Merge sgluhov@work.mysql.com:/home/bk/mysql-4.0
into gluh.(none):/home/gluh/mysql-4.0.bklast sql/mysqld.cc: Auto merged sql/sql_parse.cc: Auto merged
This commit is contained in:
unknown
commit
0e56af0744
@ -61,3 +61,4 @@ extern const char *client_errors[]; /* Error messages */
|
|||||||
#define CR_PROBE_SLAVE_HOSTS 2023
|
#define CR_PROBE_SLAVE_HOSTS 2023
|
||||||
#define CR_PROBE_SLAVE_CONNECT 2024
|
#define CR_PROBE_SLAVE_CONNECT 2024
|
||||||
#define CR_PROBE_MASTER_CONNECT 2025
|
#define CR_PROBE_MASTER_CONNECT 2025
|
||||||
|
#define CR_SSL_CONNECTION_ERROR 2026
|
||||||
|
|||||||
@ -174,7 +174,7 @@ struct st_VioSSLConnectorFd
|
|||||||
SSL_METHOD* ssl_method_;
|
SSL_METHOD* ssl_method_;
|
||||||
};
|
};
|
||||||
|
|
||||||
void sslaccept(struct st_VioSSLAcceptorFd*, Vio*, long timeout);
|
int sslaccept(struct st_VioSSLAcceptorFd*, Vio*, long timeout);
|
||||||
int sslconnect(struct st_VioSSLConnectorFd*, Vio*, long timeout);
|
int sslconnect(struct st_VioSSLConnectorFd*, Vio*, long timeout);
|
||||||
|
|
||||||
struct st_VioSSLConnectorFd
|
struct st_VioSSLConnectorFd
|
||||||
@ -231,7 +231,6 @@ struct st_vio
|
|||||||
|
|
||||||
#ifdef HAVE_OPENSSL
|
#ifdef HAVE_OPENSSL
|
||||||
SSL* ssl_;
|
SSL* ssl_;
|
||||||
my_bool open_;
|
|
||||||
#endif /* HAVE_OPENSSL */
|
#endif /* HAVE_OPENSSL */
|
||||||
#endif /* HAVE_VIO */
|
#endif /* HAVE_VIO */
|
||||||
};
|
};
|
||||||
|
|||||||
@ -49,7 +49,8 @@ const char *client_errors[]=
|
|||||||
"Error on SHOW SLAVE STATUS:",
|
"Error on SHOW SLAVE STATUS:",
|
||||||
"Error on SHOW SLAVE HOSTS:",
|
"Error on SHOW SLAVE HOSTS:",
|
||||||
"Error connecting to slave:",
|
"Error connecting to slave:",
|
||||||
"Error connecting to master:"
|
"Error connecting to master:",
|
||||||
|
"SSL connection error"
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Start of code added by Roberto M. Serqueira - martinsc@uol.com.br - 05.24.2001 */
|
/* Start of code added by Roberto M. Serqueira - martinsc@uol.com.br - 05.24.2001 */
|
||||||
@ -82,7 +83,8 @@ const char *client_errors[]=
|
|||||||
"Error on SHOW SLAVE STATUS:",
|
"Error on SHOW SLAVE STATUS:",
|
||||||
"Error on SHOW SLAVE HOSTS:",
|
"Error on SHOW SLAVE HOSTS:",
|
||||||
"Error connecting to slave:",
|
"Error connecting to slave:",
|
||||||
"Error connecting to master:"
|
"Error connecting to master:",
|
||||||
|
"SSL connection error"
|
||||||
};
|
};
|
||||||
|
|
||||||
#else /* ENGLISH */
|
#else /* ENGLISH */
|
||||||
@ -113,7 +115,8 @@ const char *client_errors[]=
|
|||||||
"Error on SHOW SLAVE STATUS:",
|
"Error on SHOW SLAVE STATUS:",
|
||||||
"Error on SHOW SLAVE HOSTS:",
|
"Error on SHOW SLAVE HOSTS:",
|
||||||
"Error connecting to slave:",
|
"Error connecting to slave:",
|
||||||
"Error connecting to master:"
|
"Error connecting to master:",
|
||||||
|
"SSL connection error"
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -1872,15 +1872,18 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
|
|||||||
options->ssl_capath,
|
options->ssl_capath,
|
||||||
options->ssl_cipher)))
|
options->ssl_cipher)))
|
||||||
{
|
{
|
||||||
/* TODO: Change to SSL error */
|
net->last_errno= CR_SSL_CONNECTION_ERROR;
|
||||||
net->last_errno= CR_SERVER_LOST;
|
|
||||||
strmov(net->last_error,ER(net->last_errno));
|
strmov(net->last_error,ER(net->last_errno));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
DBUG_PRINT("info", ("IO layer change in progress..."));
|
DBUG_PRINT("info", ("IO layer change in progress..."));
|
||||||
/* TODO: Add proper error checking here, with return error message */
|
if(sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),
|
||||||
sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),
|
mysql->net.vio, (long) (mysql->options.connect_timeout)))
|
||||||
mysql->net.vio, (long) (mysql->options.connect_timeout));
|
{
|
||||||
|
net->last_errno= CR_SSL_CONNECTION_ERROR;
|
||||||
|
strmov(net->last_error,ER(net->last_errno));
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
DBUG_PRINT("info", ("IO layer change done!"));
|
DBUG_PRINT("info", ("IO layer change done!"));
|
||||||
}
|
}
|
||||||
#endif /* HAVE_OPENSSL */
|
#endif /* HAVE_OPENSSL */
|
||||||
|
|||||||
@ -339,7 +339,7 @@ volatile ulong cached_thread_count=0;
|
|||||||
my_string master_user = (char*) "test", master_password = 0, master_host=0,
|
my_string master_user = (char*) "test", master_password = 0, master_host=0,
|
||||||
master_info_file = (char*) "master.info",
|
master_info_file = (char*) "master.info",
|
||||||
relay_log_info_file = (char*) "relay-log.info",
|
relay_log_info_file = (char*) "relay-log.info",
|
||||||
master_ssl_key=0, master_ssl_cert=0;
|
master_ssl_key=0, master_ssl_cert=0, master_ssl_capath=0, master_ssl_cipher=0;
|
||||||
my_string report_user = 0, report_password = 0, report_host=0;
|
my_string report_user = 0, report_password = 0, report_host=0;
|
||||||
|
|
||||||
const char *localhost=LOCAL_HOST;
|
const char *localhost=LOCAL_HOST;
|
||||||
@ -2820,7 +2820,8 @@ enum options {
|
|||||||
OPT_MASTER_INFO_FILE, OPT_MASTER_CONNECT_RETRY,
|
OPT_MASTER_INFO_FILE, OPT_MASTER_CONNECT_RETRY,
|
||||||
OPT_MASTER_RETRY_COUNT,
|
OPT_MASTER_RETRY_COUNT,
|
||||||
OPT_MASTER_SSL, OPT_MASTER_SSL_KEY,
|
OPT_MASTER_SSL, OPT_MASTER_SSL_KEY,
|
||||||
OPT_MASTER_SSL_CERT,
|
OPT_MASTER_SSL_CERT, OPT_MASTER_SSL_CAPATH,
|
||||||
|
OPT_MASTER_SSL_CIPHER,
|
||||||
OPT_SQL_BIN_UPDATE_SAME, OPT_REPLICATE_DO_DB,
|
OPT_SQL_BIN_UPDATE_SAME, OPT_REPLICATE_DO_DB,
|
||||||
OPT_REPLICATE_IGNORE_DB, OPT_LOG_SLAVE_UPDATES,
|
OPT_REPLICATE_IGNORE_DB, OPT_LOG_SLAVE_UPDATES,
|
||||||
OPT_BINLOG_DO_DB, OPT_BINLOG_IGNORE_DB,
|
OPT_BINLOG_DO_DB, OPT_BINLOG_IGNORE_DB,
|
||||||
@ -3129,6 +3130,14 @@ struct my_option my_long_options[] =
|
|||||||
"Master SSL certificate file name. Only applies if you have enabled master-ssl.",
|
"Master SSL certificate file name. Only applies if you have enabled master-ssl.",
|
||||||
(gptr*) &master_ssl_cert, (gptr*) &master_ssl_cert, 0, GET_STR, OPT_ARG,
|
(gptr*) &master_ssl_cert, (gptr*) &master_ssl_cert, 0, GET_STR, OPT_ARG,
|
||||||
0, 0, 0, 0, 0, 0},
|
0, 0, 0, 0, 0, 0},
|
||||||
|
{"master-ssl-capath", OPT_MASTER_SSL_CAPATH,
|
||||||
|
"Master SSL CA path. Only applies if you have enabled master-ssl.",
|
||||||
|
(gptr*) &master_ssl_capath, (gptr*) &master_ssl_capath, 0, GET_STR, OPT_ARG,
|
||||||
|
0, 0, 0, 0, 0, 0},
|
||||||
|
{"master-ssl-cipher", OPT_MASTER_SSL_CIPHER,
|
||||||
|
"Master SSL cipher. Only applies if you have enabled master-ssl.",
|
||||||
|
(gptr*) &master_ssl_cipher, (gptr*) &master_ssl_capath, 0, GET_STR, OPT_ARG,
|
||||||
|
0, 0, 0, 0, 0, 0},
|
||||||
{"myisam-recover", OPT_MYISAM_RECOVER,
|
{"myisam-recover", OPT_MYISAM_RECOVER,
|
||||||
"Syntax: myisam-recover[=option[,option...]], where option can be DEFAULT, BACKUP or FORCE.",
|
"Syntax: myisam-recover[=option[,option...]], where option can be DEFAULT, BACKUP or FORCE.",
|
||||||
(gptr*) &myisam_recover_options_str, (gptr*) &myisam_recover_options_str, 0,
|
(gptr*) &myisam_recover_options_str, (gptr*) &myisam_recover_options_str, 0,
|
||||||
|
|||||||
@ -554,7 +554,13 @@ check_connections(THD *thd)
|
|||||||
{
|
{
|
||||||
/* Do the SSL layering. */
|
/* Do the SSL layering. */
|
||||||
DBUG_PRINT("info", ("IO layer change in progress..."));
|
DBUG_PRINT("info", ("IO layer change in progress..."));
|
||||||
sslaccept(ssl_acceptor_fd, net->vio, thd->variables.net_wait_timeout);
|
if (sslaccept(ssl_acceptor_fd, net->vio, thd->variables.net_wait_timeout))
|
||||||
|
{
|
||||||
|
DBUG_PRINT("error", ("Failed to read user information (pkt_len= %lu)",
|
||||||
|
pkt_len));
|
||||||
|
inc_host_errors(&thd->remote.sin_addr);
|
||||||
|
return(ER_HANDSHAKE_ERROR);
|
||||||
|
}
|
||||||
DBUG_PRINT("info", ("Reading user information over SSL layer"));
|
DBUG_PRINT("info", ("Reading user information over SSL layer"));
|
||||||
if ((pkt_len=my_net_read(net)) == packet_error ||
|
if ((pkt_len=my_net_read(net)) == packet_error ||
|
||||||
pkt_len < NORMAL_HANDSHAKE_SIZE)
|
pkt_len < NORMAL_HANDSHAKE_SIZE)
|
||||||
|
|||||||
46
vio/viossl.c
46
vio/viossl.c
@ -249,35 +249,48 @@ void vio_ssl_in_addr(Vio *vio, struct in_addr *in)
|
|||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
TODO: Add documentation and error handling
|
TODO: Add documentation
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
|
int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
|
||||||
{
|
{
|
||||||
char *str;
|
char *str;
|
||||||
char buf[1024];
|
char buf[1024];
|
||||||
X509* client_cert;
|
X509* client_cert;
|
||||||
my_bool unused;
|
my_bool unused;
|
||||||
|
my_bool net_blocking;
|
||||||
|
enum enum_vio_type old_type;
|
||||||
DBUG_ENTER("sslaccept");
|
DBUG_ENTER("sslaccept");
|
||||||
DBUG_PRINT("enter", ("sd=%d ptr=%p", vio->sd,ptr));
|
DBUG_PRINT("enter", ("sd=%d ptr=%p", vio->sd,ptr));
|
||||||
|
|
||||||
|
old_type= vio->type;
|
||||||
|
net_blocking = vio_is_blocking(vio);
|
||||||
vio_blocking(vio, 1, &unused); /* Must be called before reset */
|
vio_blocking(vio, 1, &unused); /* Must be called before reset */
|
||||||
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
|
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
|
||||||
vio->ssl_=0;
|
vio->ssl_=0;
|
||||||
vio->open_=FALSE;
|
|
||||||
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
|
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
|
||||||
{
|
{
|
||||||
DBUG_PRINT("error", ("SSL_new failure"));
|
DBUG_PRINT("error", ("SSL_new failure"));
|
||||||
report_errors();
|
report_errors();
|
||||||
DBUG_VOID_RETURN;
|
vio_reset(vio, old_type,vio->sd,0,FALSE);
|
||||||
|
vio_blocking(vio, net_blocking, &unused);
|
||||||
|
DBUG_RETURN(1);
|
||||||
}
|
}
|
||||||
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
|
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
|
||||||
SSL_clear(vio->ssl_);
|
SSL_clear(vio->ssl_);
|
||||||
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
|
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
|
||||||
SSL_set_fd(vio->ssl_,vio->sd);
|
SSL_set_fd(vio->ssl_,vio->sd);
|
||||||
SSL_set_accept_state(vio->ssl_);
|
SSL_set_accept_state(vio->ssl_);
|
||||||
SSL_do_handshake(vio->ssl_);
|
if (SSL_do_handshake(vio->ssl_) < 1)
|
||||||
vio->open_ = TRUE;
|
{
|
||||||
|
DBUG_PRINT("error", ("SSL_do_handshake failure"));
|
||||||
|
report_errors();
|
||||||
|
SSL_free(vio->ssl_);
|
||||||
|
vio->ssl_=0;
|
||||||
|
vio_reset(vio, old_type,vio->sd,0,FALSE);
|
||||||
|
vio_blocking(vio, net_blocking, &unused);
|
||||||
|
DBUG_RETURN(1);
|
||||||
|
}
|
||||||
#ifndef DBUF_OFF
|
#ifndef DBUF_OFF
|
||||||
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
|
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
|
||||||
,SSL_get_cipher_name(vio->ssl_)));
|
,SSL_get_cipher_name(vio->ssl_)));
|
||||||
@ -309,7 +322,7 @@ void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
DBUG_VOID_RETURN;
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -318,17 +331,22 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
|
|||||||
char *str;
|
char *str;
|
||||||
X509* server_cert;
|
X509* server_cert;
|
||||||
my_bool unused;
|
my_bool unused;
|
||||||
|
my_bool net_blocking;
|
||||||
|
enum enum_vio_type old_type;
|
||||||
DBUG_ENTER("sslconnect");
|
DBUG_ENTER("sslconnect");
|
||||||
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_));
|
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_));
|
||||||
|
|
||||||
|
old_type= vio->type;
|
||||||
|
net_blocking = vio_is_blocking(vio);
|
||||||
vio_blocking(vio, 1, &unused); /* Must be called before reset */
|
vio_blocking(vio, 1, &unused); /* Must be called before reset */
|
||||||
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
|
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
|
||||||
vio->ssl_=0;
|
vio->ssl_=0;
|
||||||
vio->open_=FALSE;
|
|
||||||
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
|
if (!(vio->ssl_ = SSL_new(ptr->ssl_context_)))
|
||||||
{
|
{
|
||||||
DBUG_PRINT("error", ("SSL_new failure"));
|
DBUG_PRINT("error", ("SSL_new failure"));
|
||||||
report_errors();
|
report_errors();
|
||||||
|
vio_reset(vio, old_type,vio->sd,0,FALSE);
|
||||||
|
vio_blocking(vio, net_blocking, &unused);
|
||||||
DBUG_RETURN(1);
|
DBUG_RETURN(1);
|
||||||
}
|
}
|
||||||
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
|
DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout));
|
||||||
@ -336,8 +354,16 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
|
|||||||
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
|
SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
|
||||||
SSL_set_fd (vio->ssl_, vio->sd);
|
SSL_set_fd (vio->ssl_, vio->sd);
|
||||||
SSL_set_connect_state(vio->ssl_);
|
SSL_set_connect_state(vio->ssl_);
|
||||||
SSL_do_handshake(vio->ssl_);
|
if (SSL_do_handshake(vio->ssl_) < 1)
|
||||||
vio->open_ = TRUE;
|
{
|
||||||
|
DBUG_PRINT("error", ("SSL_do_handshake failure"));
|
||||||
|
report_errors();
|
||||||
|
SSL_free(vio->ssl_);
|
||||||
|
vio->ssl_=0;
|
||||||
|
vio_reset(vio, old_type,vio->sd,0,FALSE);
|
||||||
|
vio_blocking(vio, net_blocking, &unused);
|
||||||
|
DBUG_RETURN(1);
|
||||||
|
}
|
||||||
#ifndef DBUG_OFF
|
#ifndef DBUG_OFF
|
||||||
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
|
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
|
||||||
,SSL_get_cipher_name(vio->ssl_)));
|
,SSL_get_cipher_name(vio->ssl_)));
|
||||||
|
|||||||
@ -93,7 +93,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
|
|||||||
{
|
{
|
||||||
DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file));
|
DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file));
|
||||||
/* FIX stderr */
|
/* FIX stderr */
|
||||||
|
fprintf(stderr,"Error when connection to server using SSL:");
|
||||||
ERR_print_errors_fp(stderr);
|
ERR_print_errors_fp(stderr);
|
||||||
|
fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
|
||||||
|
fflush(stderr);
|
||||||
DBUG_RETURN(0);
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
if (key_file == NULL)
|
if (key_file == NULL)
|
||||||
@ -103,7 +106,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file)
|
|||||||
{
|
{
|
||||||
DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file));
|
DBUG_PRINT("error", ("unable to get private key from '%s'\n",key_file));
|
||||||
/* FIX stderr */
|
/* FIX stderr */
|
||||||
|
fprintf(stderr,"Error when connection to server using SSL:");
|
||||||
ERR_print_errors_fp(stderr);
|
ERR_print_errors_fp(stderr);
|
||||||
|
fprintf(stderr,"Unable to get private key from '%s'\n", cert_file);
|
||||||
|
fflush(stderr);
|
||||||
DBUG_RETURN(0);
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user