OpenSSL fixes. Should not affect anything else.

Makefile.am:
  Moved bio dir into server_dirs in acinclude.in
client/Makefile.am:
  We need OpenSSL includes here
include/global.h:
  Workaround for OPENSSL librar bug with defining crypt()
include/violite.h:
  small fixes
libmysql/Makefile.am:
  We need OpenSSL includes here
libmysql/Makefile.shared:
  Yes, we need to compile more programs whtn --with-openssl is used
libmysql/libmysql.c:
  Make it work! (openssl)
libmysql_r/Makefile.am:
  We need OpenSSL includes here
sql/mysqld.cc:
  Memory was not freed before
sql/sql_parse.cc:
  fix
vio/Makefile.am:
  Added testprogram compilation and openssl libraries linking
vio/viossl.c:
  Cleanups, fixes, etc...
vio/viosslfactories.c:
  Copyright was missing. Fixed renamed macros for newer OpenSSL
vio/viotest-ssl.c:
  Made testprogram work again
BitKeeper/etc/logging_ok:
  Logging to logging@openlogging.org accepted

21 files changed, 513 insertions, 156 deletions

diff --git a/BitKeeper/etc/logging_ok b/BitKeeper/etc/logging_ok
index 93b5d236970..2415ea28d0f 100644
--- a/BitKeeper/etc/logging_ok
+++ b/BitKeeper/etc/logging_ok
@@ -21,3 +21,4 @@ tim@work.mysql.com
 tonu@hundin.mysql.fi
 tonu@x3.internalnet
 tim@white.box
+tonu@x153.internalnet
diff --git a/Makefile.am b/Makefile.am
index d6bfb156d29..7343f617449 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -22,7 +22,7 @@ TAR =			gtar
 EXTRA_DIST =		INSTALL-SOURCE README \
 			COPYING COPYING.LIB MIRRORS
 SUBDIRS =		include @docs_dirs@ @readline_dir@ \
-			@thread_dirs@ @pstack_dirs@ vio @sql_client_dirs@ \
+			@thread_dirs@ @pstack_dirs@ @sql_client_dirs@ \
 			@sql_server_dirs@ @libmysqld_dirs@ scripts tests man \
 			@bench_dirs@ support-files @fs_dirs@
 
diff --git a/SSL/cacert.pem b/SSL/cacert.pem
new file mode 100644
index 00000000000..862e07114c5
--- /dev/null
+++ b/SSL/cacert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
+EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
+ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
+SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTU0MzE4WhcNMDIwNjI0
+MTU0MzE4WjCBhTELMAkGA1UEBhMCRkkxEzARBgNVBAgTClNvbWUtU3RhdGUxETAP
+BgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQKExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYD
+VQQDEwtUb251IFNhbXVlbDEdMBsGCSqGSIb3DQEJARYOdG9udUBteXNxbC5jb20w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJz9FCvWX8c+Xr6mxzfZvPainIPT
+ODNsQ0f2kAs0epP+peUn4LHxLybp2dkUHTtJLXyUyk7cXfnUd+0fRazK2/Vz48bZ
+swGwg9Rhg3P02Ku+CMWYulHzN6uVRzfrDUSkDoky2DGL3A6B8P4JRc2qcr+kjhh5
+6r1VJlXs9N3DqeEdAgMBAAGjgeUwgeIwHQYDVR0OBBYEFKUK1nK13+TCK3sHXtNN
+Ugfhg2t/MIGyBgNVHSMEgaowgaeAFKUK1nK13+TCK3sHXtNNUgfhg2t/oYGLpIGI
+MIGFMQswCQYDVQQGEwJGSTETMBEGA1UECBMKU29tZS1TdGF0ZTERMA8GA1UEBxMI
+SGVsc2lua2kxGTAXBgNVBAoTEE15U1FMIEZpbmxhbmQgQUIxFDASBgNVBAMTC1Rv
+bnUgU2FtdWVsMR0wGwYJKoZIhvcNAQkBFg50b251QG15c3FsLmNvbYIBADAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAI+YJKoa+IP3WYr8iLcVk5j7lZ9D
+GS8reuALafnE7VX1xMlXP5EnJjT7YYYmtiB2tYj7+eQ+ajRXWWyY5NtO5ob+dm8z
+OBX43v08C5vNSAFpwZWTutzb0nSd8kOABGJ04MBDJZk8QNkTfU6C7c3ZJ/gW8Guv
+I+cxfz6oCYEfKLBN
+-----END CERTIFICATE-----
diff --git a/SSL/client-cert.pem b/SSL/client-cert.pem
new file mode 100644
index 00000000000..cab2a635d9f
--- /dev/null
+++ b/SSL/client-cert.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu Samuel/Email=tonu@mysql.com
+        Validity
+            Not Before: Jun 24 16:03:20 2001 GMT
+            Not After : Jun 24 16:03:20 2002 GMT
+        Subject: C=EE, ST=Some-State, L=Tallinn, O=MySQL demo client certificate, CN=Tonu Samuel/Email=tonu@mysql.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e8:d4:52:cd:4e:bb:96:16:3a:f0:89:6b:90:4c:
+                    db:e0:30:75:5a:02:72:62:bf:ed:da:be:09:e8:80:
+                    db:80:54:30:d6:75:ed:e3:10:a5:15:44:5b:29:91:
+                    12:fe:0c:b7:76:4d:e9:5f:56:5c:45:3c:ad:b2:71:
+                    2d:6a:7a:cb:bc:04:80:08:74:d6:7d:f6:7c:5c:76:
+                    db:35:c4:f6:f5:d8:d4:89:9f:9d:cc:3f:4e:3f:73:
+                    c1:3e:41:7e:4e:09:bf:ea:1a:d9:a2:13:0d:d1:0c:
+                    da:d8:f4:9b:b8:54:21:17:ae:d7:b3:02:61:87:a9:
+                    01:ff:f4:fe:9c:7a:fc:67:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                BC:FB:BB:8F:C4:85:BA:5F:A8:F2:C3:3D:C9:0F:DB:16:E7:13:BC:B2
+            X509v3 Authority Key Identifier: 
+                keyid:A5:0A:D6:72:B5:DF:E4:C2:2B:7B:07:5E:D3:4D:52:07:E1:83:6B:7F
+                DirName:/C=FI/ST=Some-State/L=Helsinki/O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@mysql.com
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        1c:e0:87:2c:2f:b3:a4:39:44:7f:96:7b:2f:c9:1f:91:84:0b:
+        9f:d0:0a:f8:40:70:d0:dd:bd:91:0a:c6:d5:ac:8f:51:77:9c:
+        35:28:e8:b6:5f:57:9e:5c:b5:9b:ae:5d:3d:7c:05:45:2e:89:
+        3a:03:e1:f2:00:cb:c1:ed:3e:48:3b:5f:4e:50:d2:b4:a5:36:
+        0f:1a:dc:79:49:1e:03:2f:27:c1:e4:62:d6:ef:3f:ab:2e:ab:
+        dd:e5:bc:cb:20:a3:dd:ab:81:69:26:9c:03:42:1b:4c:b7:aa:
+        57:6d:2a:de:c0:5e:6e:74:d0:83:90:ec:ad:bb:ba:f0:cc:cf:
+        41:3d
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAwqgAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
+EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
+ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
+SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTYwMzIwWhcNMDIwNjI0
+MTYwMzIwWjCBkTELMAkGA1UEBhMCRUUxEzARBgNVBAgTClNvbWUtU3RhdGUxEDAO
+BgNVBAcTB1RhbGxpbm4xJjAkBgNVBAoTHU15U1FMIGRlbW8gY2xpZW50IGNlcnRp
+ZmljYXRlMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqGSIb3DQEJARYOdG9u
+dUBteXNxbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOjUUs1Ou5YW
+OvCJa5BM2+AwdVoCcmK/7dq+CeiA24BUMNZ17eMQpRVEWymREv4Mt3ZN6V9WXEU8
+rbJxLWp6y7wEgAh01n32fFx22zXE9vXY1Imfncw/Tj9zwT5Bfk4Jv+oa2aITDdEM
+2tj0m7hUIReu17MCYYepAf/0/px6/GdDAgMBAAGjggERMIIBDTAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUvPu7j8SFul+o8sM9yQ/bFucTvLIwgbIGA1UdIwSBqjCBp4AUpQrW
+crXf5MIrewde001SB+GDa3+hgYukgYgwgYUxCzAJBgNVBAYTAkZJMRMwEQYDVQQI
+EwpTb21lLVN0YXRlMREwDwYDVQQHEwhIZWxzaW5raTEZMBcGA1UEChMQTXlTUUwg
+RmlubGFuZCBBQjEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
+DnRvbnVAbXlzcWwuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBABzghywvs6Q5RH+W
+ey/JH5GEC5/QCvhAcNDdvZEKxtWsj1F3nDUo6LZfV55ctZuuXT18BUUuiToD4fIA
+y8HtPkg7X05Q0rSlNg8a3HlJHgMvJ8HkYtbvP6suq93lvMsgo92rgWkmnANCG0y3
+qldtKt7AXm500IOQ7K27uvDMz0E9
+-----END CERTIFICATE-----
diff --git a/SSL/client-req.pem b/SSL/client-req.pem
new file mode 100644
index 00000000000..ef11a22165f
--- /dev/null
+++ b/SSL/client-req.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8CE2AB38FB50D4B9
+
+rrnYZLUKlzV4U7+wqe5CWzTd4RLJb5h4M77aBRQfuHGejSaRsskN2ffpO8uQEAYM
+WTJSRC+NO+jDMBZhzt1ktWqCs8d6l6azHoBybIrMJsbUhwybm+OiOfp23RrbNoS/
+S4fsgNdAAGhsRvKDdsItCyYvdH8nTzn+g9r/z2V4tOOXd6MYuT42XA6Uz2tis2SZ
+GWEGa7mAweApzSiibE+pzjPS+fdX4E12n6NCVYLhn1JuvzVva/KFSebs4Wh75miC
+WvRgkt/5eDQn+vkV67hE3I6p9pPcLh1+PMfaQ25U8VM/r7ejnVFWm7teGH6GKPKJ
+cU+PYfblyWcgtiO/fwfGMIqSyNtHj/C3VFVie5D1MTJzBopiPGEcfz00LjBccjjh
+j1meTRVN8pMZTgkxlnIFwbU6TPPvx8a9urFVQIJ4z8r2EMvYh5Cqpq87+lH9Pn0C
+vzCl78Tz5QLghXNnMbbdD2aPP0PwPEXgh86iZxo06g85n0l26WUzYJlWzBYD4DrF
+SbnEUAftTujEOm6MqJNLpJN6UPOtq/HvSaHl1bykGK+zU4gqHj0ur03HlF0l4xNg
+OfsoNsJV+O9RUUJ0+D5eqUALJjN8TCV1wNMXOVzr/ue3QCVdlWVfZY4RPffwK9Yp
+Fh52T7a2v+shhqZUQNtFDAg50Ac7deUthSWNmi5N680POnJg9KdtBdMhYLa1j3rP
+D9oasSK0ugevHuQ6wUiD/95CzZlJXE9K4kTTYmaRk5MTWXhFQxdqHZo1v+pGtaNI
+f+/E7q7BiNesSt31U/vkX0Tm3oJ1dgOnS8M2uxiYiKH2mJ/E32tZKw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkVFMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MRAwDgYDVQQHEwdUYWxsaW5uMSYwJAYDVQQKEx1NeVNRTCBkZW1vIGNsaWVudCBj
+ZXJ0aWZpY2F0ZTEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
+DnRvbnVAbXlzcWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo1FLN
+TruWFjrwiWuQTNvgMHVaAnJiv+3avgnogNuAVDDWde3jEKUVRFspkRL+DLd2Telf
+VlxFPK2ycS1qesu8BIAIdNZ99nxcdts1xPb12NSJn53MP04/c8E+QX5OCb/qGtmi
+Ew3RDNrY9Ju4VCEXrtezAmGHqQH/9P6cevxnQwIDAQABoAAwDQYJKoZIhvcNAQEE
+BQADgYEAvENK1JAQfC8xnrFGw2IxfUmUwlRidiRtYTgtVfTr7vA+m4WaaKioni6E
+PQXjcvl6kfyRoxc4qWsGi3T7QM2RnvCtbwR2NGSIKX1cBTS31RMr12NSAeXn6Twz
+ZwSZ55EHj9N2hArTPNlVjxvDQX3D6/ZBi6JnHAxXigzDqhArgjU=
+-----END CERTIFICATE REQUEST-----
diff --git a/SSL/server-cert.pem b/SSL/server-cert.pem
new file mode 100644
index 00000000000..069063a9de9
--- /dev/null
+++ b/SSL/server-cert.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu Samuel/Email=tonu@mysql.com
+        Validity
+            Not Before: Jun 24 16:02:28 2001 GMT
+            Not After : Jun 24 16:02:28 2002 GMT
+        Subject: C=EE, ST=Some-State, L=Tallinn, O=MySQL server demo certificate, CN=Tonu Samuel/Email=tonu@mysql.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9e:ac:8d:d8:1d:9c:b2:fd:88:96:2c:ba:42:53:
+                    fa:5d:bd:85:8a:e5:ca:d3:0f:c0:01:3c:f2:92:46:
+                    4f:d9:80:ae:2a:89:cf:ef:e8:d4:65:fc:f6:f5:3a:
+                    26:4c:29:db:06:fa:34:a1:87:f3:97:b5:3c:94:f1:
+                    84:05:ac:ad:57:25:d9:02:db:00:71:e0:a9:aa:b4:
+                    1d:29:36:5e:a9:a4:0d:f2:45:b9:83:74:2b:45:f3:
+                    e2:23:bc:e7:5c:e6:11:b6:f6:dd:c4:ac:ed:65:42:
+                    2c:39:47:2a:c9:eb:5f:45:03:10:ab:23:bc:ca:5c:
+                    82:9a:b7:b3:6d:67:18:d2:c7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                94:68:BF:DA:F6:E2:09:EF:3A:C8:27:AE:D7:B7:02:F0:DC:4B:C1:3B
+            X509v3 Authority Key Identifier: 
+                keyid:A5:0A:D6:72:B5:DF:E4:C2:2B:7B:07:5E:D3:4D:52:07:E1:83:6B:7F
+                DirName:/C=FI/ST=Some-State/L=Helsinki/O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@mysql.com
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        8c:1a:90:70:f6:1a:70:0e:c9:28:93:74:e2:2b:b8:2a:d0:ce:
+        40:15:e8:af:44:f8:89:16:20:f5:c2:b9:ed:aa:4e:3c:40:e2:
+        9c:62:aa:48:98:ac:17:84:ef:35:72:59:43:09:35:17:c5:9a:
+        3e:3d:ef:97:bf:57:f2:2a:f6:56:5d:a4:7c:68:58:b9:d6:9b:
+        0f:57:0e:55:22:17:b0:b7:77:27:4f:da:b3:88:c1:6d:d6:8f:
+        31:ec:0d:a2:25:60:66:2f:0f:86:8a:d6:08:b8:71:b1:b5:70:
+        60:04:56:96:ff:bd:5e:ed:94:bc:44:bd:24:e0:2f:90:e5:23:
+        51:4e
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAwqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBhTELMAkGA1UEBhMCRkkx
+EzARBgNVBAgTClNvbWUtU3RhdGUxETAPBgNVBAcTCEhlbHNpbmtpMRkwFwYDVQQK
+ExBNeVNRTCBGaW5sYW5kIEFCMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqG
+SIb3DQEJARYOdG9udUBteXNxbC5jb20wHhcNMDEwNjI0MTYwMjI4WhcNMDIwNjI0
+MTYwMjI4WjCBkTELMAkGA1UEBhMCRUUxEzARBgNVBAgTClNvbWUtU3RhdGUxEDAO
+BgNVBAcTB1RhbGxpbm4xJjAkBgNVBAoTHU15U1FMIHNlcnZlciBkZW1vIGNlcnRp
+ZmljYXRlMRQwEgYDVQQDEwtUb251IFNhbXVlbDEdMBsGCSqGSIb3DQEJARYOdG9u
+dUBteXNxbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6sjdgdnLL9
+iJYsukJT+l29hYrlytMPwAE88pJGT9mAriqJz+/o1GX89vU6Jkwp2wb6NKGH85e1
+PJTxhAWsrVcl2QLbAHHgqaq0HSk2XqmkDfJFuYN0K0Xz4iO851zmEbb23cSs7WVC
+LDlHKsnrX0UDEKsjvMpcgpq3s21nGNLHAgMBAAGjggERMIIBDTAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUlGi/2vbiCe86yCeu17cC8NxLwTswgbIGA1UdIwSBqjCBp4AUpQrW
+crXf5MIrewde001SB+GDa3+hgYukgYgwgYUxCzAJBgNVBAYTAkZJMRMwEQYDVQQI
+EwpTb21lLVN0YXRlMREwDwYDVQQHEwhIZWxzaW5raTEZMBcGA1UEChMQTXlTUUwg
+RmlubGFuZCBBQjEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
+DnRvbnVAbXlzcWwuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAIwakHD2GnAOySiT
+dOIruCrQzkAV6K9E+IkWIPXCue2qTjxA4pxiqkiYrBeE7zVyWUMJNRfFmj4975e/
+V/Iq9lZdpHxoWLnWmw9XDlUiF7C3dydP2rOIwW3WjzHsDaIlYGYvD4aK1gi4cbG1
+cGAEVpb/vV7tlLxEvSTgL5DlI1FO
+-----END CERTIFICATE-----
diff --git a/SSL/server-req.pem b/SSL/server-req.pem
new file mode 100644
index 00000000000..4cd6610e735
--- /dev/null
+++ b/SSL/server-req.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6CBD09E71246DC01
+
+byRzq5+j3r8FX2kQerTUZT5Bw/N6zrN3cmH6NHGJcrqD+vcPdtWf+Rk+mpNXgSQn
+ldkfmniU/htzJ0cUV+KE229Qx10Hx9mIJIbf0Y/rBCUBuaXWVrQB36W9w3rkNPFA
+EEuRMkreOJF42RD16+NBJv+RcHIGzGejXecJKUGF5DKlN0U8YHXnkXTQl54kIdr0
+H7rTrvJygwPk9/ik0M9/vmwduAMvTaHDmvgeolpMlJkxwz8vYkbUnFFJZhB6XNCb
+1w3lJ0EmRJicK5BnZmCEmgt8xiv0PAtg00jBbwddQbn1reAyViBtBT9iXdusHXS5
+Po63rSt7r3MO8aetcMQ6FkklH+ChuS/vFoNY57AwrzF4uEI4GSoZP0ESrRC5Ar5W
+Lzg/HrQAWbPCRlb6Jj3db1woRzFS8joOashROsZdeV/5P4Emhc6J7QMTvB1OHAhQ
+ugOJazJtxjg0DN8+9cM1wtHI7N89PLHhOg13LZNLeeehzIlPwKI2JLqXUc6oR407
+i+S7GCqu7wU+if0Enux8Dj7yrvnTUiqVCL2dyKTS3sBq0Cm2UhbecHclor13y6no
+y1o50TKKD6Zig2hZmSpqKznMxGMVIT36BE0aOMQUmk+aVnRuROclwTTL0ZNLzA+g
+QRTRfQ6iNMf34ypqAMdAMPzDGLPycKuFdxVQxFEVaM2/mrdWFwVAqFsLvzyGvdrh
+nkNyRgTWR/pfH9b3mXLqf6gMPNs764WhFIcZIDk9a4XBBUm2YDb2CxDzDCo/EUMA
+jvIiU0Jt132SEHHF/wAka6d2DnwZ3vexRp6Tebv/uy9IlMLPE+68dw==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkVFMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MRAwDgYDVQQHEwdUYWxsaW5uMSYwJAYDVQQKEx1NeVNRTCBzZXJ2ZXIgZGVtbyBj
+ZXJ0aWZpY2F0ZTEUMBIGA1UEAxMLVG9udSBTYW11ZWwxHTAbBgkqhkiG9w0BCQEW
+DnRvbnVAbXlzcWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCerI3Y
+HZyy/YiWLLpCU/pdvYWK5crTD8ABPPKSRk/ZgK4qic/v6NRl/Pb1OiZMKdsG+jSh
+h/OXtTyU8YQFrK1XJdkC2wBx4KmqtB0pNl6ppA3yRbmDdCtF8+IjvOdc5hG29t3E
+rO1lQiw5RyrJ619FAxCrI7zKXIKat7NtZxjSxwIDAQABoAAwDQYJKoZIhvcNAQEE
+BQADgYEAlrUnGX4LYIiVjztHA4gUcOSVeEHCci2qEUq+7yY1JhAw54YDa2MLTTwa
+cH+rXLHjN0MTNfv9tRxdSX+trk3pyvhgFjssD100dJkF83RfVv2tKg9kscVOGQp7
+MkwOnJjfAjQBlTbTOQM46BTjv2FgvsppkO3ViryI//YxKvj/628=
+-----END CERTIFICATE REQUEST-----
diff --git a/client/Makefile.am b/client/Makefile.am
index 6766b389704..52260780248 100644
--- a/client/Makefile.am
+++ b/client/Makefile.am
@@ -16,7 +16,7 @@
 
 # This file is public domain and comes with NO WARRANTY of any kind
 
-INCLUDES =			-I$(srcdir)/../include \
+INCLUDES =			-I$(srcdir)/../include $(openssl_includes) \
 				-I../include -I$(srcdir)/.. -I$(top_srcdir) \
 				-I..
 LIBS =				@CLIENT_LIBS@
diff --git a/include/global.h b/include/global.h
index f41ac3ed184..c7a3498b76a 100644
--- a/include/global.h
+++ b/include/global.h
@@ -189,7 +189,13 @@
 # endif
 #endif /* TIME_WITH_SYS_TIME */
 #ifdef HAVE_UNISTD_H
+#ifdef HAVE_OPENSSL
+#define crypt dummy
+#endif
 #include <unistd.h>
+#ifdef HAVE_OPENSSL
+#undef crypt
+#endif
 #endif
 #if defined(__cplusplus) && defined(NO_CPLUSPLUS_ALLOCA)
 #undef HAVE_ALLOCA
diff --git a/include/violite.h b/include/violite.h
index bc10a8f527c..49791c6b68a 100644
--- a/include/violite.h
+++ b/include/violite.h
@@ -137,11 +137,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout);
 
 
 #ifdef HAVE_OPENSSL
-#include <openssl/x509.h>
+#define HEADER_DES_LOCL_H dummy_something
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/asn1.h>
 #include "my_net.h"			/* needed because of struct in_addr */
 
 
@@ -184,10 +182,9 @@ struct st_VioSSLAcceptorFd
     state_connect       = 1,
     state_accept        = 2
   };
-  BIO* bio_;
-  char *ssl_cip_;
-  char desc_[100];
-  Vio* sd_;
+//  BIO* bio_;
+//  char desc_[100];
+//  Vio* sd_;
 
   /* function pointers which are only once for SSL server 
   Vio*(*sslaccept)(struct st_VioSSLAcceptorFd*,Vio*); */
@@ -200,8 +197,8 @@ struct st_VioSSLConnectorFd
   SSL_METHOD* ssl_method_;
   /* function pointers which are only once for SSL client */ 
 };
-Vio *sslaccept(struct st_VioSSLAcceptorFd*, Vio*);
-Vio *sslconnect(struct st_VioSSLConnectorFd*, Vio*);
+void sslaccept(struct st_VioSSLAcceptorFd*, Vio*);
+void sslconnect(struct st_VioSSLConnectorFd*, Vio*);
 
 #else /* HAVE_OPENSSL */
 /* This dummy is required to maintain proper size of st_mysql in mysql.h */
@@ -250,6 +247,7 @@ struct st_vio
   BIO* bio_;
   SSL* ssl_;
   my_bool open_;
+  char *ssl_cip_;
 #endif /* HAVE_OPENSSL */
 #endif /* HAVE_VIO */
 };
diff --git a/libmysql/Makefile.am b/libmysql/Makefile.am
index 67b78f14ba2..6c471090533 100644
--- a/libmysql/Makefile.am
+++ b/libmysql/Makefile.am
@@ -21,7 +21,7 @@ target = libmysqlclient.la
 target_defs = -DUNDEF_THREADS_HACK
 LIBS   = @CLIENT_LIBS@
 INCLUDES =	-I$(srcdir)/../include -I../include \
-		-I$(srcdir)/.. -I$(top_srcdir) -I..
+		-I$(srcdir)/.. -I$(top_srcdir) -I.. $(openssl_includes)
 
 include $(srcdir)/Makefile.shared
 
diff --git a/libmysql/Makefile.shared b/libmysql/Makefile.shared
index 4d3928c5bc5..28248a0b982 100644
--- a/libmysql/Makefile.shared
+++ b/libmysql/Makefile.shared
@@ -62,7 +62,7 @@ mysysobjects =		$(mysysobjects1) $(mysysobjects2)
 target_libadd = $(mysysobjects) $(mystringsobjects) $(dbugobjects) \
  $(vio_objects)
 target_ldflags = -version-info @SHARED_LIB_VERSION@
-vio_objects= vio.lo viosocket.lo
+vio_objects= vio.lo viosocket.lo viossl.lo viosslfactories.lo
 CLEANFILES =		$(target_libadd) $(SHLIBOBJS) \
 			$(target)
 DEFS =			-DDEFAULT_CHARSET_HOME="\"$(MYSQLBASEdir)\"" \
diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c
index d6f5b7c523f..2d7ad15b772 100644
--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@@ -1380,7 +1380,7 @@ mysql_ssl_cipher(MYSQL *mysql)
 ** Free strings in the SSL structure and clear 'use_ssl' flag.
 ** NB! Errors are not reported until you do mysql_real_connect.
 **************************************************************************
-
+*/
 int STDCALL
 mysql_ssl_clear(MYSQL *mysql)
 {
@@ -1392,11 +1392,11 @@ mysql_ssl_clear(MYSQL *mysql)
   mysql->options.ssl_cert = 0;
   mysql->options.ssl_ca = 0;
   mysql->options.ssl_capath = 0;
-  mysql->options.use_ssl = false;
-  mysql->connector_fd->delete();
+  mysql->options.use_ssl = FALSE;
+  my_free(mysql->connector_fd,MYF(MY_ALLOW_ZERO_PTR));
   mysql->connector_fd = 0;
   return 0;
-}*/
+}
 #endif /* HAVE_OPENSSL */
 
 /**************************************************************************
@@ -1788,7 +1788,7 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
     /* Do the SSL layering. */
     DBUG_PRINT("info", ("IO layer change in progress..."));
     DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_));
-    mysql->net.vio = sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio);
+    sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio);
     DBUG_PRINT("info", ("IO layer change done!"));
   }
 #endif /* HAVE_OPENSSL */
@@ -1972,8 +1972,7 @@ mysql_close(MYSQL *mysql)
     bzero((char*) &mysql->options,sizeof(mysql->options));
     mysql->net.vio = 0;
 #ifdef HAVE_OPENSSL
-/*    ((VioConnectorFd*)(mysql->connector_fd))->delete();
-    mysql->connector_fd = 0;*/
+    mysql_ssl_clear(mysql);
 #endif /* HAVE_OPENSSL */
     
     /* free/close slave list */
diff --git a/libmysql_r/Makefile.am b/libmysql_r/Makefile.am
index 110e26797bd..154c3df431b 100644
--- a/libmysql_r/Makefile.am
+++ b/libmysql_r/Makefile.am
@@ -22,7 +22,7 @@ target_defs =
 ## LIBS = @LIBS@
 
 INCLUDES =	@MT_INCLUDES@ -I$(srcdir)/../include -I../include \
-		-I$(srcdir)/.. -I$(top_srcdir) -I..
+		-I$(srcdir)/.. -I$(top_srcdir) -I.. $(openssl_includes)
 
 ## automake barfs if you don't use $(srcdir) or $(top_srcdir) in include
 include $(top_srcdir)/libmysql/Makefile.shared
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index 7c40b5f15ef..40b157780da 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -692,6 +692,28 @@ void clean_up(bool print_message)
 #ifdef USE_RAID
   end_raid();
 #endif
+#ifdef HAVE_OPENSSL
+  if(opt_ssl_key) {
+    my_free(opt_ssl_key,MYF(0));
+    opt_ssl_key=0;
+  }
+  if(opt_ssl_cert) {
+    my_free(opt_ssl_cert,MYF(0));
+    opt_ssl_cert=0;
+  }
+  if(opt_ssl_ca) {
+    my_free(opt_ssl_ca,MYF(0));
+    opt_ssl_ca=0;
+  }
+  if(opt_ssl_capath) {
+    my_free(opt_ssl_capath,MYF(0));
+    opt_ssl_capath=0;
+  }
+  if(ssl_acceptor_fd) {
+    my_free((gptr)ssl_acceptor_fd,MYF(0));
+    ssl_acceptor_fd=0;
+  }
+#endif /* HAVE_OPENSSL */
   free_defaults(defaults_argv);
   my_free(charsets_list, MYF(MY_ALLOW_ZERO_PTR));
   my_free(mysql_tmpdir,MYF(0));
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 928a62a397e..d85a6298cf2 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -425,7 +425,7 @@ check_connections(THD *thd)
     DBUG_PRINT("info", ("Agreed to change IO layer to SSL") );
     /* Do the SSL layering. */
     DBUG_PRINT("info", ("IO layer change in progress..."));
-    net->vio = sslaccept(ssl_acceptor_fd, net->vio);
+    sslaccept(ssl_acceptor_fd, net->vio);
     DBUG_PRINT("info", ("Reading user information over SSL layer"));
     if ((pkt_len=my_net_read(net)) == packet_error ||
 	pkt_len < NORMAL_HANDSHAKE_SIZE)
diff --git a/vio/Makefile.am b/vio/Makefile.am
index c1a69b26058..e8b226adb37 100644
--- a/vio/Makefile.am
+++ b/vio/Makefile.am
@@ -15,10 +15,13 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
 INCLUDES =		-I$(srcdir)/../include -I../include $(openssl_includes)
-LDADD =			libvio.a $(openssl_libs)
+LDADD =			libvio.a $(openssl_libs) 
 pkglib_LIBRARIES =	libvio.a
-noinst_PROGRAMS	=	
+noinst_PROGRAMS	=	viotest-ssl
 noinst_HEADERS =	
+viotest_ssl_SOURCES =   viotest-ssl.c
+viotest_ssl_LDADD =   	../dbug/libdbug.a libvio.a ../mysys/libmysys.a ../strings/libmystrings.a \
+			libvio.a $(openssl_libs)
 libvio_a_SOURCES =	vio.c viosocket.c viossl.c viosslfactories.c
 
 OMIT_DEPENDENCIES =	pthread.h stdio.h __stdio.h stdlib.h __stdlib.h math.h\
diff --git a/vio/viossl.c b/vio/viossl.c
index e4fe9d87228..b9883ba3fa6 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -23,6 +23,9 @@
 */
 
 #include <global.h>
+
+#ifdef HAVE_OPENSSL
+
 #include <mysql_com.h>
 
 #include <errno.h>
@@ -61,9 +64,6 @@
 #define HANDLE void *
 #endif
 
-
-#ifdef HAVE_OPENSSL
-
 static void
 report_errors()
 {
@@ -105,8 +105,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
 {
   int r;
   DBUG_ENTER("vio_ssl_read");
-  DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));
+  DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p", vio->sd, buf, size, vio->ssl_));
   assert(vio->ssl_!= 0);
+
+  DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'",SSL_get_cipher_name(vio->ssl_)));
+  
   r = SSL_read(vio->ssl_, buf, size);
 #ifndef DBUG_OFF
   if ( r< 0)
@@ -123,6 +126,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
   DBUG_ENTER("vio_ssl_write");
   DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size));
   assert(vio->ssl_!=0);
+  DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'",SSL_get_cipher_name(vio->ssl_)));
   r = SSL_write(vio->ssl_, buf, size);
 #ifndef DBUG_OFF
   if (r<0)
@@ -204,6 +208,7 @@ int vio_ssl_close(Vio * vio)
   if (r)
   {
     DBUG_PRINT("error", ("close() failed, error: %d",errno));
+    report_errors();
     /* FIXME: error handling (not critical for MySQL) */
   }
   vio->type= VIO_CLOSED;
@@ -289,12 +294,14 @@ my_bool vio_ssl_poll_read(Vio *vio,uint timeout)
 /* FIXME: There are some duplicate code in 
  * sslaccept()/sslconnect() which maybe can be eliminated 
  */
-Vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
+void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
 {
+  X509*    client_cert;
+  char *str;
   DBUG_ENTER("sslaccept");
-  DBUG_PRINT("enter", ("sd=%s ptr=%p", sd->desc,ptr));
+  DBUG_PRINT("enter", ("sd=%s ptr=%p", sd->sd,ptr));
   vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE);
-  ptr->bio_=0;
+//  ptr->bio_=0;
   sd->ssl_=0;
   sd->open_=FALSE; 
   assert(sd != 0);
@@ -304,9 +311,12 @@ Vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors();
-    DBUG_RETURN(sd);
+    DBUG_VOID_RETURN;
   }
-  if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))
+  DBUG_PRINT("info", ("ssl_=%p",sd->ssl_));
+  SSL_set_fd(sd->ssl_,sd->sd);
+//  SSL_accept(sd->ssl_);                
+/*  if (!(ptr->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))
   {
     DBUG_PRINT("error", ("BIO_new_socket failure"));
     report_errors();
@@ -314,18 +324,42 @@ Vio *sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* sd)
     sd->ssl_=0;
     DBUG_RETURN(sd);
   }
-  SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_);
+  SSL_set_bio(sd->ssl_, ptr->bio_, ptr->bio_);*/
   SSL_set_accept_state(sd->ssl_);
-  sprintf(ptr->desc_, "VioSSL(%d)", sd->sd);
-/*  sd->ssl_cip_ = SSL_get_cipher(sd->ssl_); */
+//  sprintf(ptr->desc_, "VioSSL(%d)", sd->sd);
+//  sd->ssl_cip_ = SSL_get_cipher(sd->ssl_); 
   sd->open_ = TRUE;
-  DBUG_RETURN(sd);
+
+
+  client_cert = SSL_get_peer_certificate (sd->ssl_);
+  if (client_cert != NULL) {
+    DBUG_PRINT("info",("Client certificate:"));
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
+    //CHK_NULL(str);
+    DBUG_PRINT("info",("\t subject: %s", str));
+    free (str);
+
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
+    //CHK_NULL(str);
+    DBUG_PRINT("info",("\t issuer: %s", str));
+    free (str);
+
+    /* We could do all sorts of certificate verification stuff here before
+     *        deallocating the certificate. */
+
+    X509_free (client_cert);
+  } else
+    DBUG_PRINT("info",("Client does not have certificate."));
+
+  DBUG_VOID_RETURN;
 }
 
-Vio *sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
+void sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
 {
+  char *str;
+  X509*    server_cert;
   DBUG_ENTER("sslconnect");
-  DBUG_PRINT("enter", ("sd=%s ptr=%p ctx: %p", sd->desc,ptr,ptr->ssl_context_));
+  DBUG_PRINT("enter", ("sd=%s ptr=%p ctx: %p", sd->sd,ptr,ptr->ssl_context_));
   vio_reset(sd,VIO_TYPE_SSL,sd->sd,0,FALSE);
 
   sd->bio_=0;
@@ -339,9 +373,11 @@ Vio *sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors();
-    DBUG_RETURN(sd);
+    DBUG_VOID_RETURN;
   }
-  if (!(sd->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))
+  DBUG_PRINT("info", ("ssl_=%p",sd->ssl_));
+  printf("ssl_=%p\n",sd->ssl_);
+/*  if (!(sd->bio_ = BIO_new_socket(sd->sd, BIO_NOCLOSE)))
   {
     DBUG_PRINT("error", ("BIO_new_socket failure"));
     report_errors();
@@ -349,12 +385,32 @@ Vio *sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* sd)
     sd->ssl_=0;
     DBUG_RETURN(sd);
   }
-  SSL_set_bio(sd->ssl_, sd->bio_, sd->bio_);
+  SSL_set_bio(sd->ssl_, sd->bio_, sd->bio_);*/
+
+  SSL_set_fd (sd->ssl_, sd->sd);
   SSL_set_connect_state(sd->ssl_);
-/*  sprintf(ptr->desc_, "VioSSL(%d)", sd->sd); 
-  sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);*/
+
+  server_cert = SSL_get_peer_certificate (sd->ssl_);
+  if (server_cert != NULL) {
+    DBUG_PRINT("info",("Server certificate:"));
+    str = X509_NAME_oneline (X509_get_subject_name (server_cert), 0, 0);
+    DBUG_PRINT("info",("\t subject: %s", str));
+    free (str);
+
+    str = X509_NAME_oneline (X509_get_issuer_name  (server_cert), 0, 0);
+    DBUG_PRINT("info",("\t issuer: %s\n", str));
+    free (str);
+
+    /* We could do all sorts of certificate verification stuff here before
+     *        deallocating the certificate. */
+
+    X509_free(server_cert);
+  } else
+    DBUG_PRINT("info",("Server does not have certificate."));
+
+//  sd->ssl_cip_ = SSL_get_cipher(sd->ssl_);
   sd->open_ = TRUE;
-  DBUG_RETURN(sd);
+  DBUG_VOID_RETURN;
 }
 
 
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 4be956ed9ba..5285dd0f7b1 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -1,11 +1,29 @@
+/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+   MA 02111-1307, USA */
 
 
 #include <global.h>
+
+#ifdef HAVE_OPENSSL
+
 #include <my_sys.h>
 #include <mysql_com.h>
 #include <violite.h>
 
-#ifdef HAVE_OPENSSL
 
 static bool     ssl_algorithms_added    = FALSE;
 static bool     ssl_error_strings_loaded= FALSE;
@@ -142,9 +160,9 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
 
   if (!ssl_algorithms_added)
   {
-    DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()"));
+    DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
     ssl_algorithms_added = TRUE;
-    SSLeay_add_ssl_algorithms();
+    OpenSSL_add_all_algorithms();
   }
   if (!ssl_error_strings_loaded)
   {
@@ -152,7 +170,7 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
     ssl_error_strings_loaded = TRUE;
     SSL_load_error_strings();
   }
-  ptr->ssl_method_ = SSLv3_client_method();
+  ptr->ssl_method_ = SSLv23_client_method();
   ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
   DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_));
   if (ptr->ssl_context_ == 0)
@@ -186,6 +204,7 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file,
   DBUG_RETURN(ptr);
 ctor_failure:
   DBUG_PRINT("exit", ("there was an error"));
+  my_free((gptr)ptr,MYF(0));
   DBUG_RETURN(0);
 }
 
@@ -216,9 +235,10 @@ new_VioSSLAcceptorFd(const char*	key_file,
 
   if (!ssl_algorithms_added)
   {
-    DBUG_PRINT("info", ("todo: SSLeay_add_ssl_algorithms()"));
+    DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
     ssl_algorithms_added = TRUE;
-    SSLeay_add_ssl_algorithms();
+    OpenSSL_add_all_algorithms();
+
   }
   if (!ssl_error_strings_loaded)
   {
@@ -226,7 +246,7 @@ new_VioSSLAcceptorFd(const char*	key_file,
     ssl_error_strings_loaded = TRUE;
     SSL_load_error_strings();
   }
-  ptr->ssl_method_ = SSLv3_server_method();
+  ptr->ssl_method_ = SSLv23_server_method();
   ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_);
   if (ptr->ssl_context_==0)
   {
@@ -267,6 +287,7 @@ new_VioSSLAcceptorFd(const char*	key_file,
   DBUG_RETURN(ptr);
 ctor_failure:
   DBUG_PRINT("exit", ("there was an error"));
+  my_free((gptr)ptr,MYF(0));
   DBUG_RETURN(0);
 }
 
diff --git a/vio/viotest-ssl.c b/vio/viotest-ssl.c
new file mode 100644
index 00000000000..02d47a11294
--- /dev/null
+++ b/vio/viotest-ssl.c
@@ -0,0 +1,140 @@
+#include <global.h>
+#ifdef HAVE_OPENSSL
+#include <my_sys.h>
+#include <m_string.h>
+#include <m_ctype.h>
+#include "mysql.h"
+#include "errmsg.h"
+#include <my_dir.h>
+#ifndef __GNU_LIBRARY__
+#define __GNU_LIBRARY__               // Skip warnings in getopt.h
+#endif
+#include <getopt.h>
+//#include "my_readline.h"
+#include <signal.h>
+#include <violite.h>
+
+const char *VER="0.1";
+
+
+#ifndef DBUG_OFF
+const char *default_dbug_option="d:t:O,/tmp/viotest-ssl.trace";
+#endif
+
+void
+fatal_error(	const char*	r)
+{
+	perror(r);
+	exit(0);
+}
+
+void
+print_usage()
+{
+	printf("viossl-test: testing SSL virtual IO. Usage:\n");
+	printf("viossl-test server-key server-cert client-key client-cert [CAfile] [CApath]\n");
+}
+
+int
+main(	int	argc,
+	char**	argv)
+{
+	char*	server_key = 0;
+	char*	server_cert = 0;
+	char*	client_key = 0;
+	char*	client_cert = 0;
+	char*	ca_file = 0;
+	char*	ca_path = 0;
+	int	child_pid,sv[2];
+	struct st_VioSSLAcceptorFd* ssl_acceptor=0;
+	struct st_VioSSLConnectorFd* ssl_connector=0; 
+	Vio* client_vio=0;
+	Vio* server_vio=0;
+	MY_INIT(argv[0]);
+//        DBUG_ENTER("main");
+        DBUG_PROCESS(argv[0]);
+        DBUG_PUSH(default_dbug_option);
+
+
+
+	if (argc<5)
+	{
+		print_usage();
+		return 1;
+	}
+
+	server_key = argv[1];
+	server_cert = argv[2];
+	client_key = argv[3];
+	client_cert = argv[4];
+	if (argc>5)
+		ca_file = argv[5];
+	if (argc>6)
+		ca_path = argv[6];
+	printf("Server key/cert : %s/%s\n", server_key, server_cert);
+	printf("Client key/cert : %s/%s\n", client_key, client_cert);
+	if (ca_file!=0)
+		printf("CAfile          : %s\n", ca_file);
+	if (ca_path!=0)
+		printf("CApath          : %s\n", ca_path);
+
+
+	if (socketpair(PF_UNIX, SOCK_STREAM, IPPROTO_IP, sv)==-1)
+		fatal_error("socketpair");
+
+        ssl_acceptor = new_VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
+	ssl_connector = new_VioSSLConnectorFd(client_key, client_cert, ca_file, ca_path);
+
+	client_vio = (Vio*)my_malloc(sizeof(struct st_vio),MYF(0));
+        client_vio->sd = sv[0];
+        sslconnect(ssl_connector,client_vio);
+	server_vio = (Vio*)my_malloc(sizeof(struct st_vio),MYF(0));
+        server_vio->sd = sv[1];
+        sslaccept(ssl_acceptor,server_vio);
+
+	printf("Socketpair: %d , %d\n", client_vio->sd, server_vio->sd);
+
+	child_pid = fork();
+	if (child_pid==-1) {
+		my_free((gptr)ssl_acceptor,MYF(0));
+		my_free((gptr)ssl_connector,MYF(0));
+		fatal_error("fork");
+	}
+	if (child_pid==0) {
+		//child, therefore, client
+		char	xbuf[100];
+		int	r = vio_ssl_read(client_vio,xbuf, sizeof(xbuf));
+		if (r<=0) {
+        		my_free((gptr)ssl_acceptor,MYF(0));
+	      		my_free((gptr)ssl_connector,MYF(0));
+			fatal_error("client:SSL_read");
+		}
+//        printf("*** client cipher %s\n",client_vio->cipher_description());
+		xbuf[r] = 0;
+		printf("client:got %s\n", xbuf);
+		my_free((gptr)client_vio,MYF(0));
+		my_free((gptr)ssl_acceptor,MYF(0));
+		my_free((gptr)ssl_connector,MYF(0));
+		sleep(1);
+	} else {
+		const char*	s = "Huhuhuh";
+		int		r = vio_ssl_write(server_vio,(gptr)s, strlen(s));
+		if (r<=0) {
+  	 		my_free((gptr)ssl_acceptor,MYF(0));
+			my_free((gptr)ssl_connector,MYF(0));
+			fatal_error("server:SSL_write");
+		}
+//        printf("*** server cipher %s\n",server_vio->cipher_description());
+		my_free((gptr)server_vio,MYF(0));
+		my_free((gptr)ssl_acceptor,MYF(0));
+		my_free((gptr)ssl_connector,MYF(0));
+		sleep(1);
+	}
+	return 0;
+}
+#else /* HAVE_OPENSSL */
+
+int main() {
+return 0;
+}
+#endif /* HAVE_OPENSSL */
diff --git a/vio/viotest-ssl.cc b/vio/viotest-ssl.cc
deleted file mode 100644
index a3ad92a7c9c..00000000000
--- a/vio/viotest-ssl.cc
+++ /dev/null
@@ -1,104 +0,0 @@
-#include	"all.h"
-
-#include	<sys/types.h>
-#include	<sys/socket.h>
-#include	<stdio.h>
-#include	<unistd.h>
-
-
-void
-fatal_error(	const char*	r)
-{
-	perror(r);
-	exit(0);
-}
-
-void
-print_usage()
-{
-	printf("viossltest: testing SSL virtual IO. Usage:\n");
-	printf("viossltest server-key server-cert client-key client-cert [CAfile] [CApath]\n");
-}
-
-int
-main(	int	argc,
-	char**	argv)
-{
-	char*	server_key = 0;
-	char*	server_cert = 0;
-	char*	client_key = 0;
-	char*	client_cert = 0;
-	char*	ca_file = 0;
-	char*	ca_path = 0;
-	int	sv[2];
-
-	if (argc<5)
-	{
-		print_usage();
-		return 1;
-	}
-
-	if (socketpair(PF_UNIX, SOCK_STREAM, IPPROTO_IP, sv)==-1)
-		fatal_error("socketpair");
-
-	server_key = argv[1];
-	server_cert = argv[2];
-	client_key = argv[3];
-	client_cert = argv[4];
-	if (argc>5)
-		ca_file = argv[5];
-	if (argc>6)
-		ca_path = argv[6];
-	printf("Server key/cert : %s/%s\n", server_key, server_cert);
-	printf("Client key/cert : %s/%s\n", client_key, client_cert);
-	if (ca_file!=0)
-		printf("CAfile          : %s\n", ca_file);
-	if (ca_path!=0)
-		printf("CApath          : %s\n", ca_path);
-
-	VIO_NS::VioSSLAcceptorFd*	ssl_acceptor = new VIO_NS::VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
-	VIO_NS::VioSSLConnectorFd*	ssl_connector = new VIO_NS::VioSSLConnectorFd(client_key, client_cert, ca_file, ca_path);
-
-	printf("Socketpair: %d , %d\n", sv[0], sv[1]);
-
-	VIO_NS::VioSSL*	client_vio = ssl_connector->connect(sv[0]);
-	VIO_NS::VioSSL* server_vio = ssl_acceptor->accept(sv[1]);
-
-
-	int child_pid = fork();
-	if (child_pid==-1) {
-		delete ssl_acceptor;
-		delete ssl_connector;
-		fatal_error("fork");
-	}
-	if (child_pid==0) {
-		//child, therefore, client
-		char	xbuf[100];
-		int	r = client_vio->read(xbuf, sizeof(xbuf));
-		if (r<=0) {
-			delete ssl_acceptor;
-			delete ssl_connector;
-			fatal_error("client:SSL_read");
-		}
-        printf("*** client cipher %s\n",client_vio->cipher_description());
-		xbuf[r] = 0;
-		printf("client:got %s\n", xbuf);
-		delete client_vio;
-		delete ssl_acceptor;
-		delete ssl_connector;
-		sleep(1);
-	} else {
-		const char*	s = "Huhuhuh";
-		int		r = server_vio->write((void *)s, strlen(s));
-		if (r<=0) {
-			delete ssl_acceptor;
-			delete ssl_connector;
-			fatal_error("server:SSL_write");
-		}
-        printf("*** server cipher %s\n",server_vio->cipher_description());
-		delete server_vio;
-		delete ssl_acceptor;
-		delete ssl_connector;
-		sleep(1);
-	}
-}