diff options
| -rw-r--r-- | mysql-test/r/openssl_1.result | 3 | ||||
| -rw-r--r-- | mysql-test/t/openssl_1.test | 8 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 9 |
3 files changed, 18 insertions, 2 deletions
diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index 0552ca0e8bb..d0a0253ba17 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -51,6 +51,9 @@ SSL error: Unable to get private key from '' mysqltest: Could not open connection 'default': 2026 SSL connection error SSL error: Unable to get certificate from '' mysqltest: Could not open connection 'default': 2026 SSL connection error +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA Variable_name Value Ssl_cipher DHE-RSA-AES256-SHA SHOW STATUS LIKE 'Ssl_cipher'; diff --git a/mysql-test/t/openssl_1.test b/mysql-test/t/openssl_1.test index dbe8bdd8940..4d0e6a8d9d1 100644 --- a/mysql-test/t/openssl_1.test +++ b/mysql-test/t/openssl_1.test @@ -97,6 +97,14 @@ drop table t1; --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 # +# BUG#21611 Slave can't connect when master-ssl-cipher specified +# - Apparently selecting a cipher doesn't work at all +# - Usa a cipher that both yaSSL and OpenSSL supports +# +--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql +--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 + +# # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 # # Test that we can open encrypted connection to server without diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index a12a45df648..4e3092b3b39 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -249,8 +249,13 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } - /* Set the ciphers that can be used */ - if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher)) + /* + Set the ciphers that can be used + NOTE: SSL_CTX_set_cipher_list will return 0 if + none of the provided ciphers could be selected + */ + if (cipher && + SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0) { DBUG_PRINT("error", ("failed to set ciphers to use")); report_errors(); |