summaryrefslogtreecommitdiff
path: root/vio/viossl.c
diff options
context:
space:
mode:
authorunknown <tonu@volk.internalnet>2001-09-30 10:46:20 +0800
committerunknown <tonu@volk.internalnet>2001-09-30 10:46:20 +0800
commitd13f2dfdeb2b23c6abfb608885e8717878122a7b (patch)
treec8e33b443fde74ad722536829cd56fa9403617cd /vio/viossl.c
parent5e0851e1b37debb59dbe184fcc3485470872ac64 (diff)
downloadmariadb-git-d13f2dfdeb2b23c6abfb608885e8717878122a7b.tar.gz
SSL compiles and works as far as can see. Continue testing..
Docs/manual.ja.texi: e-mail address fixed include/mysqld_error.h: Added 3 new errormessages related to SSL mysql-test/install_test_db.sh: SSL fix scripts/mysql_install_db.sh: mysql.user table changes to conform SSL ACL sql/lex.h: Fixed GRANT+SSL clause sql/share/czech/errmsg.txt: Added 3 new errormessages related to SSL sql/share/danish/errmsg.txt: Added 3 new errormessages related to SSL sql/share/dutch/errmsg.txt: Added 3 new errormessages related to SSL sql/share/english/errmsg.txt: Added 3 new errormessages related to SSL sql/share/estonian/errmsg.txt: Added 3 new errormessages related to SSL sql/share/french/errmsg.txt: Added 3 new errormessages related to SSL sql/share/german/errmsg.txt: Added 3 new errormessages related to SSL sql/share/greek/errmsg.txt: Added 3 new errormessages related to SSL sql/share/hungarian/errmsg.txt: Added 3 new errormessages related to SSL sql/share/italian/errmsg.txt: Added 3 new errormessages related to SSL sql/share/japanese/errmsg.txt: Added 3 new errormessages related to SSL sql/share/korean/errmsg.txt: Added 3 new errormessages related to SSL sql/share/norwegian-ny/errmsg.txt: Added 3 new errormessages related to SSL sql/share/norwegian/errmsg.txt: Added 3 new errormessages related to SSL sql/share/polish/errmsg.txt: Added 3 new errormessages related to SSL sql/share/portuguese/errmsg.txt: Added 3 new errormessages related to SSL sql/share/romanian/errmsg.txt: Added 3 new errormessages related to SSL sql/share/russian/errmsg.txt: Added 3 new errormessages related to SSL sql/share/slovak/errmsg.txt: Added 3 new errormessages related to SSL sql/share/spanish/errmsg.txt: Added 3 new errormessages related to SSL sql/share/swedish/errmsg.txt: Added 3 new errormessages related to SSL sql/share/ukrainian/errmsg.txt: Added 3 new errormessages related to SSL Docs/manual.texi: SSL fixes BUILD/compile-pentium-max: SSL was missing here acinclude.m4: typo fix alignment fix client/mysql.cc: SSL fixes client/mysqladmin.c: SSL fixes client/mysqlcheck.c: SSL fixes client/mysqldump.c: SSL fixes client/mysqlimport.c: SSL fixes client/mysqlshow.c: SSL fixes include/mysql.h: SSL fixes include/sslopt-case.h: SSL fixes include/sslopt-longopts.h: SSL fixes include/sslopt-usage.h: SSL fixes include/sslopt-vars.h: SSL fixes include/violite.h: SSL fixes cleanups libmysql/libmysql.c: SSL fixes libmysqld/lib_sql.cc: SSL fixes sql/mini_client.cc: SSL fixes sql/mysqld.cc: SSL fixes cleanup new variables to SHOW STATUS sql/sql_acl.cc: SSL fixes sql/sql_acl.h: SSL fixes sql/sql_lex.h: SSL fixes sql/sql_parse.cc: SSL fixes sql/sql_show.cc: New functions added sql/structs.h: New functions added vio/test-ssl.c: SSL fixes vio/test-sslclient.c: SSL fixes vio/test-sslserver.c: SSL fixes vio/viosocket.c: SSL fixes vio/viossl.c: SSL fixes cleanup vio/viosslfactories.c: SSL fixes sql/sql_yacc.yy: SSL fixes
Diffstat (limited to 'vio/viossl.c')
-rw-r--r--vio/viossl.c122
1 files changed, 26 insertions, 96 deletions
diff --git a/vio/viossl.c b/vio/viossl.c
index c6f70081d18..e80dc0ce807 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -118,8 +118,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
#endif /* DBUG_OFF */
r = SSL_read(vio->ssl_, buf, size);
#ifndef DBUG_OFF
- if ( r< 0)
+ if ( r<= 0) {
+ r=SSL_get_error(vio->ssl_, r);
+ DBUG_PRINT("info",("SSL_get_error returned %d",r));
report_errors();
+ }
#endif /* DBUG_OFF */
DBUG_PRINT("exit", ("%d", r));
DBUG_RETURN(r);
@@ -207,7 +210,6 @@ int vio_ssl_close(Vio * vio)
r = SSL_shutdown(vio->ssl_);
SSL_free(vio->ssl_);
vio->ssl_= 0;
- vio->bio_ = 0;
}
if (shutdown(vio->sd,2))
r= -1;
@@ -298,12 +300,11 @@ my_bool vio_ssl_poll_read(Vio *vio,uint timeout)
#endif
}
-void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio)
+void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
{
- X509* client_cert;
+ X509* client_cert;
char *str;
- int i;
-// const int blocking = vio_is_blocking(vio);
+ char buf[1024];
DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd=%d ptr=%p", vio->sd,ptr));
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
@@ -316,49 +317,12 @@ void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio)
DBUG_VOID_RETURN;
}
DBUG_PRINT("info", ("ssl_=%p",vio->ssl_));
+ SSL_clear(vio->ssl_);
vio_blocking(vio, FALSE);
+ SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
SSL_set_fd(vio->ssl_,vio->sd);
SSL_set_accept_state(vio->ssl_);
-
- /* FIXME possibly infinite loop */
- while (SSL_is_init_finished(vio->ssl_)) {
- DBUG_PRINT("info",("SSL_is_init_finished(vio->ssl_) is not 1"));
- if((i=SSL_do_handshake(vio->ssl_))!=SSL_ERROR_NONE)
- {
- DBUG_PRINT("info",("*** errno %d",errno));
- switch (SSL_get_error(vio->ssl_,i))
- {
- case SSL_ERROR_NONE:
- DBUG_PRINT("info",("SSL_ERROR_NONE: handshake finished"));
- break;
- case SSL_ERROR_SSL:
- DBUG_PRINT("info",("SSL_ERROR_SSL: SSL protocol error "));
- break;
- case SSL_ERROR_WANT_CONNECT:
- DBUG_PRINT("info",("SSL_ERROR_WANT_CONNECT:If you are doing non-blocking connects call again when the connection is established"));
- break;
- case SSL_ERROR_WANT_READ:
- DBUG_PRINT("info",("SSL_ERROR_WANT_READ: if non-blocking etc, call again when data is available"));
- break;
- case SSL_ERROR_WANT_WRITE:
- DBUG_PRINT("info",("SSL_ERROR_WANT_WRITE: if non-blocking etc, call again when data is available to write"));
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- DBUG_PRINT("info",("SSL_ERROR_WANT_X509_LOOKUP: /* not used yet but could be :-) */"));
- break;
- case SSL_ERROR_SYSCALL:
- DBUG_PRINT("info",("SSL_ERROR_SYSCALL: An error than the error code can be found in errno (%d)",errno));
- break;
- case SSL_ERROR_ZERO_RETURN:
- DBUG_PRINT("info",("SSL_ERROR_ZERO_RETURN: 0 returned on the read, normally means the socket is closed :-) */"));
- break;
- default:
- DBUG_PRINT("info",("Unknown SSL error returned"));
- break;
- }
- }
- usleep(100);
- }
+ SSL_do_handshake(vio->ssl_);
vio->open_ = TRUE;
#ifndef DBUF_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
@@ -374,23 +338,28 @@ void sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio)
DBUG_PRINT("info",("\t issuer: %s", str));
free (str);
- /* We could do all sorts of certificate verification stuff here before
- * deallocating the certificate. */
-
X509_free (client_cert);
} else
DBUG_PRINT("info",("Client does not have certificate."));
+
+ str=SSL_get_shared_ciphers(vio->ssl_, buf, sizeof(buf));
+ if(str)
+ {
+ DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str));
+ }
+ else
+ {
+ DBUG_PRINT("info",("no shared ciphers!"));
+ }
+
#endif
DBUG_VOID_RETURN;
}
-void sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio)
+void sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
{
char *str;
-// char s[]="abc";
-int i;
X509* server_cert;
- const int blocking = vio_is_blocking(vio);
DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_));
vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE);
@@ -403,50 +372,13 @@ int i;
report_errors();
DBUG_VOID_RETURN;
}
- DBUG_PRINT("info", ("ssl_=%p",vio->ssl_));
+ DBUG_PRINT("info",("ssl_=%p",vio->ssl_));
+ SSL_clear(vio->ssl_);
vio_blocking(vio, FALSE);
+ SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
SSL_set_fd (vio->ssl_, vio->sd);
SSL_set_connect_state(vio->ssl_);
-
- /* FIXME possibly infinite loop */
- while (SSL_is_init_finished(vio->ssl_)) {
- DBUG_PRINT("info",("SSL_is_init_finished(vio->ssl_) is not 1"));
- if((i=SSL_do_handshake(vio->ssl_))!=SSL_ERROR_NONE)
- {
- DBUG_PRINT("info",("*** errno %d",errno));
- switch (SSL_get_error(vio->ssl_,i))
- {
- case SSL_ERROR_NONE:
- DBUG_PRINT("info",("SSL_ERROR_NONE: handshake finished"));
- break;
- case SSL_ERROR_SSL:
- DBUG_PRINT("info",("SSL_ERROR_SSL: SSL protocol error "));
- break;
- case SSL_ERROR_WANT_CONNECT:
- DBUG_PRINT("info",("SSL_ERROR_WANT_CONNECT:If you are doing non-blocking connects call again when the connection is established"));
- break;
- case SSL_ERROR_WANT_READ:
- DBUG_PRINT("info",("SSL_ERROR_WANT_READ: if non-blocking etc, call again when data is available"));
- break;
- case SSL_ERROR_WANT_WRITE:
- DBUG_PRINT("info",("SSL_ERROR_WANT_WRITE: if non-blocking etc, call again when data is available to write"));
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- DBUG_PRINT("info",("SSL_ERROR_WANT_X509_LOOKUP: /* not used yet but could be :-) */"));
- break;
- case SSL_ERROR_SYSCALL:
- DBUG_PRINT("info",("SSL_ERROR_SYSCALL: An error than the error code can be found in errno (%d)",errno));
- break;
- case SSL_ERROR_ZERO_RETURN:
- DBUG_PRINT("info",("SSL_ERROR_ZERO_RETURN: 0 returned on the read, normally means the socket is closed :-) */"));
- break;
- default:
- DBUG_PRINT("info",("Unknown SSL error returned"));
- break;
- }
- }
- usleep(100);
- }
+ SSL_do_handshake(vio->ssl_);
vio->open_ = TRUE;
#ifndef DBUG_OFF
DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'"
@@ -469,9 +401,7 @@ int i;
} else
DBUG_PRINT("info",("Server does not have certificate."));
#endif
- vio_blocking(vio, blocking);
DBUG_VOID_RETURN;
}
-
#endif /* HAVE_OPENSSL */