diff options
| author | monty@narttu.mysql.fi <> | 2003-08-27 02:51:39 +0300 |
|---|---|---|
| committer | monty@narttu.mysql.fi <> | 2003-08-27 02:51:39 +0300 |
| commit | 66b160c25377903737173b1b351ce6e275415c5e (patch) | |
| tree | df46d43bd0139e95a2e8a1f4acac68f2de3c484f /vio | |
| parent | f5a134ba561be8140a0d85f23b132b2df6348f70 (diff) | |
| download | mariadb-git-66b160c25377903737173b1b351ce6e275415c5e.tar.gz | |
vio ssl structure renames (to get rid of ending _)
Added TCP/IP read/write timeout for windows
Check on windows if second server is started with same TCP/IP port
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/vio.c | 10 | ||||
| -rw-r--r-- | vio/vio_priv.h | 54 | ||||
| -rw-r--r-- | vio/viosocket.c | 25 | ||||
| -rw-r--r-- | vio/viossl.c | 89 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 65 |
5 files changed, 139 insertions, 104 deletions
diff --git a/vio/vio.c b/vio/vio.c index d822651cca6..2b745ab3ec6 100644 --- a/vio/vio.c +++ b/vio/vio.c @@ -21,13 +21,7 @@ the file descriptior. */ -#define DONT_MAP_VIO -#include <my_global.h> -#include <mysql_com.h> -#include <my_sys.h> -#include <m_string.h> -#include <violite.h> -#include <errno.h> +#include "vio_priv.h" /* * Helper to fill most of the Vio* with defaults. @@ -61,6 +55,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type, vio->in_addr =vio_ssl_in_addr; vio->vioblocking =vio_ssl_blocking; vio->is_blocking =vio_is_blocking; + vio->timeout =vio_ssl_timeout; } else /* default is VIO_TYPE_TCPIP */ #endif /* HAVE_OPENSSL */ @@ -77,6 +72,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type, vio->in_addr =vio_in_addr; vio->vioblocking =vio_blocking; vio->is_blocking =vio_is_blocking; + vio->timeout =vio_timeout; } #endif /* HAVE_VIO */ DBUG_VOID_RETURN; diff --git a/vio/vio_priv.h b/vio/vio_priv.h new file mode 100644 index 00000000000..66a9bde4e0d --- /dev/null +++ b/vio/vio_priv.h @@ -0,0 +1,54 @@ +/* Copyright (C) 2003 MySQL AB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + +/* Structures and functions private to the vio package */ + +#define DONT_MAP_VIO +#include <my_global.h> +#include <mysql_com.h> +#include <my_sys.h> +#include <m_string.h> +#include <violite.h> + +#ifdef HAVE_OPENSSL +#include "my_net.h" /* needed because of struct in_addr */ + +void vio_ssl_delete(Vio* vio); +int vio_ssl_read(Vio *vio,gptr buf, int size); +int vio_ssl_write(Vio *vio,const gptr buf,int size); +void vio_ssl_timeout(Vio *vio, uint timeout); + +/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */ +int vio_ssl_fastsend(Vio *vio); +/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */ +int vio_ssl_keepalive(Vio *vio, my_bool onoff); +/* Whenever we should retry the last read/write operation. */ +my_bool vio_ssl_should_retry(Vio *vio); +/* When the workday is over... */ +int vio_ssl_close(Vio *vio); +/* Return last error number */ +int vio_ssl_errno(Vio *vio); +my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port); +void vio_ssl_in_addr(Vio *vio, struct in_addr *in); +int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode); + +/* Single copy for server */ +enum vio_ssl_acceptorfd_state +{ + state_connect = 1, + state_accept = 2 +}; +#endif /* HAVE_OPENSSL */ diff --git a/vio/viosocket.c b/vio/viosocket.c index 6f5c4142a45..ad156fc33bf 100644 --- a/vio/viosocket.c +++ b/vio/viosocket.c @@ -21,19 +21,7 @@ the file descriptior. */ -#define DONT_MAP_VIO -#include <my_global.h> -#include <mysql_com.h> - -#include <errno.h> -#include <my_sys.h> -#include <violite.h> -#include <my_net.h> -#include <m_string.h> - -#ifndef __WIN__ -#define HANDLE void * -#endif +#include "vio_priv.h" void vio_delete(Vio* vio) { @@ -334,3 +322,14 @@ my_bool vio_poll_read(Vio *vio,uint timeout) DBUG_RETURN(fds.revents & POLLIN ? 0 : 1); #endif } + + +void vio_timeout(Vio *vio __attribute__((unused)), + uint timeout __attribute__((unused))) +{ +#ifdef __WIN__ + ulong wait_timeout= (ulong) timeout * 1000; + (void) setsockopt(vio->sd, SOL_SOCKET, SO_RCVTIMEO, (char*) &wait_timeout, + sizeof(wait_timeout)); +#endif /* __WIN__ */ +} diff --git a/vio/viossl.c b/vio/viossl.c index fc95b0755ce..fafe48b7a84 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -21,23 +21,10 @@ the file descriptior. */ -#include <my_global.h> +#include "vio_priv.h" #ifdef HAVE_OPENSSL -#include <mysql_com.h> - -#include <errno.h> -#include <assert.h> -#include <violite.h> -#include <my_sys.h> -#include <my_net.h> -#include <m_string.h> - -#ifndef __WIN__ -#define HANDLE void * -#endif - static void report_errors() { @@ -88,11 +75,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size) int r; DBUG_ENTER("vio_ssl_read"); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p", - vio->sd, buf, size, vio->ssl_)); + vio->sd, buf, size, vio->ssl_arg)); - if ((r= SSL_read(vio->ssl_, buf, size)) < 0) + if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0) { - int err= SSL_get_error(vio->ssl_, r); + int err= SSL_get_error((SSL*) vio->ssl_arg, r); DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err)); report_errors(); } @@ -107,7 +94,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size) DBUG_ENTER("vio_ssl_write"); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); - if ((r= SSL_write(vio->ssl_, buf, size)) < 0) + if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0) report_errors(); DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); @@ -171,11 +158,11 @@ int vio_ssl_close(Vio * vio) int r; DBUG_ENTER("vio_ssl_close"); r=0; - if (vio->ssl_) + if ((SSL*) vio->ssl_arg) { - r = SSL_shutdown(vio->ssl_); - SSL_free(vio->ssl_); - vio->ssl_= 0; + r = SSL_shutdown((SSL*) vio->ssl_arg); + SSL_free((SSL*) vio->ssl_arg); + vio->ssl_arg= 0; } if (vio->sd >= 0) { @@ -273,8 +260,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) net_blocking = vio_is_blocking(vio); vio_blocking(vio, 1, &unused); /* Must be called before reset */ vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); - vio->ssl_=0; - if (!(vio->ssl_ = SSL_new(ptr->ssl_context_))) + vio->ssl_arg= 0; + if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); report_errors(); @@ -282,25 +269,25 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } - DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout)); - SSL_clear(vio->ssl_); - SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); - SSL_set_fd(vio->ssl_,vio->sd); - SSL_set_accept_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1) + DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout)); + SSL_clear((SSL*) vio->ssl_arg); + SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout); + SSL_set_fd((SSL*) vio->ssl_arg,vio->sd); + SSL_set_accept_state((SSL*) vio->ssl_arg); + if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); - SSL_free(vio->ssl_); - vio->ssl_=0; + SSL_free((SSL*) vio->ssl_arg); + vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } #ifndef DBUF_OFF DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" - ,SSL_get_cipher_name(vio->ssl_))); - client_cert = SSL_get_peer_certificate (vio->ssl_); + ,SSL_get_cipher_name((SSL*) vio->ssl_arg))); + client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg); if (client_cert != NULL) { DBUG_PRINT("info",("Client certificate:")); @@ -317,7 +304,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) else DBUG_PRINT("info",("Client does not have certificate.")); - str=SSL_get_shared_ciphers(vio->ssl_, buf, sizeof(buf)); + str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf)); if (str) { DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str)); @@ -340,14 +327,14 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) my_bool net_blocking; enum enum_vio_type old_type; DBUG_ENTER("sslconnect"); - DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_)); + DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context)); old_type= vio->type; net_blocking = vio_is_blocking(vio); vio_blocking(vio, 1, &unused); /* Must be called before reset */ vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); - vio->ssl_=0; - if (!(vio->ssl_ = SSL_new(ptr->ssl_context_))) + vio->ssl_arg= 0; + if (!(vio->ssl_arg = SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); report_errors(); @@ -355,25 +342,25 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } - DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout)); - SSL_clear(vio->ssl_); - SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); - SSL_set_fd (vio->ssl_, vio->sd); - SSL_set_connect_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1) + DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout)); + SSL_clear((SSL*) vio->ssl_arg); + SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout); + SSL_set_fd ((SSL*) vio->ssl_arg, vio->sd); + SSL_set_connect_state((SSL*) vio->ssl_arg); + if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); - SSL_free(vio->ssl_); - vio->ssl_=0; + SSL_free((SSL*) vio->ssl_arg); + vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } #ifndef DBUG_OFF DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" - ,SSL_get_cipher_name(vio->ssl_))); - server_cert = SSL_get_peer_certificate (vio->ssl_); + ,SSL_get_cipher_name((SSL*) vio->ssl_arg))); + server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg); if (server_cert != NULL) { DBUG_PRINT("info",("Server certificate:")); @@ -407,4 +394,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)), return set_blocking_mode ? 0 : 1; } + +void vio_ssl_timeout(Vio *vio __attribute__((unused)), + uint timeout __attribute__((unused))) +{ + /* Not yet implemented (non critical) */ +} #endif /* HAVE_OPENSSL */ diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 69d4f3007b8..0997e3909db 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -14,15 +14,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include <my_global.h> +#include "vio_priv.h" #ifdef HAVE_OPENSSL -#include <mysql_com.h> -#include <my_sys.h> -#include <violite.h> - - static bool ssl_algorithms_added = FALSE; static bool ssl_error_strings_loaded= FALSE; static int verify_depth = 0; @@ -203,8 +198,8 @@ new_VioSSLConnectorFd(const char* key_file, my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0))))) DBUG_RETURN(0); - ptr->ssl_context_= 0; - ptr->ssl_method_= 0; + ptr->ssl_context= 0; + ptr->ssl_method= 0; /* FIXME: constants! */ if (!ssl_algorithms_added) @@ -219,10 +214,10 @@ new_VioSSLConnectorFd(const char* key_file, ssl_error_strings_loaded = TRUE; SSL_load_error_strings(); } - ptr->ssl_method_ = TLSv1_client_method(); - ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); - DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_)); - if (ptr->ssl_context_ == 0) + ptr->ssl_method = TLSv1_client_method(); + ptr->ssl_context = SSL_CTX_new(ptr->ssl_method); + DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context)); + if (ptr->ssl_context == 0) { DBUG_PRINT("error", ("SSL_CTX_new failed")); report_errors(); @@ -234,20 +229,20 @@ new_VioSSLConnectorFd(const char* key_file, */ if (cipher) { - result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); + result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); } - SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); - if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) + SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback); + if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); report_errors(); goto ctor_failure; } - if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path) == 0) + if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_) == 0) + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0) { DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); report_errors(); @@ -257,7 +252,7 @@ new_VioSSLConnectorFd(const char* key_file, /* DH stuff */ dh=get_dh512(); - SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); + SSL_CTX_set_tmp_dh(ptr->ssl_context,dh); DH_free(dh); DBUG_RETURN(ptr); @@ -292,10 +287,10 @@ new_VioSSLAcceptorFd(const char *key_file, ptr= ((struct st_VioSSLAcceptorFd*) my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0))); - ptr->ssl_context_=0; - ptr->ssl_method_=0; + ptr->ssl_context=0; + ptr->ssl_method=0; /* FIXME: constants! */ - ptr->session_id_context_ = ptr; + ptr->session_id_context= ptr; if (!ssl_algorithms_added) { @@ -310,9 +305,9 @@ new_VioSSLAcceptorFd(const char *key_file, ssl_error_strings_loaded = TRUE; SSL_load_error_strings(); } - ptr->ssl_method_= TLSv1_server_method(); - ptr->ssl_context_= SSL_CTX_new(ptr->ssl_method_); - if (ptr->ssl_context_ == 0) + ptr->ssl_method= TLSv1_server_method(); + ptr->ssl_context= SSL_CTX_new(ptr->ssl_method); + if (ptr->ssl_context == 0) { DBUG_PRINT("error", ("SSL_CTX_new failed")); report_errors(); @@ -320,31 +315,31 @@ new_VioSSLAcceptorFd(const char *key_file, } if (cipher) { - result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); + result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); } /* SSL_CTX_set_quiet_shutdown(ctx,1); */ - SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128); + SSL_CTX_sess_set_cache_size(ptr->ssl_context,128); /* DH? */ - SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); - SSL_CTX_set_session_id_context(ptr->ssl_context_, - (const uchar*) &(ptr->session_id_context_), - sizeof(ptr->session_id_context_)); + SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback); + SSL_CTX_set_session_id_context(ptr->ssl_context, + (const uchar*) &(ptr->session_id_context), + sizeof(ptr->session_id_context)); /* SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); */ - if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) + if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); report_errors(); goto ctor_failure; } - if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path) == 0) + if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0) { DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); report_errors(); @@ -353,7 +348,7 @@ new_VioSSLAcceptorFd(const char *key_file, } /* DH stuff */ dh=get_dh512(); - SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); + SSL_CTX_set_tmp_dh(ptr->ssl_context,dh); DH_free(dh); DBUG_RETURN(ptr); @@ -362,6 +357,4 @@ ctor_failure: my_free((gptr) ptr,MYF(0)); DBUG_RETURN(0); } - - #endif /* HAVE_OPENSSL */ |