diff options
| author | monty@mashka.mysql.fi <> | 2002-06-11 11:20:31 +0300 |
|---|---|---|
| committer | monty@mashka.mysql.fi <> | 2002-06-11 11:20:31 +0300 |
| commit | 2aecdd1a91bf8386829146609ce0219c51793841 (patch) | |
| tree | 8fcaabe013fff43cf466235067f2c47f0cd66531 /vio | |
| parent | db41437a100e204e60f45d5c9a6b26f63e512659 (diff) | |
| download | mariadb-git-2aecdd1a91bf8386829146609ce0219c51793841.tar.gz | |
Big code cleanup/review before 4.0.2 release.
(All commit emails since 4.0.1 checked)
This had to be done now, before the 4.1 tree changes to much, to make it easy to propagate bug fixes to the 4.1 tree.
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viosocket.c | 8 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 126 |
2 files changed, 71 insertions, 63 deletions
diff --git a/vio/viosocket.c b/vio/viosocket.c index 85e239f29ac..dc2bfaa6e0c 100644 --- a/vio/viosocket.c +++ b/vio/viosocket.c @@ -153,7 +153,7 @@ int vio_blocking(Vio * vio __attribute__((unused)), my_bool set_blocking_mode) } #endif /* !defined(__WIN__) && !defined(__EMX__) */ #endif /* !defined (HAVE_OPENSSL) */ - DBUG_PRINT("exit", ("return %d", r)); + DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); } @@ -273,7 +273,7 @@ my_socket vio_fd(Vio* vio) my_bool vio_peer_addr(Vio * vio, char *buf) { DBUG_ENTER("vio_peer_addr"); - DBUG_PRINT("enter", ("sd=%d", vio->sd)); + DBUG_PRINT("enter", ("sd: %d", vio->sd)); if (vio->localhost) { strmov(buf,"127.0.0.1"); @@ -284,12 +284,12 @@ my_bool vio_peer_addr(Vio * vio, char *buf) if (getpeername(vio->sd, (struct sockaddr *) (& (vio->remote)), &addrLen) != 0) { - DBUG_PRINT("exit", ("getpeername, error: %d", socket_errno)); + DBUG_PRINT("exit", ("getpeername gave error: %d", socket_errno)); DBUG_RETURN(1); } my_inet_ntoa(vio->remote.sin_addr,buf); } - DBUG_PRINT("exit", ("addr=%s", buf)); + DBUG_PRINT("exit", ("addr: %s", buf)); DBUG_RETURN(0); } diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 322c1ce01e4..23a35f540f6 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -28,7 +28,8 @@ static bool ssl_error_strings_loaded= FALSE; static int verify_depth = 0; static int verify_error = X509_V_OK; -static unsigned char dh512_p[]={ +static unsigned char dh512_p[]= +{ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, @@ -36,22 +37,28 @@ static unsigned char dh512_p[]={ 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 0x47,0x74,0xE8,0x33, }; + static unsigned char dh512_g[]={ 0x02, }; static DH *get_dh512(void) { - DH *dh=NULL; - - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return(NULL); + DH *dh; + if ((dh=DH_new())) + { + dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); + dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + if (! dh->p || ! dh->g) + { + DH_free(dh); + dh=0; + } + } return(dh); } + static void report_errors() { @@ -66,7 +73,7 @@ report_errors() { char buf[200]; DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), - file,line,(flags&ERR_TXT_STRING)?data:"")) ; + file,line,(flags & ERR_TXT_STRING) ? data : "")) ; } DBUG_VOID_RETURN; } @@ -98,13 +105,14 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) DBUG_RETURN(0); } - /* If we are using DSA, we can copy the parameters from - * the private key */ - /* Now we know that a key and cert have been set against - * the SSL context */ + /* + If we are using DSA, we can copy the parameters from the private key + Now we know that a key and cert have been set against the SSL context + */ if (!SSL_CTX_check_private_key(ctx)) { - DBUG_PRINT("error", ("Private key does not match the certificate public key\n")); + DBUG_PRINT("error", + ("Private key does not match the certificate public key\n")); DBUG_RETURN(0); } } @@ -128,7 +136,7 @@ vio_verify_callback(int ok, X509_STORE_CTX *ctx) X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof(buf)); if (!ok) { - DBUG_PRINT("error",("verify error:num=%d:%s\n",err, + DBUG_PRINT("error",("verify error: num: %d : '%s'\n",err, X509_verify_cert_error_string(err))); if (verify_depth >= depth) { @@ -137,7 +145,6 @@ vio_verify_callback(int ok, X509_STORE_CTX *ctx) } else { - ok=0; verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; } } @@ -157,17 +164,18 @@ vio_verify_callback(int ok, X509_STORE_CTX *ctx) /*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/ break; } - DBUG_PRINT("exit", ("r=%d", ok)); + DBUG_PRINT("exit", ("%d", ok)); DBUG_RETURN(ok); } /************************ VioSSLConnectorFd **********************************/ -struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file, - const char* cert_file, - const char* ca_file, - const char* ca_path, - const char* cipher) +struct st_VioSSLConnectorFd * +new_VioSSLConnectorFd(const char* key_file, + const char* cert_file, + const char* ca_file, + const char* ca_path, + const char* cipher) { int verify = SSL_VERIFY_PEER; struct st_VioSSLConnectorFd* ptr; @@ -177,9 +185,13 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file, DBUG_PRINT("enter", ("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s, cipher=%s", key_file, cert_file, ca_path, ca_file, cipher)); - ptr=(struct st_VioSSLConnectorFd*)my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0)); - ptr->ssl_context_=0; - ptr->ssl_method_=0; + + if (!(ptr=((struct st_VioSSLConnectorFd*) + my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0))))) + DBUG_RETURN(0); + + ptr->ssl_context_= 0; + ptr->ssl_method_= 0; /* FIXME: constants! */ if (!ssl_algorithms_added) @@ -204,10 +216,10 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file, goto ctor_failure; } /* - * SSL_CTX_set_options - * SSL_CTX_set_info_callback + SSL_CTX_set_options + SSL_CTX_set_info_callback */ - if(cipher) + if (cipher) { result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); @@ -219,10 +231,10 @@ struct st_VioSSLConnectorFd* new_VioSSLConnectorFd(const char* key_file, report_errors(); goto ctor_failure; } - if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path)==0) + if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_) == 0) { DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); report_errors(); @@ -246,16 +258,15 @@ ctor_failure: /************************ VioSSLAcceptorFd **********************************/ struct st_VioSSLAcceptorFd* -new_VioSSLAcceptorFd(const char* key_file, - const char* cert_file, - const char* ca_file, - const char* ca_path, - const char* cipher) +new_VioSSLAcceptorFd(const char *key_file, + const char *cert_file, + const char *ca_file, + const char *ca_path, + const char *cipher) { - int verify = (SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT | - SSL_VERIFY_CLIENT_ONCE); - + int verify = (SSL_VERIFY_PEER | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT | + SSL_VERIFY_CLIENT_ONCE); struct st_VioSSLAcceptorFd* ptr; int result; DH *dh=NULL; @@ -264,11 +275,12 @@ new_VioSSLAcceptorFd(const char* key_file, ("key_file=%s, cert_file=%s, ca_path=%s, ca_file=%s, cipher=%s", key_file, cert_file, ca_path, ca_file, cipher)); - ptr=(struct st_VioSSLAcceptorFd*)my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)); + ptr= ((struct st_VioSSLAcceptorFd*) + my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0))); ptr->ssl_context_=0; ptr->ssl_method_=0; /* FIXME: constants! */ - ptr->session_id_context_ = ptr; + ptr->session_id_context_ = ptr; if (!ssl_algorithms_added) { @@ -283,42 +295,38 @@ new_VioSSLAcceptorFd(const char* key_file, ssl_error_strings_loaded = TRUE; SSL_load_error_strings(); } - ptr->ssl_method_ = TLSv1_server_method(); - ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); - if (ptr->ssl_context_==0) + ptr->ssl_method_= TLSv1_server_method(); + ptr->ssl_context_= SSL_CTX_new(ptr->ssl_method_); + if (ptr->ssl_context_ == 0) { DBUG_PRINT("error", ("SSL_CTX_new failed")); report_errors(); goto ctor_failure; } - if(cipher) + if (cipher) { result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); } - /* - * SSL_CTX_set_quiet_shutdown(ctx,1); - * - */ + /* SSL_CTX_set_quiet_shutdown(ctx,1); */ SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128); - - - /* DH? - */ + /* DH? */ SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); - SSL_CTX_set_session_id_context(ptr->ssl_context_,(const uchar*)&(ptr->session_id_context_),sizeof(ptr->session_id_context_)); + SSL_CTX_set_session_id_context(ptr->ssl_context_, + (const uchar*) &(ptr->session_id_context_), + sizeof(ptr->session_id_context_)); /* - * SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); - */ + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + */ if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); report_errors(); goto ctor_failure; } - if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path)==0) + if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) @@ -332,11 +340,11 @@ new_VioSSLAcceptorFd(const char* key_file, dh=get_dh512(); SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); DH_free(dh); - DBUG_RETURN(ptr); + ctor_failure: DBUG_PRINT("exit", ("there was an error")); - my_free((gptr)ptr,MYF(0)); + my_free((gptr) ptr,MYF(0)); DBUG_RETURN(0); } |