Merge shellback.(none):/home/msvensson/mysql/yassl_import/my50-yassl_import

into shellback.(none):/home/msvensson/mysql/yassl_import/mysql-5.0-maint extra/yassl/src/ssl.cpp: Auto merged
author: unknown <msvensson@shellback.(none)> 2006-11-29 12:11:04 +0100
committer: unknown <msvensson@shellback.(none)> 2006-11-29 12:11:04 +0100
commit: cd69f462a1d4c68e7fabed8bd6db7ed113ebee22 (patch)
tree: 144ad0b59c530c00d36c4b7fc2b1d1cceeb2be7b /extra/yassl/src/ssl.cpp
parent: 89d106c1a4efad141e7850373335482ad46aeec5 (diff)
parent: eb6ab467cee34e31930ff8496f7eea4b636fabe6 (diff)
download: mariadb-git-cd69f462a1d4c68e7fabed8bd6db7ed113ebee22.tar.gz
1 files changed, 93 insertions, 59 deletions
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index fe4661b5946..ec2e99adecb 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -184,10 +184,22 @@ SSL_METHOD* TLSv1_client_method()
 }
 
 
+SSL_METHOD* TLSv1_1_server_method()
+{
+    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* TLSv1_1_client_method()
+{
+    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
+}
+
+
 SSL_METHOD* SSLv23_server_method()
 {
     // compatibility only, no version 2 support, but does SSL 3 and TLS 1
-    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1), true);
+    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2), true);
 }
 
 
@@ -196,7 +208,7 @@ SSL_METHOD* SSLv23_client_method()
     // compatibility only, no version 2 support, but does SSL 3 and TLS 1
     // though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline
     // TODO: maybe add support to send SSLv2 hello ???
-    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1), true);
+    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2), true);
 }
 
 
@@ -407,7 +419,6 @@ int SSL_shutdown(SSL* ssl)
     Alert alert(warning, close_notify);
     sendAlert(*ssl, alert);
     ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
-    ssl->useSocket().closeSocket();
 
     GetErrors().Remove();
 
@@ -415,8 +426,21 @@ int SSL_shutdown(SSL* ssl)
 }
 
 
+/* on by default but allow user to turn off */
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)
+{
+    if (mode == SSL_SESS_CACHE_OFF)
+        ctx->SetSessionCacheOff();
+
+    return SSL_SUCCESS;
+}
+
+
 SSL_SESSION* SSL_get_session(SSL* ssl)
 {
+    if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+        return 0;
+
     return GetSessions().lookup(
         ssl->getSecurity().get_connection().sessionID_);
 }
@@ -424,6 +448,9 @@ SSL_SESSION* SSL_get_session(SSL* ssl)
 
 int SSL_set_session(SSL* ssl, SSL_SESSION* session)
 {
+    if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+        return SSL_FAILURE;
+
     ssl->set_session(session);
     return SSL_SUCCESS;
 }
@@ -512,6 +539,19 @@ int SSL_get_error(SSL* ssl, int /*previous*/)
 }
 
 
+
+/* turn on yaSSL zlib compression
+   returns 0 for success, else error (not built in)
+   only need to turn on for client, becuase server on by default if built in
+   but calling for server will tell you whether it's available or not
+*/
+int SSL_set_compression(SSL* ssl)
+{
+    return ssl->SetCompression();
+}
+
+
+
 X509* SSL_get_peer_certificate(SSL* ssl)
 {
     return ssl->getCrypto().get_certManager().get_peerX509();
@@ -1359,6 +1399,56 @@ int SSL_pending(SSL* ssl)
 }
 
 
+void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
+{
+    ctx->SetPasswordCb(cb);
+}
+
+
+int SSLeay_add_ssl_algorithms()  // compatibility only
+{
+    return 1;
+}
+
+
+void ERR_remove_state(unsigned long)
+{
+    GetErrors().Remove();
+}
+
+
+int ERR_GET_REASON(int l)
+{
+    return l & 0xfff;
+}
+
+
+unsigned long err_helper(bool peek = false)
+{
+    int ysError = GetErrors().Lookup(peek);
+
+    // translate cert error for libcurl, it uses OpenSSL hex code
+    switch (ysError) {
+    case TaoCrypt::SIG_OTHER_E:
+        return CERTFICATE_ERROR;
+        break;
+    default :
+        return 0;
+    }
+}
+
+
+unsigned long ERR_peek_error()
+{
+    return err_helper(true);
+}
+
+
+unsigned long ERR_get_error()
+{
+    return err_helper();
+}
+
 
     // functions for stunnel
 
@@ -1477,13 +1567,6 @@ int SSL_pending(SSL* ssl)
     }
 
 
-    long SSL_CTX_set_session_cache_mode(SSL_CTX*, long)
-    {
-        // TDOD:
-        return SSL_SUCCESS;
-    }
-
-
     long SSL_CTX_set_timeout(SSL_CTX*, long)
     {
         // TDOD:
@@ -1498,12 +1581,6 @@ int SSL_pending(SSL* ssl)
     }
 
 
-    void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
-    {
-        ctx->SetPasswordCb(cb);
-    }
-
-
     int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int)
     {
         // TDOD:
@@ -1555,49 +1632,6 @@ int SSL_pending(SSL* ssl)
     }
 
 
-    int SSLeay_add_ssl_algorithms()  // compatibility only
-    {
-        return 1;
-    }
-
-
-    void ERR_remove_state(unsigned long)
-    {
-        GetErrors().Remove();
-    }
-
-
-    int ERR_GET_REASON(int l)
-    {
-        return l & 0xfff;
-    }
-
-    unsigned long err_helper(bool peek = false)
-    {
-        int ysError = GetErrors().Lookup(peek);
-
-        // translate cert error for libcurl, it uses OpenSSL hex code
-        switch (ysError) {
-        case TaoCrypt::SIG_OTHER_E:
-            return CERTFICATE_ERROR;
-            break;
-        default :
-            return 0;
-        }
-    }
-
-
-    unsigned long ERR_peek_error()
-    {
-        return err_helper(true);
-    }
-
-
-    unsigned long ERR_get_error()
-    {
-        return err_helper();
-    }
-
 
     // end stunnel needs
author	unknown <msvensson@shellback.(none)>	2006-11-29 12:11:04 +0100
committer	unknown <msvensson@shellback.(none)>	2006-11-29 12:11:04 +0100
commit	cd69f462a1d4c68e7fabed8bd6db7ed113ebee22 (patch)
tree	144ad0b59c530c00d36c4b7fc2b1d1cceeb2be7b /extra/yassl/src/ssl.cpp
parent	89d106c1a4efad141e7850373335482ad46aeec5 (diff)
parent	eb6ab467cee34e31930ff8496f7eea4b636fabe6 (diff)
download	mariadb-git-cd69f462a1d4c68e7fabed8bd6db7ed113ebee22.tar.gz