diff options
| author | unknown <msvensson@neptunus.(none)> | 2006-05-03 14:09:08 +0200 |
|---|---|---|
| committer | unknown <msvensson@neptunus.(none)> | 2006-05-03 14:09:08 +0200 |
| commit | e5b7c41df9a6c43f3f1cf83d7f059ac5e506057f (patch) | |
| tree | 8ce5ebcc0d24005b4fcede1a802b558df0679960 /vio | |
| parent | a524c8ebe9882d175acf9cda3838b67f554607d5 (diff) | |
| download | mariadb-git-e5b7c41df9a6c43f3f1cf83d7f059ac5e506057f.tar.gz | |
Load CA certs before setting local certs.
Make it possible to get the yaSSL error message printed in the DBUG log file.
vio/viossl.c:
Add possibility to print out the error from yaSSL.
vio/viosslfactories.c:
Load the CA certs before loading the certs for this client or server.
Improved comments.
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viossl.c | 26 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 21 |
2 files changed, 29 insertions, 18 deletions
diff --git a/vio/viossl.c b/vio/viossl.c index aa4cdda9f01..38654f05521 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -51,20 +51,30 @@ static int SSL_set_fd_bsd(SSL *s, int fd) static void -report_errors() +report_errors(SSL* ssl) { unsigned long l; const char *file; const char *data; int line,flags; + char buf[512]; + DBUG_ENTER("report_errors"); while ((l= ERR_get_error_line_data(&file,&line,&data,&flags))) { - char buf[512]; DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), file,line,(flags&ERR_TXT_STRING)?data:"")) ; } + +#ifdef HAVE_YASSL + /* + The above calls to ERR_* doesn't return any messages when we + are using yaSSL since error is stored in the SSL object we used. + */ + if (ssl) + DBUG_PRINT("error", ("yaSSL: %s", ERR_error_string(SSL_get_error(ssl, l), buf))); +#endif DBUG_PRINT("info", ("errno: %d", socket_errno)); DBUG_VOID_RETURN; } @@ -81,7 +91,7 @@ int vio_ssl_read(Vio *vio, gptr buf, int size) { int err= SSL_get_error((SSL*) vio->ssl_arg, r); DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err)); - report_errors(); + report_errors((SSL*) vio->ssl_arg); } DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); @@ -95,7 +105,7 @@ int vio_ssl_write(Vio *vio, const gptr buf, int size) DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d", vio->sd, buf, size)); if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0) - report_errors(); + report_errors((SSL*) vio->ssl_arg); DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); } @@ -148,7 +158,7 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (!(ssl= SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); - report_errors(); + report_errors(ssl); vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); @@ -162,7 +172,7 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (SSL_do_handshake(ssl) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); - report_errors(); + report_errors(ssl); SSL_free(ssl); vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); @@ -223,7 +233,7 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (!(ssl= SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); - report_errors(); + report_errors(ssl); vio_reset(vio, old_type, vio->sd, 0, FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); @@ -237,7 +247,7 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout) if (SSL_do_handshake(ssl) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); - report_errors(); + report_errors(ssl); SSL_free(ssl); vio->ssl_arg= 0; vio_reset(vio, old_type, vio->sd, 0, FALSE); diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 2b3e80a98e4..f1d2b077367 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -103,7 +103,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file) /* FIX stderr */ fprintf(stderr,"Error when connection to server using SSL:"); ERR_print_errors_fp(stderr); - fprintf(stderr,"Unable to get private key from '%s'\n", cert_file); + fprintf(stderr,"Unable to get private key from '%s'\n", key_file); fflush(stderr); DBUG_RETURN(1); } @@ -252,14 +252,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } - if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file)) - { - DBUG_PRINT("error", ("vio_set_cert_stuff failed")); - report_errors(); - my_free((void*)ssl_fd,MYF(0)); - DBUG_RETURN(0); - } - + /* Load certs from the trusted ca */ if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); @@ -272,6 +265,14 @@ new_VioSSLFd(const char *key_file, const char *cert_file, } } + if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file)) + { + DBUG_PRINT("error", ("vio_set_cert_stuff failed")); + report_errors(); + my_free((void*)ssl_fd,MYF(0)); + DBUG_RETURN(0); + } + /* DH stuff */ dh=get_dh512(); SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh); @@ -297,7 +298,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, return 0; } - /* Init the the VioSSLFd as a "connector" ie. the client side */ + /* Init the VioSSLFd as a "connector" ie. the client side */ /* The verify_callback function is used to control the behaviour |