Merge work.mysql.com:/home/bk/mysql-4.0

into volk.internalnet:/home/tonu/mysql-4.0 acinclude.m4: Auto merged sql/mysqld.cc: Auto merged sql/sql_lex.h: Auto merged sql/sql_parse.cc: Auto merged sql/structs.h: Auto merged Docs/manual.texi: Auto merged
author: unknown <tonu@volk.internalnet> 2001-09-30 10:47:32 +0800
committer: unknown <tonu@volk.internalnet> 2001-09-30 10:47:32 +0800
commit: 6e8704ee0993b4f06d1c3626291346d20c6d60cb (patch)
tree: 23320c30b5375f656671ecf64934369738776dda /sql
parent: ad9c7236a026395e5d7e6faf7ec83689f631ca40 (diff)
parent: d13f2dfdeb2b23c6abfb608885e8717878122a7b (diff)
download: mariadb-git-6e8704ee0993b4f06d1c3626291346d20c6d60cb.tar.gz
32 files changed, 398 insertions, 92 deletions
diff --git a/sql/lex.h b/sql/lex.h
index 5decf089e68..72d77e18910 100644
--- a/sql/lex.h
+++ b/sql/lex.h
@@ -319,6 +319,7 @@ static SYMBOL symbols[] = {
   { "SQL_SLAVE_SKIP_COUNTER", SYM(SQL_SLAVE_SKIP_COUNTER),0,0},
   { "SQL_SMALL_RESULT", SYM(SQL_SMALL_RESULT),0,0},
   { "SQL_WARNINGS",	SYM(SQL_WARNINGS),0,0},
+  { "SSL",		SYM(SSL_SYM),0,0},
   { "STRAIGHT_JOIN",	SYM(STRAIGHT_JOIN),0,0},
   { "START",		SYM(START_SYM),0,0},
   { "STARTING",		SYM(STARTING),0,0},
@@ -362,6 +363,7 @@ static SYMBOL symbols[] = {
   { "WRITE",		SYM(WRITE_SYM),0,0},
   { "WHEN",		SYM(WHEN_SYM),0,0},
   { "WHERE",		SYM(WHERE),0,0},
+  { "X509",		SYM(X509_SYM),0,0},
   { "YEAR",		SYM(YEAR_SYM),0,0},
   { "YEAR_MONTH",	SYM(YEAR_MONTH_SYM),0,0},
   { "ZEROFILL",		SYM(ZEROFILL),0,0},
diff --git a/sql/mini_client.cc b/sql/mini_client.cc
index d60a3bce880..266a292fe1d 100644
--- a/sql/mini_client.cc
+++ b/sql/mini_client.cc
@@ -803,7 +803,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user,
     /* Do the SSL layering. */
     DBUG_PRINT("info", ("IO layer change in progress..."));
     DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_));
-    sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio);
+    sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio,60L);
     DBUG_PRINT("info", ("IO layer change done!"));
   }
 #endif /* HAVE_OPENSSL */
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index a6b6c9914b4..b27cb8a6bf3 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -242,16 +242,11 @@ static char **defaults_argv,time_zone[30];
 static const char *default_table_type_name;
 static char glob_hostname[FN_REFLEN];
 
+#include "sslopt-vars.h"
 #ifdef HAVE_OPENSSL
-static bool opt_use_ssl = FALSE;
-static char *opt_ssl_key = 0;
-static char *opt_ssl_cert = 0;
-static char *opt_ssl_ca = 0;
-static char *opt_ssl_capath = 0;
 struct st_VioSSLAcceptorFd * ssl_acceptor_fd = 0;
 #endif /* HAVE_OPENSSL */
 
-
 I_List <i_string_pair> replicate_rewrite_db;
 I_List<i_string> replicate_do_db, replicate_ignore_db;
 // allow the user to tell us which db to replicate and which to ignore
@@ -725,6 +720,7 @@ void clean_up(bool print_message)
   my_free(opt_ssl_cert,MYF(MY_ALLOW_ZERO_PTR));
   my_free(opt_ssl_ca,MYF(MY_ALLOW_ZERO_PTR));
   my_free(opt_ssl_capath,MYF(MY_ALLOW_ZERO_PTR));
+  my_free(opt_ssl_cipher,MYF(MY_ALLOW_ZERO_PTR));
   opt_ssl_key=opt_ssl_cert=opt_ssl_ca=opt_ssl_capath=0;
 #endif /* HAVE_OPENSSL */
   free_defaults(defaults_argv);
@@ -1712,7 +1708,7 @@ int main(int argc, char **argv)
   if (opt_use_ssl)
   {
     ssl_acceptor_fd = new_VioSSLAcceptorFd(opt_ssl_key, opt_ssl_cert,
-					   opt_ssl_ca, opt_ssl_capath);
+			   opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher);
     DBUG_PRINT("info",("ssl_acceptor_fd: %p",ssl_acceptor_fd));
     if (!ssl_acceptor_fd)
       opt_use_ssl=0;
@@ -3110,21 +3106,29 @@ struct show_var_st status_vars[]= {
   {"Sort_rows",		       (char*) &filesort_rows,	        SHOW_LONG},
   {"Sort_scan",		       (char*) &filesort_scan_count,    SHOW_LONG},
 #ifdef HAVE_OPENSSL
-  {"SSL_CTX_sess_accept",      (char*) 0,  			SHOW_SSL_CTX_SESS_ACCEPT},
-  {"SSL_CTX_sess_accept_good", (char*) 0,  			SHOW_SSL_CTX_SESS_ACCEPT_GOOD},
-  {"SSL_CTX_sess_accept_renegotiate", (char*) 0, 		SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE},
-  {"SSL_CTX_sess_cb_hits",     (char*) 0,			SHOW_SSL_CTX_SESS_CB_HITS},
-  {"SSL_CTX_sess_number",      (char*) 0,			SHOW_SSL_CTX_SESS_NUMBER},
-  {"SSL_CTX_get_session_cache_mode", (char*) 0,			SHOW_SSL_CTX_GET_SESSION_CACHE_MODE},
-  {"SSL_CTX_sess_get_cache_size", (char*) 0,			SHOW_SSL_CTX_SESS_GET_CACHE_SIZE},
-  {"SSL_CTX_get_verify_mode",  (char*) 0,			SHOW_SSL_CTX_GET_VERIFY_MODE},
-  {"SSL_CTX_get_verify_depth", (char*) 0,			SHOW_SSL_CTX_GET_VERIFY_DEPTH},
-  {"SSL_get_verify_mode",      (char*) 0,			SHOW_SSL_GET_VERIFY_MODE},
-  {"SSL_get_verify_depth",     (char*) 0,			SHOW_SSL_GET_VERIFY_DEPTH},
-  {"SSL_session_reused",       (char*) 0,			SHOW_SSL_SESSION_REUSED},
-  {"SSL_get_version",          (char*) 0,  			SHOW_SSL_GET_VERSION},
-  {"SSL_get_cipher",           (char*) 0,  			SHOW_SSL_GET_CIPHER},
-  {"SSL_get_default_timeout",  (char*) 0,  			SHOW_SSL_GET_DEFAULT_TIMEOUT},
+  {"ssl_accepts",              (char*) 0,  			SHOW_SSL_CTX_SESS_ACCEPT},
+  {"ssl_finished_accepts",     (char*) 0,  			SHOW_SSL_CTX_SESS_ACCEPT_GOOD},
+  {"ssl_finished_connects",    (char*) 0,  			SHOW_SSL_CTX_SESS_CONNECT_GOOD},
+  {"ssl_accept_renegotiates",  (char*) 0, 			SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE},
+  {"ssl_connect_renegotiates", (char*) 0, 		        SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE},
+  {"ssl_callback_cache_hits",  (char*) 0,			SHOW_SSL_CTX_SESS_CB_HITS},
+  {"ssl_session_cache_hits",   (char*) 0,		 	SHOW_SSL_CTX_SESS_HITS},
+  {"ssl_session_cache_misses", (char*) 0,		 	SHOW_SSL_CTX_SESS_MISSES},
+  {"ssl_session_cache_timeouts", (char*) 0,		 	SHOW_SSL_CTX_SESS_TIMEOUTS},
+  {"ssl_used_session_cache_entries",(char*) 0,			SHOW_SSL_CTX_SESS_NUMBER},
+  {"ssl_client_connects",      (char*) 0,			SHOW_SSL_CTX_SESS_CONNECT},
+  {"ssl_session_cache_overflows", (char*) 0,		 	SHOW_SSL_CTX_SESS_CACHE_FULL},
+  {"ssl_session_cache_size",   (char*) 0,		 	SHOW_SSL_CTX_SESS_GET_CACHE_SIZE},
+  {"ssl_session_cache_mode",   (char*) 0,			SHOW_SSL_CTX_GET_SESSION_CACHE_MODE},
+  {"ssl_sessions_reused",      (char*) 0,			SHOW_SSL_SESSION_REUSED},
+  {"ssl_ctx_verify_mode",      (char*) 0,			SHOW_SSL_CTX_GET_VERIFY_MODE},
+  {"ssl_ctx_verify_depth",     (char*) 0,			SHOW_SSL_CTX_GET_VERIFY_DEPTH},
+  {"ssl_verify_mode",          (char*) 0,			SHOW_SSL_GET_VERIFY_MODE},
+  {"ssl_verify_depth",         (char*) 0,			SHOW_SSL_GET_VERIFY_DEPTH},
+  {"ssl_version",   	       (char*) 0,  			SHOW_SSL_GET_VERSION},
+  {"ssl_cipher",               (char*) 0,  			SHOW_SSL_GET_CIPHER},
+  {"ssl_cipher_list",          (char*) 0,  			SHOW_SSL_GET_CIPHER_LIST},
+  {"ssl_default_timeout",      (char*) 0,  			SHOW_SSL_GET_DEFAULT_TIMEOUT},
 #endif /* HAVE_OPENSSL */
   {"Table_locks_immediate",    (char*) &locks_immediate,        SHOW_LONG},
   {"Table_locks_waited",       (char*) &locks_waited,           SHOW_LONG},
diff --git a/sql/share/czech/errmsg.txt b/sql/share/czech/errmsg.txt
index b92297abbf8..9a6768d7025 100644
--- a/sql/share/czech/errmsg.txt
+++ b/sql/share/czech/errmsg.txt
@@ -231,3 +231,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/danish/errmsg.txt b/sql/share/danish/errmsg.txt
index 9adc2f5fb73..42ff7206046 100644
--- a/sql/share/danish/errmsg.txt
+++ b/sql/share/danish/errmsg.txt
@@ -225,3 +225,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/dutch/errmsg.txt b/sql/share/dutch/errmsg.txt
index 61db11f39f8..0819e355422 100644
--- a/sql/share/dutch/errmsg.txt
+++ b/sql/share/dutch/errmsg.txt
@@ -228,3 +228,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/english/errmsg.txt b/sql/share/english/errmsg.txt
index bd328dbb6e4..f5888440743 100644
--- a/sql/share/english/errmsg.txt
+++ b/sql/share/english/errmsg.txt
@@ -222,3 +222,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/estonian/errmsg.txt b/sql/share/estonian/errmsg.txt
index 166637c43e1..7ad829d1f04 100644
--- a/sql/share/estonian/errmsg.txt
+++ b/sql/share/estonian/errmsg.txt
@@ -226,3 +226,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/french/errmsg.txt b/sql/share/french/errmsg.txt
index 0db8b69622e..2ac778877f6 100644
--- a/sql/share/french/errmsg.txt
+++ b/sql/share/french/errmsg.txt
@@ -222,3 +222,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/german/errmsg.txt b/sql/share/german/errmsg.txt
index a9ba1f41c42..6cf9d8dd2a1 100644
--- a/sql/share/german/errmsg.txt
+++ b/sql/share/german/errmsg.txt
@@ -225,3 +225,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/greek/errmsg.txt b/sql/share/greek/errmsg.txt
index aa8d659b263..65954ce1c2e 100644
--- a/sql/share/greek/errmsg.txt
+++ b/sql/share/greek/errmsg.txt
@@ -222,3 +222,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/hungarian/errmsg.txt b/sql/share/hungarian/errmsg.txt
index 5cc5ac663b1..28ee01934c0 100644
--- a/sql/share/hungarian/errmsg.txt
+++ b/sql/share/hungarian/errmsg.txt
@@ -224,3 +224,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/italian/errmsg.txt b/sql/share/italian/errmsg.txt
index 7c44e0bf4c7..2d778692e9a 100644
--- a/sql/share/italian/errmsg.txt
+++ b/sql/share/italian/errmsg.txt
@@ -222,3 +222,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/japanese/errmsg.txt b/sql/share/japanese/errmsg.txt
index 5d6f0158ea2..248c5e1b566 100644
--- a/sql/share/japanese/errmsg.txt
+++ b/sql/share/japanese/errmsg.txt
@@ -224,3 +224,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/korean/errmsg.txt b/sql/share/korean/errmsg.txt
index 6288ac535d4..3a2086accf1 100644
--- a/sql/share/korean/errmsg.txt
+++ b/sql/share/korean/errmsg.txt
@@ -222,3 +222,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/norwegian-ny/errmsg.txt b/sql/share/norwegian-ny/errmsg.txt
index de783f93d1a..f701bdd1ade 100644
--- a/sql/share/norwegian-ny/errmsg.txt
+++ b/sql/share/norwegian-ny/errmsg.txt
@@ -224,3 +224,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/norwegian/errmsg.txt b/sql/share/norwegian/errmsg.txt
index 3cbc5b6138d..00c23acaca9 100644
--- a/sql/share/norwegian/errmsg.txt
+++ b/sql/share/norwegian/errmsg.txt
@@ -224,3 +224,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/polish/errmsg.txt b/sql/share/polish/errmsg.txt
index c144dda47ae..56573f93a00 100644
--- a/sql/share/polish/errmsg.txt
+++ b/sql/share/polish/errmsg.txt
@@ -226,3 +226,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/portuguese/errmsg.txt b/sql/share/portuguese/errmsg.txt
index c11adc3af70..f15cbc930cb 100644
--- a/sql/share/portuguese/errmsg.txt
+++ b/sql/share/portuguese/errmsg.txt
@@ -222,3 +222,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/romanian/errmsg.txt b/sql/share/romanian/errmsg.txt
index 32b6eddfeeb..9f83e98828e 100644
--- a/sql/share/romanian/errmsg.txt
+++ b/sql/share/romanian/errmsg.txt
@@ -226,3 +226,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/russian/errmsg.txt b/sql/share/russian/errmsg.txt
index fbff74993fb..8851866b249 100644
--- a/sql/share/russian/errmsg.txt
+++ b/sql/share/russian/errmsg.txt
@@ -225,3 +225,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/slovak/errmsg.txt b/sql/share/slovak/errmsg.txt
index d60dbf0956c..08b5bfe6ba9 100644
--- a/sql/share/slovak/errmsg.txt
+++ b/sql/share/slovak/errmsg.txt
@@ -230,3 +230,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/spanish/errmsg.txt b/sql/share/spanish/errmsg.txt
index 9234de04786..6348f416277 100644
--- a/sql/share/spanish/errmsg.txt
+++ b/sql/share/spanish/errmsg.txt
@@ -223,3 +223,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/swedish/errmsg.txt b/sql/share/swedish/errmsg.txt
index 25309cd0598..83e08254f90 100644
--- a/sql/share/swedish/errmsg.txt
+++ b/sql/share/swedish/errmsg.txt
@@ -222,3 +222,6 @@
 "SELECT kommandona har olika antal kolumner"
 "Kan inte utf�ra kommandot emedan du har ett READ l�s",
 "Blandning av transaktionella och icke-transaktionella tabeller �r inaktiverat",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/share/ukrainian/errmsg.txt b/sql/share/ukrainian/errmsg.txt
index 49ab4399664..776103cf681 100644
--- a/sql/share/ukrainian/errmsg.txt
+++ b/sql/share/ukrainian/errmsg.txt
@@ -227,3 +227,6 @@
 "The used SELECT statements have a different number of columns",
 "Can't execute the query because you have a conflicting read lock",
 "Mixing of transactional and non-transactional tables is disabled",
+"Duplicate SUBJECT option in GRANT clause",
+"Duplicate ISSUER option in GRANT clause",
+"Duplicate CIPHER option in GRANT clause",
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 4c128a882c6..2f6c126e693 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -62,8 +62,9 @@ public:
   char *user,*password;
   ulong salt[2];
 #ifdef HAVE_OPENSSL  
-  char *ssl_type, *ssl_cipher, *x509_issuer, *x509_subject;
-#endif  
+  enum SSL_type ssl_type;
+  const char *ssl_cipher, *x509_issuer, *x509_subject;
+#endif /* HAVE_OPENSSL */ 
 };
 
 class ACL_DB :public ACL_ACCESS
@@ -204,13 +205,19 @@ int  acl_init(bool dont_read_acl_tables)
     user.password=get_field(&mem, table,2);
 #ifdef HAVE_OPENSSL
     DBUG_PRINT("info",("table->fields=%d",table->fields));
-    if (table->fields >= 21) {
-      user.ssl_type=get_field(&mem, table,17);
+    if (table->fields >= 21) { /* From 4.0.0 we have more fields */
+      if(!strcmp(get_field(&mem, table,17),"ANY"))
+	user.ssl_type=SSL_TYPE_ANY;
+      else if(!strcmp(get_field(&mem, table,17),"X509"))
+	user.ssl_type=SSL_TYPE_X509;
+      else if(!strcmp(get_field(&mem, table,17),"SPECIFIED"))
+	user.ssl_type=SSL_TYPE_SPECIFIED;
+      else user.ssl_type=SSL_TYPE_NONE;
       user.ssl_cipher=get_field(&mem, table,18);
       user.x509_issuer=get_field(&mem, table,19);
       user.x509_subject=get_field(&mem, table,20);
     }
-#endif    
+#endif /* HAVE_OPENSSL */
     if (user.password && (length=(uint) strlen(user.password)) == 8 &&
 	protocol_version == PROTOCOL_VERSION)
     {
@@ -410,15 +417,14 @@ static int acl_compare(ACL_ACCESS *a,ACL_ACCESS *b)
 }
 
 
-/* Get master privilges for user (priviliges for all tables) */
-
-
-uint acl_getroot(const char *host, const char *ip, const char *user,
+/* Get master privilges for user (priviliges for all tables). Required to connect */
+uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 		 const char *password,const char *message,char **priv_user,
 		 bool old_ver)
 {
   uint user_access=NO_ACCESS;
   *priv_user=(char*) user;
+  char *ptr=0;
 
   if (!initialized)
     return (uint) ~NO_ACCESS;			// If no data allow anything /* purecov: tested */
@@ -440,7 +446,88 @@ uint acl_getroot(const char *host, const char *ip, const char *user,
 	     !check_scramble(password,message,acl_user->salt,
 			     (my_bool) old_ver)))
 	{
+#ifdef HAVE_OPENSSL
+#define vio (thd->net.vio)
+          /* In this point we know that user is allowed to connect 
+	   * from given host by given username/password pair. Now 
+	   * we check if SSL is required, if user is using SSL and 
+	   * if X509 certificate attributes are OK 
+	   */
+          switch(acl_user->ssl_type) {
+          case SSL_TYPE_NONE: /* SSL is not required to connect */
+	       user_access=acl_user->access;
+	       break;
+	  case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
+ 	       if(vio_type(vio) == VIO_TYPE_SSL)
+		 user_access=acl_user->access;
+	       break;
+	  case SSL_TYPE_X509: /* Client should have any valid certificate. */
+	       /* Connections with non-valid certificates are dropped already 
+		* in sslaccept() anyway, so we do not check validity here. 
+		*/
+               if(SSL_get_peer_certificate(vio->ssl_))
+		 user_access=acl_user->access;
+               break;
+	  case SSL_TYPE_SPECIFIED: /* Client should have attributes as specified */
+	       /* We do not check for absence of SSL because without SSL it does not
+		* pass all checks here anyway. 
+		*/
+	       /* If cipher name is specified, we compare it to actual cipher in use */
+	       if(acl_user->ssl_cipher)
+		 DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
+				acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)));
+	         if(!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
+		   user_access=acl_user->access;
+	         else
+		 {
+		   user_access=NO_ACCESS;
+                   break;
+		 }
+               /* Prepare certificate (if exists) */
+       	       DBUG_PRINT("info",("checkpoint 1"));
+               X509* cert=SSL_get_peer_certificate(vio->ssl_);
+       	       DBUG_PRINT("info",("checkpoint 2"));
+	       /* If X509 issuer is speified, we check it... */
+ 	       if(acl_user->x509_issuer) 
+	       {
+       	         DBUG_PRINT("info",("checkpoint 3"));
+		 ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+		 DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
+				acl_user->x509_issuer, ptr));
+                 if(!strcmp(acl_user->x509_issuer,ptr))
+                   user_access=acl_user->access;
+	         else 
+		 {
+		   user_access=NO_ACCESS;
+		   free(ptr);
+		   break;
+		 }
+		 free(ptr);
+	       }
+       	       DBUG_PRINT("info",("checkpoint 4"));
+	       /* X509 subject is specified, we check it .. */
+	       if(acl_user->x509_subject)
+	       {
+		 ptr = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+		 DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
+				acl_user->x509_subject, ptr));
+	         if(!strcmp(acl_user->x509_subject,ptr))
+	           user_access=acl_user->access;
+	         else 
+		 {
+		   user_access=NO_ACCESS;
+		   free(ptr);
+	           break;
+	         }
+		 free(ptr);
+	       }
+       	       DBUG_PRINT("info",("checkpoint 5"));
+	       break;
+	  }
+       	       DBUG_PRINT("info",("checkpoint 6"));
+#else  /* HAVE_OPENSSL */
 	  user_access=acl_user->access;
+#endif /* HAVE_OPENSSL */
 	  if (!acl_user->user)
 	    *priv_user=(char*) "";	// Change to anonymous user /* purecov: inspected */
 	  break;
@@ -469,7 +556,14 @@ static byte* check_get_key(ACL_USER *buff,uint *length,
 }
 
 static void acl_update_user(const char *user, const char *host,
-			    const char *password, uint privileges)
+			    const char *password, 
+#ifdef HAVE_OPENSSL
+			    enum SSL_type ssl_type,
+			    const char *ssl_cipher,
+			    const char *x509_issuer,
+			    const char *x509_subject,
+#endif /* HAVE_OPENSSL */
+			    uint privileges)
 {
   for (uint i=0 ; i < acl_users.elements ; i++)
   {
@@ -482,6 +576,12 @@ static void acl_update_user(const char *user, const char *host,
 	  acl_user->host.hostname && !strcmp(host,acl_user->host.hostname))
       {
 	acl_user->access=privileges;
+#ifdef HAVE_OPENSSL
+	acl_user->ssl_type=ssl_type;
+        acl_user->ssl_cipher=ssl_cipher;
+	acl_user->x509_issuer=x509_issuer;
+	acl_user->x509_subject=x509_subject;
+#endif /* HAVE_OPENSSL */
 	if (password)
 	{
 	  if (!password[0])
@@ -500,7 +600,13 @@ static void acl_update_user(const char *user, const char *host,
 
 
 static void acl_insert_user(const char *user, const char *host,
-			    const char *password,
+			    const char *password, 
+#ifdef HAVE_OPENSSL
+			    enum SSL_type ssl_type,
+			    const char *ssl_cipher,
+			    const char *x509_issuer,
+			    const char *x509_subject,
+#endif /* HAVE_OPENSSL */
 			    uint privileges)
 {
   ACL_USER acl_user;
@@ -510,6 +616,12 @@ static void acl_insert_user(const char *user, const char *host,
   acl_user.access=privileges;
   acl_user.sort=get_sort(2,acl_user.host.hostname,acl_user.user);
   acl_user.hostname_length=(uint) strlen(acl_user.host.hostname);
+#ifdef HAVE_OPENSSL
+  acl_user.ssl_type=ssl_type;
+  acl_user.ssl_cipher=ssl_cipher;
+  acl_user.x509_issuer=x509_issuer;
+  acl_user.x509_subject=x509_subject;
+#endif /* HAVE_OPENSSL */
   if (password)
   {
     acl_user.password=(char*) "";		// Just point at something
@@ -984,7 +1096,7 @@ static bool test_if_create_new_users(THD *thd)
 ** Handle GRANT commands
 ****************************************************************************/
 
-static int replace_user_table(TABLE *table, const LEX_USER &combo,
+static int replace_user_table(THD *thd, TABLE *table, const LEX_USER &combo,
 			      uint rights, char what, bool create_user)
 {
   int error = -1;
@@ -1044,7 +1156,40 @@ static int replace_user_table(TABLE *table, const LEX_USER &combo,
       table->field[i]->store(&what,1);
   }
   rights=get_access(table,3);
-
+#ifdef HAVE_OPENSSL
+  /* We write down SSL related ACL stuff */
+    DBUG_PRINT("info",("table->fields=%d",table->fields));
+    if (table->fields >= 21) { /* From 4.0.0 we have more fields */
+      switch (thd->lex.ssl_type) {
+      case SSL_TYPE_ANY:
+        table->field[17]->store("ANY",3);
+        table->field[18]->store("",0);
+        table->field[19]->store("",0);
+        table->field[20]->store("",0);
+        break;
+      case SSL_TYPE_X509:
+        table->field[17]->store("X509",4);
+        table->field[18]->store("",0);
+        table->field[19]->store("",0);
+        table->field[20]->store("",0);
+        break;
+      case SSL_TYPE_SPECIFIED:
+        table->field[17]->store("SPECIFIED",9);
+	if(thd->lex.ssl_cipher)
+          table->field[18]->store(thd->lex.ssl_cipher,strlen(thd->lex.ssl_cipher));
+	if(thd->lex.x509_issuer)
+          table->field[19]->store(thd->lex.x509_issuer,strlen(thd->lex.x509_issuer));
+	if(thd->lex.x509_subject)
+          table->field[20]->store(thd->lex.x509_subject,strlen(thd->lex.x509_subject));
+        break;
+      default:
+        table->field[17]->store("NONE",4);
+        table->field[18]->store("",0);
+        table->field[19]->store("",0);
+        table->field[20]->store("",0);
+      }
+    }
+#endif /* HAVE_OPENSSL */
   if (old_row_exists)
   {
     /*
@@ -1078,9 +1223,23 @@ static int replace_user_table(TABLE *table, const LEX_USER &combo,
     if (!combo.password.str)
       password=0;				// No password given on command
     if (old_row_exists)
-      acl_update_user(combo.user.str,combo.host.str,password,rights);
+      acl_update_user(combo.user.str,combo.host.str,password,
+#ifdef HAVE_OPENSSL
+	        thd->lex.ssl_type,
+                thd->lex.ssl_cipher,
+	        thd->lex.x509_issuer,
+	        thd->lex.x509_subject,
+#endif /* HAVE_OPENSSL */
+	        rights);
     else
-      acl_insert_user(combo.user.str,combo.host.str,password,rights);
+      acl_insert_user(combo.user.str,combo.host.str,password,
+#ifdef HAVE_OPENSSL
+		thd->lex.ssl_type,
+		thd->lex.ssl_cipher,
+		thd->lex.x509_issuer,
+		thd->lex.x509_subject,
+#endif /* HAVE_OPENSSL */
+		rights);
   }
   table->file->index_end();
   DBUG_RETURN(error);
@@ -1626,6 +1785,9 @@ int mysql_table_grant (THD *thd, TABLE_LIST *table_list,
   TABLE_LIST tables[3];
   bool create_new_users=0;
   DBUG_ENTER("mysql_table_grant");
+  DBUG_PRINT("info",("ssl_cipher=%s",thd->lex.ssl_cipher));
+  DBUG_PRINT("info",("x509_issuer=%s",thd->lex.x509_issuer));
+  DBUG_PRINT("info",("x509_subject=%s",thd->lex.x509_subject));
 
   if (!initialized)
   {
@@ -1715,9 +1877,10 @@ int mysql_table_grant (THD *thd, TABLE_LIST *table_list,
       continue;
     }
     /* Create user if needed */
-    if (replace_user_table(tables[0].table,
-			    *Str,
-			    0,
+    if (replace_user_table(thd,
+			   tables[0].table,
+			   *Str,
+			   0,
 			   revoke_grant ? 'N' : 'Y',
 			   create_new_users))
     {
@@ -1810,7 +1973,7 @@ int mysql_table_grant (THD *thd, TABLE_LIST *table_list,
   pthread_mutex_unlock(&LOCK_grant);
   if (!result)
     send_ok(&thd->net);
-  /* Tables are automaticly closed */
+  /* Tables are automatically closed */
   DBUG_RETURN(result);
 }
 
@@ -1871,7 +2034,8 @@ int mysql_grant (THD *thd, const char *db, List <LEX_USER> &list, uint rights,
       result= -1;
       continue;
     }
-    if ((replace_user_table(tables[0].table,
+    if ((replace_user_table(thd,
+		            tables[0].table,
 			    *Str,
 			    (!db ? rights : 0), what, create_new_users)))
       result= -1;
@@ -2332,6 +2496,7 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
 {
   uint counter, want_access,index;
   int  error = 0;
+  int ssl_options = 0;
   ACL_USER *acl_user; ACL_DB *acl_db;
   char buff[1024];
   DBUG_ENTER("mysql_show_grants");
@@ -2426,30 +2591,37 @@ int mysql_show_grants(THD *thd,LEX_USER *lex_user)
       global.append('\'');
     }
 #ifdef HAVE_OPENSSL    
-/* SSL grant stuff */
-      DBUG_PRINT("info",("acl_user->ssl_type=%s",acl_user->ssl_type));
-      DBUG_PRINT("info",("acl_user->ssl_cipher=%s",acl_user->ssl_cipher));
-      DBUG_PRINT("info",("acl_user->x509_subject=%s",acl_user->x509_subject));
-      DBUG_PRINT("info",("acl_user->x509_issuer=%s",acl_user->x509_issuer));
-      if(acl_user->ssl_type) {
-        if(!strcmp(acl_user->ssl_type,"ssl"))
-          global.append(" REQUIRE SSL",12);
-        else if(!strcmp(acl_user->ssl_type,"x509"))       
-        {
-          global.append(" REQUIRE X509 ",14);
-    	  if(acl_user->x509_issuer) {
-            global.append("SUBJECT \"",9);
-            global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
-            global.append("\"",1);
-  	  }
-  	  if(acl_user->x509_subject) {
-            global.append("ISSUER \"",8);
-            global.append(acl_user->x509_subject,strlen(acl_user->x509_subject));
-            global.append("\"",1);
-  	  }
-        }
+/* "show grants" SSL related stuff */
+    if(acl_user->ssl_type==SSL_TYPE_ANY)
+      global.append(" REQUIRE SSL",12);
+    else if(acl_user->ssl_type==SSL_TYPE_X509)       
+      global.append(" REQUIRE X509",13);
+    else if(acl_user->ssl_type==SSL_TYPE_SPECIFIED)       
+    {
+      global.append(" REQUIRE ",9);
+      if(acl_user->x509_issuer) {
+        if(ssl_options++)
+          global.append(" AND ",5);
+        global.append("ISSUER \"",8);
+        global.append(acl_user->x509_issuer,strlen(acl_user->x509_issuer));
+        global.append("\"",1);
+      }
+      if(acl_user->x509_subject) {
+        if(ssl_options++)
+          global.append(" AND ",5);
+        global.append("SUBJECT \"",9);
+        global.append(acl_user->x509_subject,strlen(acl_user->x509_subject));
+        global.append("\"",1);
       }
-#endif    
+      if(acl_user->ssl_cipher) {
+        if(ssl_options++)
+          global.append(" AND ",5);
+        global.append("CIPHER \"",8);
+        global.append(acl_user->ssl_cipher,strlen(acl_user->ssl_cipher));
+        global.append("\"",1);
+      }
+    }
+#endif /* HAVE_OPENSSL */
     if (want_access & GRANT_ACL)
       global.append(" WITH GRANT OPTION",18); 
     thd->packet.length(0);
diff --git a/sql/sql_acl.h b/sql/sql_acl.h
index cf9696d51e7..e6a39f1b269 100644
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -59,7 +59,7 @@ void acl_reload(void);
 void acl_free(bool end=0);
 uint acl_get(const char *host, const char *ip, const char *bin_ip,
 	     const char *user, const char *db);
-uint acl_getroot(const char *host, const char *ip, const char *user,
+uint acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 		 const char *password,const char *scramble,char **priv_user,
 		 bool old_ver);
 bool acl_check_host(const char *host, const char *ip);
diff --git a/sql/sql_lex.h b/sql/sql_lex.h
index ec147c38e9b..6ccb0a6b059 100644
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -56,7 +56,7 @@ enum enum_sql_command {
   SQLCOM_SHOW_OPEN_TABLES, SQLCOM_LOAD_MASTER_DATA,
   SQLCOM_HA_OPEN, SQLCOM_HA_CLOSE, SQLCOM_HA_READ,
   SQLCOM_SHOW_SLAVE_HOSTS, SQLCOM_MULTI_DELETE,
-  SQLCOM_SHOW_BINLOG_EVENTS, SQLCOM_SHOW_NEW_MASTER,
+  SQLCOM_SHOW_BINLOG_EVENTS, SQLCOM_SHOW_NEW_MASTER
 };
 
 enum lex_states { STATE_START, STATE_CHAR, STATE_IDENT,
@@ -145,7 +145,8 @@ typedef struct st_lex {
   char *length,*dec,*change,*name;
   char *backup_dir;				/* For RESTORE/BACKUP */
   char* to_log;                                 /* For PURGE MASTER LOGS TO */
-  char* ssl_subject,*ssl_issuer,*ssl_chipher;
+  char* x509_subject,*x509_issuer,*ssl_cipher;
+  enum SSL_type ssl_type; /* defined in violite.h */
   String *wild;
   sql_exchange *exchange;
 
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 929891da889..e930dd2cfcb 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -115,7 +115,7 @@ static bool check_user(THD *thd,enum_server_command command, const char *user,
     send_error(net,ER_OUT_OF_RESOURCES);
     return 1;
   }
-  thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
+  thd->master_access=acl_getroot(thd, thd->host, thd->ip, thd->user,
 				 passwd, thd->scramble, &thd->priv_user,
 				 protocol_version == 9 ||
 				 !(thd->client_capabilities &
@@ -433,7 +433,7 @@ check_connections(THD *thd)
     DBUG_PRINT("info", ("Agreed to change IO layer to SSL") );
     /* Do the SSL layering. */
     DBUG_PRINT("info", ("IO layer change in progress..."));
-    sslaccept(ssl_acceptor_fd, net->vio);
+    sslaccept(ssl_acceptor_fd, net->vio, (long)60L);
     DBUG_PRINT("info", ("Reading user information over SSL layer"));
     if ((pkt_len=my_net_read(net)) == packet_error ||
 	pkt_len < NORMAL_HANDSHAKE_SIZE)
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 67713b85720..28d405690bd 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -1173,18 +1173,46 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables)
 	net_store_data(&packet2,(uint32) 
 			SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context_));
         break;
+      case SHOW_SSL_CTX_SESS_CONNECT_GOOD:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context_));
+        break;
       case SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE:
 	net_store_data(&packet2,(uint32) 
 			SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context_));
         break;
+      case SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context_));
+        break;
       case SHOW_SSL_CTX_SESS_CB_HITS:
 	net_store_data(&packet2,(uint32) 
 			SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context_));
         break;
+      case SHOW_SSL_CTX_SESS_HITS:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context_));
+        break;
+      case SHOW_SSL_CTX_SESS_CACHE_FULL:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context_));
+        break;
+      case SHOW_SSL_CTX_SESS_MISSES:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context_));
+        break;
+      case SHOW_SSL_CTX_SESS_TIMEOUTS:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context_));
+        break;
       case SHOW_SSL_CTX_SESS_NUMBER:
 	net_store_data(&packet2,(uint32) 
 			SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context_));
         break;
+      case SHOW_SSL_CTX_SESS_CONNECT:
+	net_store_data(&packet2,(uint32) 
+			SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context_));
+        break;
       case SHOW_SSL_CTX_SESS_GET_CACHE_SIZE:
 	net_store_data(&packet2,(uint32) 
 			SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context_));
@@ -1246,6 +1274,23 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables)
         break;
       case SHOW_SSL_GET_CIPHER:
 	net_store_data(&packet2, thd->net.vio->ssl_ ? SSL_get_cipher(thd->net.vio->ssl_) : "");
+      case SHOW_SSL_GET_CIPHER_LIST:
+	if(thd->net.vio->ssl_)
+	{
+	  char buf[1024]="";
+	  for (int i=0; ; i++)
+	  {
+	    const char *p=SSL_get_cipher_list(thd->net.vio->ssl_,i);
+	    if (p == NULL) 
+	      break;
+	    if (i != 0) 
+	      strcat(buf,":");
+	    strcat(buf,p);
+	    DBUG_PRINT("info",("cipher to add: %s,%s",p,buf));
+	  }
+ 	  net_store_data(&packet2, buf);
+        } else
+ 	  net_store_data(&packet2, "");
         break;
 
 #endif /* HAVE_OPENSSL */
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 1995c1295f1..27f4d56b3a3 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -285,6 +285,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
 %token	SERIALIZABLE_SYM
 %token	SESSION_SYM
 %token	SHUTDOWN
+%token  SSL_SYM
 %token	STARTING
 %token	STATUS_SYM
 %token	STRAIGHT_JOIN
@@ -316,6 +317,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
 %token	WHERE
 %token	WITH
 %token	WRITE_SYM
+%token  X509_SYM
 %token  COMPRESSED_SYM
 
 %token	BIGINT
@@ -3265,10 +3267,11 @@ grant:
 	  lex->columns.empty();
 	  lex->grant= lex->grant_tot_col=0;
 	  lex->select->db=0;
-	  lex->ssl_chipher=lex->ssl_subject=lex->ssl_issuer=0;
+	  lex->ssl_type=SSL_TYPE_NONE;
+	  lex->ssl_cipher=lex->x509_subject=lex->x509_issuer=0;
 	}
 	grant_privileges ON opt_table TO_SYM user_list
-	grant_option require_clause
+	require_clause grant_option 
 
 grant_privileges:
 	grant_privilege_list {}
@@ -3302,25 +3305,32 @@ grant_privilege:
 	| FILE_SYM	{ Lex->grant |= FILE_ACL;}
 	| GRANT OPTION  { Lex->grant |= GRANT_ACL;}
 
-require_clause: /* empty */
- | REQUIRE_SYM require_list
-
-
 require_list: require_list_element AND require_list
 | require_list_element 
 
-
 require_list_element: SUBJECT_SYM TEXT_STRING
  {
-   Lex->ssl_subject=$2.str;
+   if (Lex->x509_subject) {
+     send_error(&Lex->thd->net,ER_GRANT_DUPL_SUBJECT);
+     YYABORT;
+   } else 
+   Lex->x509_subject=$2.str;
  }
  | ISSUER_SYM TEXT_STRING
  {
-   Lex->ssl_issuer=$2.str;
+   if (Lex->x509_issuer) {
+     send_error(&Lex->thd->net,ER_GRANT_DUPL_ISSUER);
+     YYABORT;
+   } else 
+     Lex->x509_issuer=$2.str;
  }
  | CIPHER_SYM TEXT_STRING
  {
-   Lex->ssl_chipher=$2.str;
+   if (Lex->ssl_cipher) {
+     send_error(&Lex->thd->net,ER_GRANT_DUPL_CIPHER);
+     YYABORT;
+   } else 
+     Lex->ssl_cipher=$2.str;
  }
  
 opt_table:
@@ -3429,16 +3439,18 @@ column_list_id:
 
 
 require_clause: /* empty */
-	| REQUIRE_SYM require_list { /* do magic */}
-
-require_list: require_list_element AND require_list
-	{ /* do magic */}
-	| require_list_element {/*do magic*/}
-
-require_list_element: SUBJECT_SYM TEXT_STRING
-	| ISSUER TEXT_STRING
- 	| CIPHER TEXT_STRING
-
+        | REQUIRE_SYM require_list 
+        {
+          Lex->ssl_type=SSL_TYPE_SPECIFIED;
+        }
+        | REQUIRE_SYM SSL_SYM
+        {
+          Lex->ssl_type=SSL_TYPE_ANY;
+        }
+        | REQUIRE_SYM X509_SYM
+        {
+          Lex->ssl_type=SSL_TYPE_X509;
+        }
 
 grant_option:
 	/* empty */ {}
diff --git a/sql/structs.h b/sql/structs.h
index 469d3feea08..2f6f850bc9e 100644
--- a/sql/structs.h
+++ b/sql/structs.h
@@ -134,7 +134,11 @@ enum SHOW_TYPE { SHOW_LONG,SHOW_CHAR,SHOW_INT,SHOW_CHAR_PTR,SHOW_BOOL,
 		 ,SHOW_SSL_CTX_SESS_GET_CACHE_SIZE, SHOW_SSL_GET_CIPHER
 		 ,SHOW_SSL_GET_DEFAULT_TIMEOUT,	SHOW_SSL_GET_VERIFY_MODE
 		 ,SHOW_SSL_CTX_GET_VERIFY_MODE, SHOW_SSL_GET_VERIFY_DEPTH
-		 ,SHOW_SSL_CTX_GET_VERIFY_DEPTH
+		 ,SHOW_SSL_CTX_GET_VERIFY_DEPTH, SHOW_SSL_CTX_SESS_CONNECT
+		 ,SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE, SHOW_SSL_CTX_SESS_CONNECT_GOOD
+		 ,SHOW_SSL_CTX_SESS_HITS, SHOW_SSL_CTX_SESS_MISSES
+		 ,SHOW_SSL_CTX_SESS_TIMEOUTS, SHOW_SSL_CTX_SESS_CACHE_FULL
+		 ,SHOW_SSL_GET_CIPHER_LIST
 #endif /* HAVE_OPENSSL */
 };
author	unknown <tonu@volk.internalnet>	2001-09-30 10:47:32 +0800
committer	unknown <tonu@volk.internalnet>	2001-09-30 10:47:32 +0800
commit	6e8704ee0993b4f06d1c3626291346d20c6d60cb (patch)
tree	23320c30b5375f656671ecf64934369738776dda /sql
parent	ad9c7236a026395e5d7e6faf7ec83689f631ca40 (diff)
parent	d13f2dfdeb2b23c6abfb608885e8717878122a7b (diff)
download	mariadb-git-6e8704ee0993b4f06d1c3626291346d20c6d60cb.tar.gz