Merge pilot.(none):/data/msvensson/mysql/mysql-5.0-maint

into pilot.(none):/data/msvensson/mysql/mysql-5.1-new-maint extra/yassl/include/openssl/crypto.h: Auto merged extra/yassl/include/openssl/ssl.h: Auto merged extra/yassl/include/yassl_int.hpp: Auto merged extra/yassl/src/ssl.cpp: Auto merged extra/yassl/src/yassl_int.cpp: Auto merged vio/viossl.c: Auto merged mysql-test/suite/rpl/t/rpl_ssl.test: Merge 5.0->5.1
author: unknown <msvensson@pilot.(none)> 2007-08-28 11:36:10 +0200
committer: unknown <msvensson@pilot.(none)> 2007-08-28 11:36:10 +0200
commit: 68eeedfded852571956c5e53c915262611f96130 (patch)
tree: 6ce91c985062eebf9bc909aa7eb52f1b359fcaa0 /vio
parent: f13905e1e97167c4d01ab99866d6addbb2fb2d85 (diff)
parent: 484069cf00ea15e3b690228ddf81752704fac390 (diff)
download: mariadb-git-68eeedfded852571956c5e53c915262611f96130.tar.gz
1 files changed, 46 insertions, 96 deletions
diff --git a/vio/viossl.c b/vio/viossl.c
index 2c74efb1bef..24bb18b9c68 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -172,78 +172,10 @@ void vio_ssl_delete(Vio *vio)
   vio_delete(vio);
 }
 
-
 int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
-  SSL *ssl;
-  my_bool unused;
-  my_bool net_blocking;
-  enum enum_vio_type old_type;
   DBUG_ENTER("sslaccept");
-  DBUG_PRINT("enter", ("sd: %d  ptr: 0x%lx, timeout: %ld",
-                       vio->sd, (long) ptr, timeout));
-
-  old_type= vio->type;
-  net_blocking= vio_is_blocking(vio);
-  vio_blocking(vio, 1, &unused);	/* Must be called before reset */
-  vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
-
-  if (!(ssl= SSL_new(ptr->ssl_context)))
-  {
-    DBUG_PRINT("error", ("SSL_new failure"));
-    report_errors(ssl);
-    vio_reset(vio, old_type,vio->sd,0,FALSE);
-    vio_blocking(vio, net_blocking, &unused);
-    DBUG_RETURN(1);
-  }
-  vio->ssl_arg= (void*)ssl;
-  DBUG_PRINT("info", ("ssl: 0x%lx  timeout: %ld", (long) ssl, timeout));
-  SSL_clear(ssl);
-  SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
-  SSL_set_fd(ssl, vio->sd);
-  if (SSL_accept(ssl) < 1)
-  {
-    DBUG_PRINT("error", ("SSL_accept failure"));
-    report_errors(ssl);
-    SSL_free(ssl);
-    vio->ssl_arg= 0;
-    vio_reset(vio, old_type,vio->sd,0,FALSE);
-    vio_blocking(vio, net_blocking, &unused);
-    DBUG_RETURN(1);
-  }
-
-#ifndef DBUG_OFF
-  {
-    char buf[1024];
-    X509 *client_cert;
-    DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
-
-    if ((client_cert= SSL_get_peer_certificate (ssl)))
-    {
-      DBUG_PRINT("info",("Client certificate:"));
-      X509_NAME_oneline (X509_get_subject_name (client_cert),
-                         buf, sizeof(buf));
-      DBUG_PRINT("info",("\t subject: %s", buf));
-
-      X509_NAME_oneline (X509_get_issuer_name  (client_cert),
-                         buf, sizeof(buf));
-      DBUG_PRINT("info",("\t issuer: %s", buf));
-
-      X509_free (client_cert);
-    }
-    else
-      DBUG_PRINT("info",("Client does not have certificate."));
-
-    if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
-    {
-      DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
-    }
-    else
-      DBUG_PRINT("info",("no shared ciphers!"));
-  }
-#endif
-
-  DBUG_RETURN(0);
+  DBUG_RETURN(sslconnect(ptr, vio, timeout));
 }
 
 
@@ -251,57 +183,75 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
   SSL *ssl;
   my_bool unused;
-  my_bool net_blocking;
-  enum enum_vio_type old_type;
+  my_bool was_blocking;
 
   DBUG_ENTER("sslconnect");
-  DBUG_PRINT("enter", ("sd: %d  ptr: 0x%lx  ctx: 0x%lx",
-                       vio->sd, (long) ptr, (long) ptr->ssl_context));
+  DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d  ctx: 0x%lx",
+                       (long) ptr, vio->sd, (long) ptr->ssl_context));
+
+  /* Set socket to blocking if not already set */
+  vio_blocking(vio, 1, &was_blocking);
 
-  old_type= vio->type;
-  net_blocking= vio_is_blocking(vio);
-  vio_blocking(vio, 1, &unused);	/* Must be called before reset */
-  vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
   if (!(ssl= SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors(ssl);
-    vio_reset(vio, old_type, vio->sd, 0, FALSE);
-    vio_blocking(vio, net_blocking, &unused);
+    vio_blocking(vio, was_blocking, &unused);
     DBUG_RETURN(1);
   }
-  vio->ssl_arg= (void*)ssl;
   DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
   SSL_clear(ssl);
   SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
   SSL_set_fd(ssl, vio->sd);
-  if (SSL_connect(ssl) < 1)
+
+  /*
+    SSL_do_handshake will select between SSL_connect
+    or SSL_accept depending on server or client side
+  */
+  if (SSL_do_handshake(ssl) < 1)
   {
-    DBUG_PRINT("error", ("SSL_connect failure"));
+    DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors(ssl);
     SSL_free(ssl);
-    vio->ssl_arg= 0;
-    vio_reset(vio, old_type, vio->sd, 0, FALSE);
-    vio_blocking(vio, net_blocking, &unused);
+    vio_blocking(vio, was_blocking, &unused);
     DBUG_RETURN(1);
   }
+
+  /*
+    Connection succeeded. Install new function handlers,
+    change type, set sd to the fd used when connecting
+    and set pointer to the SSL structure
+  */
+  vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), 0, 0);
+  vio->ssl_arg= (void*)ssl;
+
 #ifndef DBUG_OFF
   {
-    X509 *server_cert;
-    DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl)));
+    /* Print some info about the peer */
+    X509 *cert;
+    char buf[512];
+
+    DBUG_PRINT("info",("SSL connection succeeded"));
+    DBUG_PRINT("info",("Using cipher: '%s'" , SSL_get_cipher_name(ssl)));
 
-    if ((server_cert= SSL_get_peer_certificate (ssl)))
+    if ((cert= SSL_get_peer_certificate (ssl)))
     {
-      char buf[256];
-      DBUG_PRINT("info",("Server certificate:"));
-      X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
-      DBUG_PRINT("info",("\t subject: %s", buf));
-      X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf));
-      DBUG_PRINT("info",("\t issuer: %s", buf));
-      X509_free (server_cert);
+      DBUG_PRINT("info",("Peer certificate:"));
+      X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
+      DBUG_PRINT("info",("\t subject: '%s'", buf));
+      X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
+      DBUG_PRINT("info",("\t issuer: '%s'", buf));
+      X509_free(cert);
     }
     else
-      DBUG_PRINT("info",("Server does not have certificate."));
+      DBUG_PRINT("info",("Peer does not have certificate."));
+
+    if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
+    {
+      DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
+    }
+    else
+      DBUG_PRINT("info",("no shared ciphers!"));
   }
 #endif
author	unknown <msvensson@pilot.(none)>	2007-08-28 11:36:10 +0200
committer	unknown <msvensson@pilot.(none)>	2007-08-28 11:36:10 +0200
commit	68eeedfded852571956c5e53c915262611f96130 (patch)
tree	6ce91c985062eebf9bc909aa7eb52f1b359fcaa0 /vio
parent	f13905e1e97167c4d01ab99866d6addbb2fb2d85 (diff)
parent	484069cf00ea15e3b690228ddf81752704fac390 (diff)
download	mariadb-git-68eeedfded852571956c5e53c915262611f96130.tar.gz