From 82b454aa28e46efa9249ee51784b654fbd0a9225 Mon Sep 17 00:00:00 2001 From: "msvensson@pilot.blaudden" <> Date: Mon, 2 Apr 2007 13:12:59 +0200 Subject: [PATCH 1/3] Bug#21611 Slave can't connect when master-ssl-cipher specified - Change check for return value of 'SSL_CTX_set_cipher_list' in order to handle 0 as error setting cipher. - Thanks to Dan Lukes for finding the problem! --- mysql-test/r/bdb_notembedded.result | 35 ++++++++++++++++++++++++++ mysql-test/r/openssl_1.result | 3 +++ mysql-test/t/bdb_notembedded.test | 38 +++++++++++++++++++++++++++++ mysql-test/t/openssl_1.test | 8 ++++++ vio/viosslfactories.c | 9 +++++-- 5 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 mysql-test/r/bdb_notembedded.result create mode 100644 mysql-test/t/bdb_notembedded.test diff --git a/mysql-test/r/bdb_notembedded.result b/mysql-test/r/bdb_notembedded.result new file mode 100644 index 00000000000..14cb5fad915 --- /dev/null +++ b/mysql-test/r/bdb_notembedded.result @@ -0,0 +1,35 @@ +set autocommit=1; +reset master; +create table bug16206 (a int); +insert into bug16206 values(1); +start transaction; +insert into bug16206 values(2); +commit; +show binlog events; +Log_name Pos Event_type Server_id End_log_pos Info +f n Format_desc 1 n Server ver: VERSION, Binlog ver: 4 +f n Query 1 n use `test`; create table bug16206 (a int) +f n Query 1 n use `test`; insert into bug16206 values(1) +f n Query 1 n use `test`; insert into bug16206 values(2) +drop table bug16206; +reset master; +create table bug16206 (a int) engine= bdb; +insert into bug16206 values(0); +insert into bug16206 values(1); +start transaction; +insert into bug16206 values(2); +commit; +insert into bug16206 values(3); +show binlog events; +Log_name Pos Event_type Server_id End_log_pos Info +f n Format_desc 1 n Server ver: VERSION, Binlog ver: 4 +f n Query 1 n use `test`; create table bug16206 (a int) engine= bdb +f n Query 1 n use `test`; insert into bug16206 values(0) +f n Query 1 n use `test`; insert into bug16206 values(1) +f n Query 1 n use `test`; BEGIN +f n Query 1 n use `test`; insert into bug16206 values(2) +f n Query 1 n use `test`; COMMIT +f n Query 1 n use `test`; insert into bug16206 values(3) +drop table bug16206; +set autocommit=0; +End of 5.0 tests diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 34d8e3ab768..a80ef4fc4bb 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -51,3 +51,6 @@ SSL error: Unable to get private key from '' mysqltest: Could not open connection 'default': 2026 SSL connection error SSL error: Unable to get certificate from '' mysqltest: Could not open connection 'default': 2026 SSL connection error +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA diff --git a/mysql-test/t/bdb_notembedded.test b/mysql-test/t/bdb_notembedded.test new file mode 100644 index 00000000000..24e64ebbfb2 --- /dev/null +++ b/mysql-test/t/bdb_notembedded.test @@ -0,0 +1,38 @@ +-- source include/not_embedded.inc +-- source include/have_bdb.inc + +# +# Bug #16206: Superfluous COMMIT event in binlog when updating BDB in autocommit mode +# +set autocommit=1; + +let $VERSION=`select version()`; + +reset master; +create table bug16206 (a int); +insert into bug16206 values(1); +start transaction; +insert into bug16206 values(2); +commit; +--replace_result $VERSION VERSION +--replace_column 1 f 2 n 5 n +show binlog events; +drop table bug16206; + +reset master; +create table bug16206 (a int) engine= bdb; +insert into bug16206 values(0); +insert into bug16206 values(1); +start transaction; +insert into bug16206 values(2); +commit; +insert into bug16206 values(3); +--replace_result $VERSION VERSION +--replace_column 1 f 2 n 5 n +show binlog events; +drop table bug16206; + +set autocommit=0; + + +--echo End of 5.0 tests diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 8772b8157e3..c98c19afaad 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -97,3 +97,11 @@ drop table t1; --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +# +# BUG#21611 Slave can't connect when master-ssl-cipher specified +# - Apparently selecting a cipher doesn't work at all +# - Usa a cipher that both yaSSL and OpenSSL supports +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 55d3792365f..40879da24ba 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -249,8 +249,13 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } - /* Set the ciphers that can be used */ - if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher)) + /* + Set the ciphers that can be used + NOTE: SSL_CTX_set_cipher_list will return 0 if + none of the provided ciphers could be selected + */ + if (cipher && + SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0) { DBUG_PRINT("error", ("failed to set ciphers to use")); report_errors(); From e81cb86952ab366ae20aa8186041dde3be66d166 Mon Sep 17 00:00:00 2001 From: "msvensson@pilot.blaudden" <> Date: Wed, 11 Apr 2007 21:01:10 +0200 Subject: [PATCH 2/3] Add test for connect using different ssl ciphers --- mysql-test/r/openssl_1.result | 7 +++++++ mysql-test/t/openssl_1.test | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 92900ac1a83..0552ca0e8bb 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -53,3 +53,10 @@ SSL error: Unable to get certificate from '' mysqltest: Could not open connection 'default': 2026 SSL connection error Variable_name Value Ssl_cipher DHE-RSA-AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES128-SHA +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES128-SHA +mysqltest: Could not open connection 'default': 2026 SSL connection error diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index 362443023e1..dbe8bdd8940 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -104,3 +104,24 @@ drop table t1; # and ca path to NULL # --exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 + + +# +# Test to connect using a list of ciphers +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + + +# Test to connect using a specifi cipher +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# Test to connect using an unknown cipher +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--error 1 +--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + + From d631f1197250ceb7e874cb6aacd1c8cd71936756 Mon Sep 17 00:00:00 2001 From: "msvensson@pilot.blaudden" <> Date: Wed, 11 Apr 2007 21:38:43 +0200 Subject: [PATCH 3/3] Print warning to log when SSL setup fails --- sql/mysqld.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index b0fc5a30ff5..33b400faca2 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -3046,6 +3046,7 @@ static void init_ssl() DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd)); if (!ssl_acceptor_fd) { + sql_print_warning("Failed to setup SSL"); opt_use_ssl = 0; have_ssl= SHOW_OPTION_DISABLED; }