mon Sep 17 00:00:00 2001 From: "msvensson@shellback.(none)" <> Date: Fri, 5 May 2006 10:35:12 +0200 Subject: [PATCH 43/53] Import from yaSSL --- extra/yassl/include/openssl/ssl.h | 9 ++++++++- extra/yassl/testsuite/test.hpp | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 08075a8df5b..a7eca9138a2 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -32,12 +32,19 @@ #include "opensslv.h" /* for version number */ #include "rsa.h" +#if defined(__cplusplus) +extern "C" { +#endif -extern "C" void yaSSL_CleanUp(); /* call once at end of application use to + void yaSSL_CleanUp(); /* call once at end of application use to free static singleton memory holders, not a leak per se, but helpful when looking for them */ +#if defined(__cplusplus) +} // extern +#endif + #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) namespace yaSSL { extern "C" { diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp index 7fe8656f6d2..259975fba0b 100644 --- a/extra/yassl/testsuite/test.hpp +++ b/extra/yassl/testsuite/test.hpp @@ -27,7 +27,7 @@ #endif /* _WIN32 */ -#if defined(__MACH__) || defined(_WIN32) +#if !defined(_SOCKLEN_T) && (defined(__MACH__) || defined(_WIN32)) typedef int socklen_t; #endif From 3ad0cac41b3239940221f6e886b200d5f8b06eca Mon Sep 17 00:00:00 2001 From: "kroki@mysql.com" <> Date: Sat, 6 May 2006 11:25:59 +0400 Subject: [PATCH 44/53] Reapply fix for bug#16372 (Server crashes when test 'conc_sys' is running) after merge. Concurrent read and update of privilege structures (like simultaneous run of SHOW GRANTS and ADD USER) could result in server crash. Ensure that proper locking of ACL structures is done. No test case is provided because this bug can't be reproduced deterministically. --- sql/sql_acl.cc | 108 ++++++++++++++++++++++++++--------------------- sql/sql_acl.h | 1 - sql/sql_parse.cc | 4 +- 3 files changed, 63 insertions(+), 50 deletions(-) diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index d66a631dbcc..ec1caba0b5d 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1027,6 +1027,8 @@ static void acl_update_user(const char *user, const char *host, USER_RESOURCES *mqh, ulong privileges) { + safe_mutex_assert_owner(&acl_cache->lock); + for (uint i=0 ; i < acl_users.elements ; i++) { ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); @@ -1077,6 +1079,9 @@ static void acl_insert_user(const char *user, const char *host, ulong privileges) { ACL_USER acl_user; + + safe_mutex_assert_owner(&acl_cache->lock); + acl_user.user=*user ? strdup_root(&mem,user) : 0; update_hostname(&acl_user.host, *host ? strdup_root(&mem, host): 0); acl_user.access=privileges; @@ -1106,6 +1111,8 @@ static void acl_insert_user(const char *user, const char *host, static void acl_update_db(const char *user, const char *host, const char *db, ulong privileges) { + safe_mutex_assert_owner(&acl_cache->lock); + for (uint i=0 ; i < acl_dbs.elements ; i++) { ACL_DB *acl_db=dynamic_element(&acl_dbs,i,ACL_DB*); @@ -1532,6 +1539,9 @@ find_acl_user(const char *host, const char *user, my_bool exact) { DBUG_ENTER("find_acl_user"); DBUG_PRINT("enter",("host: '%s' user: '%s'",host,user)); + + safe_mutex_assert_owner(&acl_cache->lock); + for (uint i=0 ; i < acl_users.elements ; i++) { ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*); @@ -1544,7 +1554,7 @@ find_acl_user(const char *host, const char *user, my_bool exact) if (!acl_user->user && !user[0] || acl_user->user && !strcmp(user,acl_user->user)) { - if (exact ? !my_strcasecmp(&my_charset_latin1, host, + if (exact ? !my_strcasecmp(system_charset_info, host, acl_user->host.hostname ? acl_user->host.hostname : "") : compare_hostname(&acl_user->host,host,host)) @@ -2868,6 +2878,7 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, create_new_users= test_if_create_new_users(thd); bool result= FALSE; rw_wrlock(&LOCK_grant); + pthread_mutex_lock(&acl_cache->lock); MEM_ROOT *old_root= thd->mem_root; thd->mem_root= &memex; grant_version++; @@ -2885,12 +2896,10 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, continue; } /* Create user if needed */ - pthread_mutex_lock(&acl_cache->lock); error=replace_user_table(thd, tables[0].table, *Str, 0, revoke_grant, create_new_users, test(thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER)); - pthread_mutex_unlock(&acl_cache->lock); if (error) { result= TRUE; // Remember error @@ -2982,6 +2991,7 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table_list, } grant_option=TRUE; thd->mem_root= old_root; + pthread_mutex_unlock(&acl_cache->lock); rw_unlock(&LOCK_grant); if (!result) send_ok(thd); @@ -3074,6 +3084,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, if (!revoke_grant) create_new_users= test_if_create_new_users(thd); rw_wrlock(&LOCK_grant); + pthread_mutex_lock(&acl_cache->lock); MEM_ROOT *old_root= thd->mem_root; thd->mem_root= &memex; @@ -3093,12 +3104,10 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, continue; } /* Create user if needed */ - pthread_mutex_lock(&acl_cache->lock); error=replace_user_table(thd, tables[0].table, *Str, 0, revoke_grant, create_new_users, test(thd->variables.sql_mode & MODE_NO_AUTO_CREATE_USER)); - pthread_mutex_unlock(&acl_cache->lock); if (error) { result= TRUE; // Remember error @@ -3140,6 +3149,7 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, } grant_option=TRUE; thd->mem_root= old_root; + pthread_mutex_unlock(&acl_cache->lock); rw_unlock(&LOCK_grant); if (!result && !no_error) send_ok(thd); @@ -4116,20 +4126,15 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) DBUG_RETURN(TRUE); } - for (counter=0 ; counter < acl_users.elements ; counter++) - { - const char *user,*host; - acl_user=dynamic_element(&acl_users,counter,ACL_USER*); - if (!(user=acl_user->user)) - user= ""; - if (!(host=acl_user->host.hostname)) - host= ""; - if (!strcmp(lex_user->user.str,user) && - !my_strcasecmp(system_charset_info, lex_user->host.str, host)) - break; - } - if (counter == acl_users.elements) + rw_rdlock(&LOCK_grant); + VOID(pthread_mutex_lock(&acl_cache->lock)); + + acl_user= find_acl_user(lex_user->host.str, lex_user->user.str, TRUE); + if (!acl_user) { + VOID(pthread_mutex_unlock(&acl_cache->lock)); + rw_unlock(&LOCK_grant); + my_error(ER_NONEXISTING_GRANT, MYF(0), lex_user->user.str, lex_user->host.str); DBUG_RETURN(TRUE); @@ -4144,10 +4149,12 @@ bool mysql_show_grants(THD *thd,LEX_USER *lex_user) field_list.push_back(field); if (protocol->send_fields(&field_list, Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF)) - DBUG_RETURN(TRUE); + { + VOID(pthread_mutex_unlock(&acl_cache->lock)); + rw_unlock(&LOCK_grant); - rw_wrlock(&LOCK_grant); - VOID(pthread_mutex_lock(&acl_cache->lock)); + DBUG_RETURN(TRUE); + } /* Add first global access grants */ { @@ -4555,10 +4562,15 @@ void get_privilege_desc(char *to, uint max_length, ulong access) void get_mqh(const char *user, const char *host, USER_CONN *uc) { ACL_USER *acl_user; + + pthread_mutex_lock(&acl_cache->lock); + if (initialized && (acl_user= find_acl_user(host,user, FALSE))) uc->user_resources= acl_user->user_resource; else bzero((char*) &uc->user_resources, sizeof(uc->user_resources)); + + pthread_mutex_unlock(&acl_cache->lock); } /* @@ -4638,31 +4650,6 @@ int open_grant_tables(THD *thd, TABLE_LIST *tables) DBUG_RETURN(0); } -ACL_USER *check_acl_user(LEX_USER *user_name, - uint *acl_acl_userdx) -{ - ACL_USER *acl_user= 0; - uint counter; - - for (counter= 0 ; counter < acl_users.elements ; counter++) - { - const char *user,*host; - acl_user= dynamic_element(&acl_users, counter, ACL_USER*); - if (!(user=acl_user->user)) - user= ""; - if (!(host=acl_user->host.hostname)) - host= ""; - if (!strcmp(user_name->user.str,user) && - !my_strcasecmp(system_charset_info, user_name->host.str, host)) - break; - } - if (counter == acl_users.elements) - return 0; - - *acl_acl_userdx= counter; - return acl_user; -} - /* Modify a privilege table. @@ -4907,6 +4894,8 @@ static int handle_grant_struct(uint struct_no, bool drop, LINT_INIT(acl_db); LINT_INIT(grant_name); + safe_mutex_assert_owner(&acl_cache->lock); + /* Get the number of elements in the in-memory structure. */ switch (struct_no) { case 0: @@ -5370,7 +5359,7 @@ bool mysql_revoke_all(THD *thd, List &list) List_iterator user_list(list); while ((lex_user=user_list++)) { - if (!check_acl_user(lex_user, &counter)) + if (!find_acl_user(lex_user->host.str, lex_user->user.str, TRUE)) { sql_print_error("REVOKE ALL PRIVILEGES, GRANT: User '%s'@'%s' does not " "exists", lex_user->user.str, lex_user->host.str); @@ -5606,6 +5595,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, combo->user.str= sctx->user; + VOID(pthread_mutex_lock(&acl_cache->lock)); if (!find_acl_user(combo->host.str=(char*)sctx->host_or_ip, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)sctx->host, combo->user.str, @@ -5613,7 +5603,11 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name, !find_acl_user(combo->host.str=(char*)sctx->ip, combo->user.str, FALSE) && !find_acl_user(combo->host.str=(char*)"%", combo->user.str, FALSE)) + { + VOID(pthread_mutex_unlock(&acl_cache->lock)); DBUG_RETURN(TRUE); + } + VOID(pthread_mutex_unlock(&acl_cache->lock)); bzero((char*)tables, sizeof(TABLE_LIST)); user_list.empty(); @@ -5731,6 +5725,8 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) char *curr_host= thd->security_ctx->priv_host_name(); DBUG_ENTER("fill_schema_user_privileges"); + pthread_mutex_lock(&acl_cache->lock); + for (counter=0 ; counter < acl_users.elements ; counter++) { const char *user,*host, *is_grantable="YES"; @@ -5766,6 +5762,9 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond) } } } + + pthread_mutex_unlock(&acl_cache->lock); + DBUG_RETURN(0); #else return(0); @@ -5785,6 +5784,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) char *curr_host= thd->security_ctx->priv_host_name(); DBUG_ENTER("fill_schema_schema_privileges"); + pthread_mutex_lock(&acl_cache->lock); + for (counter=0 ; counter < acl_dbs.elements ; counter++) { const char *user, *host, *is_grantable="YES"; @@ -5823,6 +5824,9 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond) } } } + + pthread_mutex_unlock(&acl_cache->lock); + DBUG_RETURN(0); #else return (0); @@ -5840,6 +5844,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) char *curr_host= thd->security_ctx->priv_host_name(); DBUG_ENTER("fill_schema_table_privileges"); + rw_rdlock(&LOCK_grant); + for (index=0 ; index < column_priv_hash.records ; index++) { const char *user, *is_grantable= "YES"; @@ -5885,6 +5891,9 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond) } } } + + rw_unlock(&LOCK_grant); + DBUG_RETURN(0); #else return (0); @@ -5902,6 +5911,8 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) char *curr_host= thd->security_ctx->priv_host_name(); DBUG_ENTER("fill_schema_table_privileges"); + rw_rdlock(&LOCK_grant); + for (index=0 ; index < column_priv_hash.records ; index++) { const char *user, *is_grantable= "YES"; @@ -5953,6 +5964,9 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond) } } } + + rw_unlock(&LOCK_grant); + DBUG_RETURN(0); #else return (0); diff --git a/sql/sql_acl.h b/sql/sql_acl.h index c8fadb73b0c..e1737f79ce7 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -196,7 +196,6 @@ bool mysql_table_grant(THD *thd, TABLE_LIST *table, List &user_list, bool mysql_routine_grant(THD *thd, TABLE_LIST *table, bool is_proc, List &user_list, ulong rights, bool revoke, bool no_error); -ACL_USER *check_acl_user(LEX_USER *user_name, uint *acl_acl_userdx); my_bool grant_init(); void grant_free(void); my_bool grant_reload(THD *thd); diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 196e723299a..a8de7ff0154 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3835,7 +3835,6 @@ end_with_restore_list: if (thd->security_ctx->user) // If not replication { LEX_USER *user; - uint counter; List_iterator user_list(lex->users_list); while ((user= user_list++)) @@ -3853,7 +3852,8 @@ end_with_restore_list: user->host.str, thd->security_ctx->host_or_ip)) { // TODO: use check_change_password() - if (check_acl_user(user, &counter) && user->password.str && + if (is_acl_user(user->host.str, user->user.str) && + user->password.str && check_access(thd, UPDATE_ACL,"mysql",0,1,1,0)) { my_message(ER_PASSWORD_NOT_ALLOWED, From 1b349cf85fecaf22b6b16dc24541c345cd5a89fe Mon Sep 17 00:00:00 2001 From: "sergefp@mysql.com" <> Date: Sat, 6 May 2006 13:15:00 +0400 Subject: [PATCH 45/53] BUG#16798: Inapplicable ref_or_null query plan and bad query result on random occasions The bug was as follows: When merge_key_fields() encounters "t.key=X OR t.key=Y" it will try to join them into ref_or_null access via "t.key=X OR NULL". In order to make this inference it checks if Y<=>NULL, ignoring the fact that value of Y may be not yet known. The fix is that the check if Y<=>NULL is made only if value of Y is known (i.e. it is a constant). TODO: When merging to 5.0, replace used_tables() with const_item() everywhere in merge_key_fields(). --- mysql-test/r/innodb_mysql.result | 57 +++++++++++++++++++++++++++++++- mysql-test/t/innodb_mysql.test | 56 ++++++++++++++++++++++++++++++- sql/sql_select.cc | 3 +- 3 files changed, 113 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/innodb_mysql.result b/mysql-test/r/innodb_mysql.result index 878c5cb5451..2a4e3555e3b 100644 --- a/mysql-test/r/innodb_mysql.result +++ b/mysql-test/r/innodb_mysql.result @@ -1 +1,56 @@ -drop table if exists t1; +drop table if exists t1,t2; +create table t1 ( +c_id int(11) not null default '0', +org_id int(11) default null, +unique key contacts$c_id (c_id), +key contacts$org_id (org_id) +) engine=innodb; +insert into t1 values +(2,null),(120,null),(141,null),(218,7), (128,1), +(151,2),(234,2),(236,2),(243,2),(255,2),(259,2),(232,3),(235,3),(238,3), +(246,3),(253,3),(269,3),(285,3),(291,3),(293,3),(131,4),(230,4),(231,4); +create table t2 ( +slai_id int(11) not null default '0', +owner_tbl int(11) default null, +owner_id int(11) default null, +sla_id int(11) default null, +inc_web int(11) default null, +inc_email int(11) default null, +inc_chat int(11) default null, +inc_csr int(11) default null, +inc_total int(11) default null, +time_billed int(11) default null, +activedate timestamp null default null, +expiredate timestamp null default null, +state int(11) default null, +sla_set int(11) default null, +unique key t2$slai_id (slai_id), +key t2$owner_id (owner_id), +key t2$sla_id (sla_id) +) engine=innodb; +insert into t2(slai_id, owner_tbl, owner_id, sla_id) values +(1,3,1,1), (3,3,10,2), (4,3,3,6), (5,3,2,5), (6,3,8,3), (7,3,9,7), +(8,3,6,8), (9,3,4,9), (10,3,5,10), (11,3,11,11), (12,3,7,12); +flush tables; +select si.slai_id +from t1 c join t2 si on +((si.owner_tbl = 3 and si.owner_id = c.org_id) or +( si.owner_tbl = 2 and si.owner_id = c.c_id)) +where +c.c_id = 218 and expiredate is null; +slai_id +12 +select * from t1 where org_id is null; +c_id org_id +2 NULL +120 NULL +141 NULL +select si.slai_id +from t1 c join t2 si on +((si.owner_tbl = 3 and si.owner_id = c.org_id) or +( si.owner_tbl = 2 and si.owner_id = c.c_id)) +where +c.c_id = 218 and expiredate is null; +slai_id +12 +drop table t1, t2; diff --git a/mysql-test/t/innodb_mysql.test b/mysql-test/t/innodb_mysql.test index b942b9fbc0d..f31e4d64789 100644 --- a/mysql-test/t/innodb_mysql.test +++ b/mysql-test/t/innodb_mysql.test @@ -1,5 +1,59 @@ -- source include/have_innodb.inc --disable_warnings -drop table if exists t1; +drop table if exists t1,t2; --enable_warnings + +# BUG#16798: Uninitialized row buffer reads in ref-or-null optimizer +# (repeatable only w/innodb). +create table t1 ( + c_id int(11) not null default '0', + org_id int(11) default null, + unique key contacts$c_id (c_id), + key contacts$org_id (org_id) +) engine=innodb; +insert into t1 values + (2,null),(120,null),(141,null),(218,7), (128,1), + (151,2),(234,2),(236,2),(243,2),(255,2),(259,2),(232,3),(235,3),(238,3), + (246,3),(253,3),(269,3),(285,3),(291,3),(293,3),(131,4),(230,4),(231,4); + +create table t2 ( + slai_id int(11) not null default '0', + owner_tbl int(11) default null, + owner_id int(11) default null, + sla_id int(11) default null, + inc_web int(11) default null, + inc_email int(11) default null, + inc_chat int(11) default null, + inc_csr int(11) default null, + inc_total int(11) default null, + time_billed int(11) default null, + activedate timestamp null default null, + expiredate timestamp null default null, + state int(11) default null, + sla_set int(11) default null, + unique key t2$slai_id (slai_id), + key t2$owner_id (owner_id), + key t2$sla_id (sla_id) +) engine=innodb; +insert into t2(slai_id, owner_tbl, owner_id, sla_id) values + (1,3,1,1), (3,3,10,2), (4,3,3,6), (5,3,2,5), (6,3,8,3), (7,3,9,7), + (8,3,6,8), (9,3,4,9), (10,3,5,10), (11,3,11,11), (12,3,7,12); + +flush tables; +select si.slai_id +from t1 c join t2 si on + ((si.owner_tbl = 3 and si.owner_id = c.org_id) or + ( si.owner_tbl = 2 and si.owner_id = c.c_id)) +where + c.c_id = 218 and expiredate is null; + +select * from t1 where org_id is null; +select si.slai_id +from t1 c join t2 si on + ((si.owner_tbl = 3 and si.owner_id = c.org_id) or + ( si.owner_tbl = 2 and si.owner_id = c.c_id)) +where + c.c_id = 218 and expiredate is null; + +drop table t1, t2; diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 46dba61cfc5..4995a164226 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2090,7 +2090,8 @@ merge_key_fields(KEY_FIELD *start,KEY_FIELD *new_fields,KEY_FIELD *end, new_fields->null_rejecting); } else if (old->eq_func && new_fields->eq_func && - (old->val->is_null() || new_fields->val->is_null())) + ((!old->val->used_tables() && old->val->is_null()) || + new_fields->val->is_null())) { /* field = expression OR field IS NULL */ old->level= and_level; From bf9ccde948d07aaaec0e78f67ed981071056e550 Mon Sep 17 00:00:00 2001 From: "kroki@mysql.com" <> Date: Sat, 6 May 2006 18:24:41 +0400 Subject: [PATCH 46/53] Fix race condition in the test for bug#16501. --- mysql-test/r/func_misc.result | 4 ++-- mysql-test/t/func_misc.test | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/func_misc.result b/mysql-test/r/func_misc.result index a5beef859f0..8bcdd8b7cbc 100644 --- a/mysql-test/r/func_misc.result +++ b/mysql-test/r/func_misc.result @@ -76,13 +76,13 @@ IS_USED_LOCK('bug16501') = CONNECTION_ID() SELECT RELEASE_LOCK('bug16501'); RELEASE_LOCK('bug16501') 1 +GET_LOCK('bug16501',600) +1 SELECT IS_USED_LOCK('bug16501') = connection_id FROM t1 WHERE conn = 'con1'; IS_USED_LOCK('bug16501') = connection_id 1 -GET_LOCK('bug16501',600) -1 SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); IS_USED_LOCK('bug16501') = CONNECTION_ID() 1 diff --git a/mysql-test/t/func_misc.test b/mysql-test/t/func_misc.test index 9c706161ba9..e2641f8d6cd 100644 --- a/mysql-test/t/func_misc.test +++ b/mysql-test/t/func_misc.test @@ -66,12 +66,14 @@ send SELECT GET_LOCK('bug16501',600); connection default; SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); SELECT RELEASE_LOCK('bug16501'); +connection con1; +reap; +connection default; SELECT IS_USED_LOCK('bug16501') = connection_id FROM t1 WHERE conn = 'con1'; connection con1; -reap; SELECT IS_USED_LOCK('bug16501') = CONNECTION_ID(); SELECT RELEASE_LOCK('bug16501'); SELECT IS_USED_LOCK('bug16501'); From 7977a0c86734dd2912c89433048b563232bc5942 Mon Sep 17 00:00:00 2001 From: "igor@rurik.mysql.com" <> Date: Sat, 6 May 2006 23:48:13 -0700 Subject: [PATCH 47/53] Fixed bug #14927. A query with a group by and having clauses could return a wrong result set if the having condition contained a constant conjunct evaluated to FALSE. It happened because the pushdown condition for table with grouping columns lost its constant conjuncts. Pushdown conditions are always built by the function make_cond_for_table that ignores constant conjuncts. This is apparently not correct when constant false conjuncts are present. --- mysql-test/r/having.result | 17 +++++++++++++++++ mysql-test/t/having.test | 16 ++++++++++++++++ sql/sql_lex.cc | 2 ++ sql/sql_lex.h | 1 + sql/sql_prepare.cc | 10 ++++++++-- sql/sql_select.cc | 28 +++++++++++++++++++--------- 6 files changed, 63 insertions(+), 11 deletions(-) diff --git a/mysql-test/r/having.result b/mysql-test/r/having.result index 9730f9f81bf..ccd1f0e61e7 100644 --- a/mysql-test/r/having.result +++ b/mysql-test/r/having.result @@ -141,3 +141,20 @@ SUM(a) 6 4 DROP TABLE t1; +CREATE TABLE t1 (a int); +INSERT INTO t1 VALUES (1), (2), (1), (3), (2), (1); +SELECT a FROM t1 GROUP BY a HAVING a > 1; +a +2 +3 +SELECT a FROM t1 GROUP BY a HAVING 1 != 1 AND a > 1; +a +SELECT 0 AS x, a FROM t1 GROUP BY x,a HAVING x=1 AND a > 1; +x a +EXPLAIN SELECT a FROM t1 GROUP BY a HAVING 1 != 1 AND a > 1; +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE NULL NULL NULL NULL NULL NULL NULL Impossible HAVING +EXPLAIN SELECT 0 AS x, a FROM t1 GROUP BY x,a HAVING x=1 AND a > 1; +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE NULL NULL NULL NULL NULL NULL NULL Impossible HAVING +DROP table t1; diff --git a/mysql-test/t/having.test b/mysql-test/t/having.test index 3dd9ace6a1b..8b39e3bd454 100644 --- a/mysql-test/t/having.test +++ b/mysql-test/t/having.test @@ -135,4 +135,20 @@ SELECT SUM(a) FROM t1 GROUP BY a HAVING SUM(a); DROP TABLE t1; +# +# Bug #14927: HAVING clause containing constant false conjunct +# + +CREATE TABLE t1 (a int); +INSERT INTO t1 VALUES (1), (2), (1), (3), (2), (1); + +SELECT a FROM t1 GROUP BY a HAVING a > 1; +SELECT a FROM t1 GROUP BY a HAVING 1 != 1 AND a > 1; +SELECT 0 AS x, a FROM t1 GROUP BY x,a HAVING x=1 AND a > 1; + +EXPLAIN SELECT a FROM t1 GROUP BY a HAVING 1 != 1 AND a > 1; +EXPLAIN SELECT 0 AS x, a FROM t1 GROUP BY x,a HAVING x=1 AND a > 1; + +DROP table t1; + # End of 4.1 tests diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 16641ad6dd5..7348816ea27 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -1074,6 +1074,7 @@ void st_select_lex::init_query() item_list.empty(); join= 0; where= 0; + having= 0; olap= UNSPECIFIED_OLAP_TYPE; having_fix_field= 0; resolve_mode= NOMATTER_MODE; @@ -1081,6 +1082,7 @@ void st_select_lex::init_query() ref_pointer_array= 0; select_n_having_items= 0; prep_where= 0; + prep_having= 0; subquery_in_having= explicit_limit= 0; parsing_place= NO_MATTER; is_item_list_lookup= 0; diff --git a/sql/sql_lex.h b/sql/sql_lex.h index bd79a194122..35f02db6cf9 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -422,6 +422,7 @@ public: char *db, *db1, *table1, *db2, *table2; /* For outer join using .. */ Item *where, *having; /* WHERE & HAVING clauses */ Item *prep_where; /* saved WHERE clause for prepared statement processing */ + Item *prep_having;/* saved HAVING clause for prepared statement processing */ enum olap_type olap; SQL_LIST table_list, group_list; /* FROM & GROUP BY clauses */ List item_list; /* list of fields & expressions */ diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 741d84eab44..2d9e80df63c 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1667,10 +1667,11 @@ int mysql_stmt_prepare(THD *thd, char *packet, uint packet_length, for (; sl; sl= sl->next_select_in_list()) { /* - Save WHERE clause pointers, because they may be changed + Save WHERE, HAVING clause pointers, because they may be changed during query optimisation. */ sl->prep_where= sl->where; + sl->prep_having= sl->having; /* Switch off a temporary flag that prevents evaluation of subqueries in statement prepare. @@ -1696,13 +1697,18 @@ static void reset_stmt_for_execute(Prepared_statement *stmt) /* remove option which was put by mysql_explain_union() */ sl->options&= ~SELECT_DESCRIBE; /* - Copy WHERE clause pointers to avoid damaging they by optimisation + Copy WHERE, HAVING clause pointers to avoid damaging they by optimisation */ if (sl->prep_where) { sl->where= sl->prep_where->copy_andor_structure(thd); sl->where->cleanup(); } + if (sl->prep_having) + { + sl->having= sl->prep_having->copy_andor_structure(thd); + sl->having->cleanup(); + } DBUG_ASSERT(sl->join == 0); ORDER *order; /* Fix GROUP list */ diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 4995a164226..57fb9738612 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -501,12 +501,24 @@ JOIN::optimize() DBUG_RETURN(1); } - if (cond_value == Item::COND_FALSE || - (!unit->select_limit_cnt && !(select_options & OPTION_FOUND_ROWS))) - { /* Impossible cond */ - zero_result_cause= "Impossible WHERE"; - error= 0; - DBUG_RETURN(0); + { + Item::cond_result having_value; + having= optimize_cond(thd, having, &having_value); + if (thd->net.report_error) + { + error= 1; + DBUG_PRINT("error",("Error from optimize_cond")); + DBUG_RETURN(1); + } + + if (cond_value == Item::COND_FALSE || having_value == Item::COND_FALSE || + (!unit->select_limit_cnt && !(select_options & OPTION_FOUND_ROWS))) + { /* Impossible cond */ + zero_result_cause= having_value == Item::COND_FALSE ? + "Impossible HAVING" : "Impossible WHERE"; + error= 0; + DBUG_RETURN(0); + } } /* Optimize count(*), min() and max() */ @@ -4612,10 +4624,8 @@ optimize_cond(THD *thd, COND *conds, Item::cond_result *cond_value) DBUG_EXECUTE("info", print_where(conds, "after remove");); } else - { *cond_value= Item::COND_TRUE; - select->prep_where= 0; - } + DBUG_RETURN(conds); } From a6619a74d674f85e302877b3c110b528c9be5d90 Mon Sep 17 00:00:00 2001 From: "sergefp@mysql.com" <> Date: Sun, 7 May 2006 19:01:49 +0400 Subject: [PATCH 48/53] BUG#16798: Merge into 5.0: s/used_tables()/!const_item()/, added comment about its effects. --- sql/sql_select.cc | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 02110023cac..465f41fa8de 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -2377,7 +2377,19 @@ merge_key_fields(KEY_FIELD *start,KEY_FIELD *new_fields,KEY_FIELD *end, { if (old->field == new_fields->field) { - if (new_fields->val->used_tables()) + /* + NOTE: below const_item() call really works as "!used_tables()", i.e. + it can return FALSE where it is feasible to make it return TRUE. + + The cause is as follows: Some of the tables are already known to be + const tables (the detection code is in make_join_statistics(), + above the update_ref_and_keys() call), but we didn't propagate + information about this: TABLE::const_table is not set to TRUE, and + Item::update_used_tables() hasn't been called for each item. + The result of this is that we're missing some 'ref' accesses. + TODO: OptimizerTeam: Fix this + */ + if (!new_fields->val->const_item()) { /* If the value matches, we can use the key reference. @@ -2407,7 +2419,7 @@ merge_key_fields(KEY_FIELD *start,KEY_FIELD *new_fields,KEY_FIELD *end, new_fields->null_rejecting); } else if (old->eq_func && new_fields->eq_func && - ((!old->val->used_tables() && old->val->is_null()) || + ((old->val->const_item() && old->val->is_null()) || new_fields->val->is_null())) { /* field = expression OR field IS NULL */ From 49bc52e5c9e348a01960a133884ad381a0636c36 Mon Sep 17 00:00:00 2001 From: "aelkin@mysql.com" <> Date: Sun, 7 May 2006 19:54:57 +0300 Subject: [PATCH 49/53] Bug#19136: Crashing log-bin and uninitialized user variables in a derived table recalculating results --- mysql-test/r/rpl_user_variables.result | 1 + 1 file changed, 1 insertion(+) diff --git a/mysql-test/r/rpl_user_variables.result b/mysql-test/r/rpl_user_variables.result index 4198bbcc154..45618688a33 100644 --- a/mysql-test/r/rpl_user_variables.result +++ b/mysql-test/r/rpl_user_variables.result @@ -106,5 +106,6 @@ slave-bin.000001 # User var 2 # @`a`=5 slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@a),(@a) slave-bin.000001 # User var 2 # @`a`=NULL slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@a),(@a),(@a*5) +insert into t1 select * FROM (select @var1 union select @var2) AS t2; drop table t1; stop slave; From b70efcacec451e659878e40787e10af40436dc5d Mon Sep 17 00:00:00 2001 From: "igor@rurik.mysql.com" <> Date: Sun, 7 May 2006 16:14:43 -0700 Subject: [PATCH 50/53] Post-merge fixes. --- mysql-test/r/rpl_user_variables.result | 59 +++++++++++++------------- sql/sql_lex.cc | 2 +- sql/sql_prepare.cc | 27 ++++++------ 3 files changed, 46 insertions(+), 42 deletions(-) diff --git a/mysql-test/r/rpl_user_variables.result b/mysql-test/r/rpl_user_variables.result index 8af2c3e0b22..45618688a33 100644 --- a/mysql-test/r/rpl_user_variables.result +++ b/mysql-test/r/rpl_user_variables.result @@ -76,35 +76,36 @@ abcn1n2 NULL NULL NULL -show binlog events from 141; -Log_name Pos Event_type Server_id Orig_log_pos Info -slave-bin.000001 141 User var 2 141 @`i1`=12345678901234 -slave-bin.000001 184 User var 2 184 @`i2`=-12345678901234 -slave-bin.000001 227 User var 2 227 @`i3`=0 -slave-bin.000001 270 User var 2 270 @`i4`=-1 -slave-bin.000001 313 Query 1 313 use `test`; insert into t1 values (@i1), (@i2), (@i3), (@i4) -slave-bin.000001 396 User var 2 396 @`r1`=12.5 -slave-bin.000001 439 User var 2 439 @`r2`=-12.5 -slave-bin.000001 482 Query 1 482 use `test`; insert into t1 values (@r1), (@r2) -slave-bin.000001 551 User var 2 551 @`s1`=_latin1 0x5468697320697320612074657374 COLLATE latin1_swedish_ci -slave-bin.000001 600 User var 2 600 @`s2`=_latin1 "" COLLATE latin1_swedish_ci -slave-bin.000001 635 User var 2 635 @`s3`=_latin1 0x61626327646566 COLLATE latin1_swedish_ci -slave-bin.000001 677 User var 2 677 @`s4`=_latin1 0x6162635C646566 COLLATE latin1_swedish_ci -slave-bin.000001 719 User var 2 719 @`s5`=_latin1 0x61626327646566 COLLATE latin1_swedish_ci -slave-bin.000001 761 Query 1 761 use `test`; insert into t1 values (@s1), (@s2), (@s3), (@s4), (@s5) -slave-bin.000001 851 User var 2 851 @`n1`=NULL -slave-bin.000001 877 Query 1 877 use `test`; insert into t1 values (@n1) -slave-bin.000001 939 User var 2 939 @`n2`=NULL -slave-bin.000001 965 Query 1 965 use `test`; insert into t1 values (@n2) -slave-bin.000001 1027 Query 1 1027 use `test`; insert into t1 values (@a:=0), (@a:=@a+1), (@a:=@a+1) -slave-bin.000001 1115 User var 2 1115 @`a`=2 -slave-bin.000001 1157 Query 1 1157 use `test`; insert into t1 values (@a+(@b:=@a+1)) -slave-bin.000001 1229 User var 2 1229 @`q`=_latin1 0x616263 COLLATE latin1_swedish_ci -slave-bin.000001 1266 Query 1 1266 use `test`; insert t1 values (@q), (@q:=concat(@q, 'n1')), (@q:=concat(@q, 'n2')) -slave-bin.000001 1370 User var 2 1370 @`a`=5 -slave-bin.000001 1412 Query 1 1412 use `test`; insert into t1 values (@a),(@a) -slave-bin.000001 1478 User var 2 1478 @`a`=NULL -slave-bin.000001 1503 Query 1 1503 use `test`; insert into t1 values (@a),(@a),(@a*5) +show binlog events from 98; +Log_name Pos Event_type Server_id End_log_pos Info +slave-bin.000001 # Query 1 # use `test`; create table t1(n char(30)) +slave-bin.000001 # User var 2 # @`i1`=12345678901234 +slave-bin.000001 # User var 2 # @`i2`=-12345678901234 +slave-bin.000001 # User var 2 # @`i3`=0 +slave-bin.000001 # User var 2 # @`i4`=-1 +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@i1), (@i2), (@i3), (@i4) +slave-bin.000001 # User var 2 # @`r1`=12.5 +slave-bin.000001 # User var 2 # @`r2`=-12.5 +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@r1), (@r2) +slave-bin.000001 # User var 2 # @`s1`=_latin1 0x5468697320697320612074657374 COLLATE latin1_swedish_ci +slave-bin.000001 # User var 2 # @`s2`=_latin1 "" COLLATE latin1_swedish_ci +slave-bin.000001 # User var 2 # @`s3`=_latin1 0x61626327646566 COLLATE latin1_swedish_ci +slave-bin.000001 # User var 2 # @`s4`=_latin1 0x6162635C646566 COLLATE latin1_swedish_ci +slave-bin.000001 # User var 2 # @`s5`=_latin1 0x61626327646566 COLLATE latin1_swedish_ci +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@s1), (@s2), (@s3), (@s4), (@s5) +slave-bin.000001 # User var 2 # @`n1`=NULL +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@n1) +slave-bin.000001 # User var 2 # @`n2`=NULL +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@n2) +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@a:=0), (@a:=@a+1), (@a:=@a+1) +slave-bin.000001 # User var 2 # @`a`=2 +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@a+(@b:=@a+1)) +slave-bin.000001 # User var 2 # @`q`=_latin1 0x616263 COLLATE latin1_swedish_ci +slave-bin.000001 # Query 1 # use `test`; insert t1 values (@q), (@q:=concat(@q, 'n1')), (@q:=concat(@q, 'n2')) +slave-bin.000001 # User var 2 # @`a`=5 +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@a),(@a) +slave-bin.000001 # User var 2 # @`a`=NULL +slave-bin.000001 # Query 1 # use `test`; insert into t1 values (@a),(@a),(@a*5) insert into t1 select * FROM (select @var1 union select @var2) AS t2; drop table t1; stop slave; diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 927be007ba2..c4c72910265 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -1145,7 +1145,7 @@ void st_select_lex::init_query() cond_count= with_wild= 0; conds_processed_with_permanent_arena= 0; ref_pointer_array= 0; - select_n_having_items= 0;} + select_n_having_items= 0; subquery_in_having= explicit_limit= 0; is_item_list_lookup= 0; first_execution= 1; diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index d615b6528e2..103a0b9e54e 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1965,6 +1965,7 @@ static const char *get_dynamic_sql_string(LEX *lex, uint *query_len) memcpy(query_str, var_value->ptr(), var_value->length()); query_str[len]= '\0'; // Safety (mostly for debug) *query_len= len; + } else { query_str= lex->prepared_stmt_code.str; @@ -2084,19 +2085,20 @@ void reinit_stmt_before_use(THD *thd, LEX *lex) sl->exclude_from_table_unique_test= FALSE; /* - Copy WHERE, HAVING clause pointers to avoid damaging them by optimisation + Copy WHERE, HAVING clause pointers to avoid damaging them + by optimisation */ - if (sl->prep_where) - { - sl->where= sl->prep_where->copy_andor_structure(thd); - sl->where->cleanup(); - } - if (sl->prep_having) - { - sl->having= sl->prep_having->copy_andor_structure(thd); - sl->having->cleanup(); - } - DBUG_ASSERT(sl->join == 0); + if (sl->prep_where) + { + sl->where= sl->prep_where->copy_andor_structure(thd); + sl->where->cleanup(); + } + if (sl->prep_having) + { + sl->having= sl->prep_having->copy_andor_structure(thd); + sl->having->cleanup(); + } + DBUG_ASSERT(sl->join == 0); ORDER *order; /* Fix GROUP list */ for (order= (ORDER *)sl->group_list.first; order; order= order->next) @@ -2104,6 +2106,7 @@ void reinit_stmt_before_use(THD *thd, LEX *lex) /* Fix ORDER list */ for (order= (ORDER *)sl->order_list.first; order; order= order->next) order->item= &order->item_ptr; + } { SELECT_LEX_UNIT *unit= sl->master_unit(); unit->unclean(); From b60540a86272859489bcd6255355116771210f3b Mon Sep 17 00:00:00 2001 From: "msvensson@neptunus.(none)" <> Date: Mon, 8 May 2006 17:14:06 +0200 Subject: [PATCH 51/53] Remove valgrind and compiler warnings Add function 'vio_end' that will cleanup resources allocated by vio and the components it uses. --- include/violite.h | 4 ++++ libmysql/libmysql.c | 1 + sql/mysqld.cc | 2 ++ vio/test-ssl.c | 4 ++-- vio/test-sslclient.c | 2 +- vio/test-sslserver.c | 4 ++-- vio/vio.c | 13 +++++++++++++ vio/viosslfactories.c | 2 +- 8 files changed, 26 insertions(+), 6 deletions(-) diff --git a/include/violite.h b/include/violite.h index b2a5f1640a5..fd870177c68 100644 --- a/include/violite.h +++ b/include/violite.h @@ -129,6 +129,8 @@ int vio_write_shared_memory(Vio *vio, const gptr buf, int size); int vio_close_shared_memory(Vio * vio); #endif +void vio_end(void); + #ifdef __cplusplus } #endif @@ -193,7 +195,9 @@ struct st_vio my_bool (*was_interrupted)(Vio*); int (*vioclose)(Vio*); void (*timeout)(Vio*, unsigned int which, unsigned int timeout); +#ifdef HAVE_OPENSSL void *ssl_arg; +#endif #ifdef HAVE_SMEM HANDLE handle_file_map; char *handle_map; diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c index bfec476fde3..7713fd8dd4d 100644 --- a/libmysql/libmysql.c +++ b/libmysql/libmysql.c @@ -188,6 +188,7 @@ void STDCALL mysql_server_end() mysql_thread_end(); finish_client_errs(); free_charsets(); + vio_end(); mysql_client_init= org_my_init_done= 0; #ifdef EMBEDDED_SERVER if (stderror_file) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 49efc24d15c..ef2f52a33df 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1136,6 +1136,8 @@ void clean_up(bool print_message) my_free((gptr) ssl_acceptor_fd, MYF(0)); } #endif /* HAVE_OPENSSL */ + vio_end(); + #ifdef USE_REGEX my_regex_end(); #endif diff --git a/vio/test-ssl.c b/vio/test-ssl.c index a94eb1a21ff..f8172426e38 100644 --- a/vio/test-ssl.c +++ b/vio/test-ssl.c @@ -57,8 +57,8 @@ main(int argc, char** argv) char* cipher=0; int child_pid,sv[2]; my_bool unused; - struct st_VioSSLAcceptorFd* ssl_acceptor=0; - struct st_VioSSLConnectorFd* ssl_connector=0; + struct st_VioSSLFd* ssl_acceptor= 0; + struct st_VioSSLFd* ssl_connector= 0; Vio* client_vio=0, *server_vio=0; MY_INIT(argv[0]); DBUG_PROCESS(argv[0]); diff --git a/vio/test-sslclient.c b/vio/test-sslclient.c index 3811ba0fb6a..49d6768c884 100644 --- a/vio/test-sslclient.c +++ b/vio/test-sslclient.c @@ -46,7 +46,7 @@ main( int argc __attribute__((unused)), { char client_key[] = "../SSL/client-key.pem", client_cert[] = "../SSL/client-cert.pem"; char ca_file[] = "../SSL/cacert.pem", *ca_path = 0, *cipher=0; - struct st_VioSSLConnectorFd* ssl_connector=0; + struct st_VioSSLFd* ssl_connector= 0; struct sockaddr_in sa; Vio* client_vio=0; int err; diff --git a/vio/test-sslserver.c b/vio/test-sslserver.c index e4d32a75264..daec3a6e6f9 100644 --- a/vio/test-sslserver.c +++ b/vio/test-sslserver.c @@ -44,7 +44,7 @@ fatal_error( const char* r) typedef struct { int sd; - struct st_VioSSLAcceptorFd* ssl_acceptor; + struct st_VioSSLFd* ssl_acceptor; } TH_ARGS; static void @@ -82,7 +82,7 @@ main(int argc __attribute__((unused)), char** argv) char ca_file[] = "../SSL/cacert.pem", *ca_path = 0, *cipher = 0; - struct st_VioSSLAcceptorFd* ssl_acceptor; + struct st_VioSSLFd* ssl_acceptor; pthread_t th; TH_ARGS th_args; diff --git a/vio/vio.c b/vio/vio.c index 21a824a4016..2b0a7f0d79b 100644 --- a/vio/vio.c +++ b/vio/vio.c @@ -233,3 +233,16 @@ void vio_delete(Vio* vio) my_free((gptr) vio,MYF(0)); } } + + +/* + Cleanup memory allocated by vio or the + components below it when application finish + +*/ +void vio_end(void) +{ +#ifdef HAVE_YASSL + yaSSL_CleanUp(); +#endif +} diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 058a19dfa0c..2c528e9a2fc 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -220,7 +220,7 @@ static void check_ssl_init() } /************************ VioSSLFd **********************************/ -struct st_VioSSLFd * +static struct st_VioSSLFd * new_VioSSLFd(const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher, SSL_METHOD *method) From c141841a493dd125cd6b5b29dedce8cfd7e6521c Mon Sep 17 00:00:00 2001 From: "kent@mysql.com" <> Date: Tue, 9 May 2006 00:11:54 +0200 Subject: [PATCH 52/53] --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index b3f929de19c..ac1c122c2ea 100644 --- a/configure.in +++ b/configure.in @@ -7,7 +7,7 @@ AC_INIT(sql/mysqld.cc) AC_CANONICAL_SYSTEM # The Docs Makefile.am parses this line! # remember to also change ndb version below and update version.c in ndb -AM_INIT_AUTOMAKE(mysql, 5.0.21) +AM_INIT_AUTOMAKE(mysql, 5.0.22) AM_CONFIG_HEADER(config.h) PROTOCOL_VERSION=10 @@ -19,7 +19,7 @@ SHARED_LIB_VERSION=$SHARED_LIB_MAJOR_VERSION:0:0 # ndb version NDB_VERSION_MAJOR=5 NDB_VERSION_MINOR=0 -NDB_VERSION_BUILD=21 +NDB_VERSION_BUILD=22 NDB_VERSION_STATUS="" # Set all version vars based on $VERSION. How do we do this more elegant ? From f1fb5b9f343d09987e02fef8bf0bb6be0ae67444 Mon Sep 17 00:00:00 2001 From: "mskold@mysql.com" <> Date: Tue, 9 May 2006 11:55:41 +0200 Subject: [PATCH 53/53] bug #19623 UniqueHashIndexes resource leak: allocate array pool based on MaxNoOfTables --- ndb/src/kernel/blocks/dbtc/DbtcInit.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp b/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp index f99b4bf15af..2b1f079ea17 100644 --- a/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp +++ b/ndb/src/kernel/blocks/dbtc/DbtcInit.cpp @@ -190,7 +190,7 @@ Dbtc::Dbtc(const class Configuration & conf): ndb_mgm_get_int_parameter(p, CFG_DB_TRANS_BUFFER_MEM, &transactionBufferMemory); - ndb_mgm_get_int_parameter(p, CFG_DB_NO_UNIQUE_HASH_INDEXES, + ndb_mgm_get_int_parameter(p, CFG_DICT_TABLE, &maxNoOfIndexes); ndb_mgm_get_int_parameter(p, CFG_DB_NO_INDEX_OPS, &maxNoOfConcurrentIndexOperations);