summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xSSL/run-client9
-rwxr-xr-xSSL/run-server9
-rw-r--r--extra/resolveip.c1
-rw-r--r--myisam/mi_open.c2
-rw-r--r--mysys/my_compress.c1
-rw-r--r--mysys/string.c2
-rw-r--r--strings/ctype.c1
-rw-r--r--vio/test-ssl.c131
-rw-r--r--vio/test-sslclient.c52
-rw-r--r--vio/test-sslserver.c119
10 files changed, 258 insertions, 69 deletions
diff --git a/SSL/run-client b/SSL/run-client
new file mode 100755
index 00000000000..c8065f30030
--- /dev/null
+++ b/SSL/run-client
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+cmd () {
+ echo $*
+ $*
+}
+
+client/mysql --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/client-cert.pem --ssl-key=SSL/client-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 --execute="select version()"
+
diff --git a/SSL/run-server b/SSL/run-server
new file mode 100755
index 00000000000..a77e671a18e
--- /dev/null
+++ b/SSL/run-server
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+cmd () {
+ echo $*
+ $*
+}
+
+cmd sql/mysqld --port=4407 --socket=/tmp/test.mysql.sock --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,/tmp/mysqld.trace' >& /tmp/mysqld.output
+
diff --git a/extra/resolveip.c b/extra/resolveip.c
index d739f8de244..d6cfee9bb4c 100644
--- a/extra/resolveip.c
+++ b/extra/resolveip.c
@@ -29,6 +29,7 @@
#include <netdb.h>
#include <m_ctype.h>
#include <my_sys.h>
+#include <m_string.h>
#include <getopt.h>
#if !defined(_AIX) && !defined(HAVE_UNIXWARE7_THREADS) && !defined(HAVE_UNIXWARE7_POSIX) && !defined(h_errno)
diff --git a/myisam/mi_open.c b/myisam/mi_open.c
index 4e98148663b..c34f2aa43f4 100644
--- a/myisam/mi_open.c
+++ b/myisam/mi_open.c
@@ -1017,7 +1017,7 @@ The argument file_to_dup is here for the future if there would on some OS
exist a dup()-like call that would give us two different file descriptors.
*************************************************************************/
-int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share, File file_to_dup)
+int mi_open_datafile(MI_INFO *info, MYISAM_SHARE *share, File file_to_dup __attribute__((unused)))
{
#ifdef USE_RAID
if (share->base.raid_type)
diff --git a/mysys/my_compress.c b/mysys/my_compress.c
index 9d94a400f48..11204562ac8 100644
--- a/mysys/my_compress.c
+++ b/mysys/my_compress.c
@@ -21,6 +21,7 @@
#ifdef HAVE_COMPRESS
#include <my_sys.h>
#include <zlib.h>
+#include <m_string.h>
/*
** This replaces the packet with a compressed packet
diff --git a/mysys/string.c b/mysys/string.c
index 96a503c1179..2e0f4d3c9fe 100644
--- a/mysys/string.c
+++ b/mysys/string.c
@@ -51,7 +51,7 @@ my_bool init_dynamic_string(DYNAMIC_STRING *str, const char *init_str,
my_bool dynstr_set(DYNAMIC_STRING *str, const char *init_str)
{
- uint length;
+ uint length=0;
DBUG_ENTER("dynstr_set");
if (init_str && (length= (uint) strlen(init_str)+1) > str->max_length)
diff --git a/strings/ctype.c b/strings/ctype.c
index 16b652d42f1..1178d15b515 100644
--- a/strings/ctype.c
+++ b/strings/ctype.c
@@ -18,6 +18,7 @@
#include <global.h>
#include <m_ctype.h>
+#include <m_string.h>
/* generated by make, using conf_to_src */
#include "ctype_extra_sources.c"
diff --git a/vio/test-ssl.c b/vio/test-ssl.c
new file mode 100644
index 00000000000..f47655c99ab
--- /dev/null
+++ b/vio/test-ssl.c
@@ -0,0 +1,131 @@
+#include <global.h>
+#ifdef HAVE_OPENSSL
+#include <my_sys.h>
+#include <m_string.h>
+#include <m_ctype.h>
+#include "mysql.h"
+#include "errmsg.h"
+#include <my_dir.h>
+#ifndef __GNU_LIBRARY__
+#define __GNU_LIBRARY__ // Skip warnings in getopt.h
+#endif
+#include <getopt.h>
+#include <signal.h>
+#include <violite.h>
+
+const char *VER="0.1";
+
+
+#ifndef DBUG_OFF
+const char *default_dbug_option="d:t:O,-";
+#endif
+
+void
+fatal_error( const char* r)
+{
+ perror(r);
+ exit(0);
+}
+
+void
+print_usage()
+{
+ printf("viossl-test: testing SSL virtual IO. Usage:\n");
+ printf("viossl-test server-key server-cert client-key client-cert [CAfile] [CApath]\n");
+}
+
+int
+main( int argc,
+ char** argv)
+{
+ char* server_key = 0, *server_cert = 0;
+ char* client_key = 0, *client_cert = 0;
+ char* ca_file = 0, *ca_path = 0;
+ int child_pid,sv[2];
+ struct st_VioSSLAcceptorFd* ssl_acceptor=0;
+ struct st_VioSSLConnectorFd* ssl_connector=0;
+ Vio* client_vio=0, *server_vio=0;
+ MY_INIT(argv[0]);
+ DBUG_PROCESS(argv[0]);
+ DBUG_PUSH(default_dbug_option);
+
+ if (argc<5)
+ {
+ print_usage();
+ return 1;
+ }
+
+ server_key = argv[1];
+ server_cert = argv[2];
+ client_key = argv[3];
+ client_cert = argv[4];
+ if (argc>5)
+ ca_file = argv[5];
+ if (argc>6)
+ ca_path = argv[6];
+ printf("Server key/cert : %s/%s\n", server_key, server_cert);
+ printf("Client key/cert : %s/%s\n", client_key, client_cert);
+ if (ca_file!=0)
+ printf("CAfile : %s\n", ca_file);
+ if (ca_path!=0)
+ printf("CApath : %s\n", ca_path);
+
+
+ if (socketpair(PF_UNIX, SOCK_STREAM, IPPROTO_IP, sv)==-1)
+ fatal_error("socketpair");
+
+ ssl_acceptor = new_VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
+ ssl_connector = new_VioSSLConnectorFd(client_key, client_cert, ca_file, ca_path);
+
+ client_vio = (struct st_vio*)my_malloc(sizeof(struct st_vio),MYF(0));
+ client_vio->sd = sv[0];
+ client_vio->vioblocking(client_vio,0);
+ sslconnect(ssl_connector,client_vio);
+ server_vio = (struct st_vio*)my_malloc(sizeof(struct st_vio),MYF(0));
+ server_vio->sd = sv[1];
+ server_vio->vioblocking(client_vio,0);
+ sslaccept(ssl_acceptor,server_vio);
+
+ printf("Socketpair: %d , %d\n", client_vio->sd, server_vio->sd);
+
+ child_pid = fork();
+ if (child_pid==-1) {
+ my_free((gptr)ssl_acceptor,MYF(0));
+ my_free((gptr)ssl_connector,MYF(0));
+ fatal_error("fork");
+ }
+ if (child_pid==0) {
+ //child, therefore, client
+ char xbuf[100];
+ int r = client_vio->read(client_vio,xbuf, sizeof(xbuf));
+ if (r<=0) {
+ my_free((gptr)ssl_acceptor,MYF(0));
+ my_free((gptr)ssl_connector,MYF(0));
+ fatal_error("client:SSL_read");
+ }
+ xbuf[r] = 0;
+ printf("client:got %s\n", xbuf);
+ my_free((gptr)client_vio,MYF(0));
+ my_free((gptr)ssl_acceptor,MYF(0));
+ my_free((gptr)ssl_connector,MYF(0));
+ } else {
+ const char* s = "Huhuhuh";
+ int r = server_vio->write(server_vio,(gptr)s, strlen(s));
+ if (r<=0) {
+ my_free((gptr)ssl_acceptor,MYF(0));
+ my_free((gptr)ssl_connector,MYF(0));
+ fatal_error("server:SSL_write");
+ }
+ my_free((gptr)server_vio,MYF(0));
+ my_free((gptr)ssl_acceptor,MYF(0));
+ my_free((gptr)ssl_connector,MYF(0));
+ }
+ return 0;
+}
+#else /* HAVE_OPENSSL */
+
+int main() {
+return 0;
+}
+#endif /* HAVE_OPENSSL */
+
diff --git a/vio/test-sslclient.c b/vio/test-sslclient.c
index 86542dec2f9..7abac7dad9f 100644
--- a/vio/test-sslclient.c
+++ b/vio/test-sslclient.c
@@ -28,45 +28,57 @@ fatal_error( const char* r)
}
int
-main( int argc,
+main( int argc __attribute__((unused)),
char** argv)
{
- char* client_key = 0, *client_cert = 0;
- char* ca_file = 0, *ca_path = 0;
+ char client_key[] = "../SSL/client-key.pem", client_cert[] = "../SSL/client-cert.pem";
+ char ca_file[] = "../SSL/cacert.pem", *ca_path = 0;
struct st_VioSSLConnectorFd* ssl_connector=0;
+ struct sockaddr_in sa;
Vio* client_vio=0;
+ int err;
+ char xbuf[100]="Ohohhhhoh1234";
MY_INIT(argv[0]);
DBUG_PROCESS(argv[0]);
DBUG_PUSH(default_dbug_option);
- client_key = "../SSL/client-key.pem";
- client_cert = "../SSL/client-cert.pem";
- ca_file = "../SSL/cacert.pem";
printf("Client key/cert : %s/%s\n", client_key, client_cert);
if (ca_file!=0)
printf("CAfile : %s\n", ca_file);
if (ca_path!=0)
printf("CApath : %s\n", ca_path);
-
ssl_connector = new_VioSSLConnectorFd(client_key, client_cert, ca_file, ca_path);
+ if(!ssl_connector) {
+ fatal_error("client:new_VioSSLConnectorFd failed");
+ }
- client_vio = (struct st_vio*)my_malloc(sizeof(struct st_vio),MYF(0));
- client_vio->vioblocking(client_vio,0);
- sslconnect(ssl_connector,client_vio);
+ /* ----------------------------------------------- */
+ /* Create a socket and connect to server using normal socket calls. */
+
+ client_vio = vio_new(socket (AF_INET, SOCK_STREAM, 0), VIO_TYPE_TCPIP, TRUE);
+
+ memset (&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
+ sa.sin_port = htons (1111); /* Server Port number */
+
+ err = connect(client_vio->sd, (struct sockaddr*) &sa,
+ sizeof(sa));
- {
- char xbuf[100];
- int r = client_vio->read(client_vio,xbuf, sizeof(xbuf));
- if (r<=0) {
- my_free((gptr)ssl_connector,MYF(0));
- fatal_error("client:SSL_read");
- }
- xbuf[r] = 0;
- printf("client:got %s\n", xbuf);
- my_free((gptr)client_vio,MYF(0));
+ /* ----------------------------------------------- */
+ /* Now we have TCP conncetion. Start SSL negotiation. */
+ read(client_vio->sd,xbuf, sizeof(xbuf));
+ sslconnect(ssl_connector,client_vio);
+ err = client_vio->read(client_vio,xbuf, sizeof(xbuf));
+ if (err<=0) {
my_free((gptr)ssl_connector,MYF(0));
+ fatal_error("client:SSL_read");
}
+ xbuf[err] = 0;
+ printf("client:got %s\n", xbuf);
+ my_free((gptr)client_vio,MYF(0));
+ my_free((gptr)ssl_connector,MYF(0));
return 0;
}
#else /* HAVE_OPENSSL */
diff --git a/vio/test-sslserver.c b/vio/test-sslserver.c
index c1a30139888..ad4f653ffa6 100644
--- a/vio/test-sslserver.c
+++ b/vio/test-sslserver.c
@@ -20,40 +20,68 @@ const char *VER="0.1";
const char *default_dbug_option="d:t:O,-";
#endif
-void
+static void
fatal_error( const char* r)
{
perror(r);
exit(0);
}
+typedef struct {
+ int sd;
+ struct st_VioSSLAcceptorFd* ssl_acceptor;
+} TH_ARGS;
+
+static void
+do_ssl_stuff( TH_ARGS* args)
+{
+ const char* s = "Huhuhuhuuu";
+ Vio* server_vio;
+ int err;
+ DBUG_ENTER("do_ssl_stuff");
+
+ server_vio = vio_new(args->sd, VIO_TYPE_TCPIP, TRUE);
+
+ /* ----------------------------------------------- */
+ /* TCP connection is ready. Do server side SSL. */
+
+ err = write(server_vio->sd,(gptr)s, strlen(s));
+ sslaccept(args->ssl_acceptor,server_vio);
+ err = server_vio->write(server_vio,(gptr)s, strlen(s));
+ DBUG_VOID_RETURN;
+}
+
+static void*
+client_thread( void* arg)
+{
+ my_thread_init();
+ do_ssl_stuff((TH_ARGS*)arg);
+}
+
int
-main( int argc,
+main( int argc __attribute__((unused)),
char** argv)
{
- char* server_key = 0, *server_cert = 0;
- char* ca_file = 0, *ca_path = 0;
- struct st_VioSSLAcceptorFd* ssl_acceptor=0;
- const char* s = "Huhuhuhuuu";
+ char server_key[] = "../SSL/server-key.pem",
+ server_cert[] = "../SSL/server-cert.pem";
+ char ca_file[] = "../SSL/cacert.pem",
+ *ca_path = 0;
+ struct st_VioSSLAcceptorFd* ssl_acceptor;
+ pthread_t th;
+ TH_ARGS th_args;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
int listen_sd;
-
- size_t client_len;
int err;
-
+ size_t client_len;
+ int reuseaddr = 1; /* better testing, uh? */
- Vio* client_vio=0, *server_vio=0;
MY_INIT(argv[0]);
DBUG_PROCESS(argv[0]);
DBUG_PUSH(default_dbug_option);
- server_key = "../SSL/server-key.pem";
- server_cert = "../SSL/server-cert.pem";
- ca_file = "../SSL/cacert.pem";
-
printf("Server key/cert : %s/%s\n", server_key, server_cert);
if (ca_file!=0)
@@ -61,51 +89,48 @@ main( int argc,
if (ca_path!=0)
printf("CApath : %s\n", ca_path);
+ th_args.ssl_acceptor = ssl_acceptor = new_VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
- ssl_acceptor = new_VioSSLAcceptorFd(server_key, server_cert, ca_file, ca_path);
-
- server_vio = (struct st_vio*)my_malloc(sizeof(struct st_vio),MYF(0));
-
-
+ /* ----------------------------------------------- */
+ /* Prepare TCP socket for receiving connections */
- /* ----------------------------------------------- */
- /* Prepare TCP socket for receiving connections */
-
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
+ listen_sd = socket (AF_INET, SOCK_STREAM, 0);
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &reuseaddr, sizeof(&reuseaddr));
- memset (&sa_serv, '\0', sizeof(sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (1111); /* Server Port number */
+ memset (&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons (1111); /* Server Port number */
- err = bind(listen_sd, (struct sockaddr*) &sa_serv,
+ err = bind(listen_sd, (struct sockaddr*) &sa_serv,
sizeof (sa_serv));
- /* Receive a TCP connection. */
+ /* Receive a TCP connection. */
- err = listen (listen_sd, 5);
-
- client_len = sizeof(sa_cli);
- server_vio->sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
- close (listen_sd);
+ err = listen (listen_sd, 5);
+ client_len = sizeof(sa_cli);
+ th_args.sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
+ close (listen_sd);
- printf ("Connection from %lx, port %x\n",
- sa_cli.sin_addr.s_addr, sa_cli.sin_port);
+ printf ("Connection from %lx, port %x\n",
+ (long)sa_cli.sin_addr.s_addr, sa_cli.sin_port);
- /* ----------------------------------------------- */
- /* TCP connection is ready. Do server side SSL. */
+ /* ----------------------------------------------- */
+ /* TCP connection is ready. Do server side SSL. */
- sslaccept(ssl_acceptor,server_vio);
+ err = pthread_create(&th, NULL, client_thread, (void*)&th_args);
+ DBUG_PRINT("info", ("pthread_create: %d", err));
+ pthread_join(th, NULL);
+
+#if 0
+ if (err<=0) {
+ my_free((gptr)ssl_acceptor,MYF(0));
+ fatal_error("server:SSL_write");
+ }
+#endif /* 0 */
-{
-err = server_vio->write(server_vio,(gptr)s, strlen(s));
-if (err<=0) {
my_free((gptr)ssl_acceptor,MYF(0));
- fatal_error("server:SSL_write");
-}
-}
-my_free((gptr)server_vio,MYF(0));
-my_free((gptr)ssl_acceptor,MYF(0));
+ return 0;
}
#else /* HAVE_OPENSSL */
View Lorry Controller Status