diff options
-rw-r--r-- | .bzrignore | 2 | ||||
-rw-r--r-- | client/mysql.cc | 7 | ||||
-rw-r--r-- | include/violite.h | 144 | ||||
-rw-r--r-- | libmysql/Makefile.am | 2 | ||||
-rw-r--r-- | libmysql/Makefile.shared | 3 | ||||
-rw-r--r-- | libmysqld/lib_vio.c | 5 | ||||
-rw-r--r-- | mysql-test/include/have_openssl_2.inc | 4 | ||||
-rw-r--r-- | mysql-test/r/have_openssl_2.require | 2 | ||||
-rw-r--r-- | mysql-test/t/openssl_2.test | 5 | ||||
-rw-r--r-- | mysys/my_getopt.c | 3 | ||||
-rw-r--r-- | sql/item_cmpfunc.cc | 3 | ||||
-rw-r--r-- | sql/item_func.cc | 5 | ||||
-rw-r--r-- | sql/mini_client.cc | 2 | ||||
-rw-r--r-- | sql/mysqld.cc | 13 | ||||
-rw-r--r-- | sql/net_serv.cc | 3 | ||||
-rw-r--r-- | sql/sql_acl.cc | 17 | ||||
-rw-r--r-- | sql/sql_show.cc | 61 | ||||
-rw-r--r-- | vio/vio.c | 10 | ||||
-rw-r--r-- | vio/vio_priv.h | 54 | ||||
-rw-r--r-- | vio/viosocket.c | 25 | ||||
-rw-r--r-- | vio/viossl.c | 89 | ||||
-rw-r--r-- | vio/viosslfactories.c | 65 |
22 files changed, 261 insertions, 263 deletions
diff --git a/.bzrignore b/.bzrignore index 8514eb6ffb1..1e4c8ae88af 100644 --- a/.bzrignore +++ b/.bzrignore @@ -536,3 +536,5 @@ Docs/internals.pdf Docs/internals.txt Docs/internals_toc.html scripts/make_win_src_distribution +libmysql/vio_priv.h +libmysql_r/vio_priv.h diff --git a/client/mysql.cc b/client/mysql.cc index 4fe832a790e..d4a06b34d32 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -708,6 +708,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), break; case 'W': #ifdef __WIN__ + my_free(opt_mysql_unix_port, MYF(MY_ALLOW_ZERO_PTR)); opt_mysql_unix_port= my_strdup(MYSQL_NAMEDPIPE, MYF(0)); #endif break; @@ -2329,10 +2330,10 @@ com_status(String *buffer __attribute__((unused)), (void) mysql_fetch_row(result); // Read eof } #ifdef HAVE_OPENSSL - if (mysql.net.vio && mysql.net.vio->ssl_ && - SSL_get_cipher(mysql.net.vio->ssl_)) + if (mysql.net.vio && mysql.net.vio->ssl_arg && + SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg)) tee_fprintf(stdout, "SSL:\t\t\tCipher in use is %s\n", - SSL_get_cipher(mysql.net.vio->ssl_)); + SSL_get_cipher((SSL*) mysql.net.vio->ssl_arg)); else #endif /* HAVE_OPENSSL */ tee_puts("SSL:\t\t\tNot in use", stdout); diff --git a/include/violite.h b/include/violite.h index d20fab23239..18f862d4b77 100644 --- a/include/violite.h +++ b/include/violite.h @@ -43,6 +43,7 @@ Vio* vio_new(my_socket sd, enum enum_vio_type type, my_bool localhost); Vio* vio_new_win32pipe(HANDLE hPipe); #endif void vio_delete(Vio* vio); +int vio_close(Vio* vio); #ifdef EMBEDDED_LIBRARY void vio_reset(Vio *vio); @@ -51,146 +52,85 @@ void vio_reset(Vio* vio, enum enum_vio_type type, my_socket sd, HANDLE hPipe, my_bool localhost); #endif -/* - * vio_read and vio_write should have the same semantics - * as read(2) and write(2). - */ int vio_read(Vio *vio, gptr buf, int size); int vio_write(Vio *vio, const gptr buf, int size); -/* - * Whenever the socket is set to blocking mode or not. - */ int vio_blocking(Vio *vio, my_bool onoff, my_bool *old_mode); my_bool vio_is_blocking(Vio *vio); -/* - * setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. - */ +/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible */ int vio_fastsend(Vio *vio); -/* - * setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. - */ +/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible */ int vio_keepalive(Vio *vio, my_bool onoff); -/* - * Whenever we should retry the last read/write operation. - */ +/* Whenever we should retry the last read/write operation. */ my_bool vio_should_retry(Vio *vio); -/* - * When the workday is over... - */ -int vio_close(Vio* vio); -/* - * Short text description of the socket for those, who are curious.. - */ +/* Short text description of the socket for those, who are curious.. */ const char* vio_description(Vio *vio); - /* Return the type of the connection */ enum enum_vio_type vio_type(Vio* vio); - /* Return last error number */ int vio_errno(Vio*vio); - /* Get socket number */ my_socket vio_fd(Vio*vio); - -/* - * Remote peer's address and name in text form. - */ +/* Remote peer's address and name in text form */ my_bool vio_peer_addr(Vio* vio, char *buf, uint16 *port); - /* Remotes in_addr */ - void vio_in_addr(Vio *vio, struct in_addr *in); - my_bool vio_poll_read(Vio *vio,uint timeout); - -#ifdef __cplusplus -} -#endif - -#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO) -#define vio_delete(vio) (vio)->viodelete(vio) -#define vio_errno(vio) (vio)->vioerrno(vio) -#define vio_read(vio, buf, size) (vio)->read(vio,buf,size) -#define vio_write(vio, buf, size) (vio)->write(vio, buf, size) -#define vio_blocking(vio, set_blocking_mode, old_mode)\ - (vio)->vioblocking(vio, set_blocking_mode, old_mode) -#define vio_is_blocking(vio) (vio)->is_blocking(vio) -#define vio_fastsend(vio) (vio)->fastsend(vio) -#define vio_keepalive(vio, set_keep_alive) (vio)->viokeepalive(vio, set_keep_alive) -#define vio_should_retry(vio) (vio)->should_retry(vio) -#define vio_close(vio) ((vio)->vioclose)(vio) -#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt) -#define vio_in_addr(vio, in) (vio)->in_addr(vio, in) -#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */ +void vio_timeout(Vio *vio,uint timeout); #ifdef HAVE_OPENSSL #define HEADER_DES_LOCL_H dummy_something #include <openssl/ssl.h> #include <openssl/err.h> -#include "my_net.h" /* needed because of struct in_addr */ - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -void vio_ssl_delete(Vio* vio); - -int vio_ssl_read(Vio* vio,gptr buf, int size); -int vio_ssl_write(Vio* vio,const gptr buf,int size); - -/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */ - int vio_ssl_fastsend(Vio* vio); -/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */ -int vio_ssl_keepalive(Vio* vio, my_bool onoff); -/* Whenever we should retry the last read/write operation. */ -my_bool vio_ssl_should_retry(Vio* vio); -/* When the workday is over... */ -int vio_ssl_close(Vio* vio); -/* Return last error number */ -int vio_ssl_errno(Vio *vio); -my_bool vio_ssl_peer_addr(Vio* vio, char *buf, uint16 *port); -void vio_ssl_in_addr(Vio *vio, struct in_addr *in); -int vio_ssl_blocking(Vio * vio, my_bool set_blocking_mode, my_bool *old_mode); - -/* Single copy for server */ -enum vio_ssl_acceptorfd_state -{ - state_connect = 1, - state_accept = 2 -}; struct st_VioSSLAcceptorFd { - SSL_CTX* ssl_context_; - SSL_METHOD* ssl_method_; - struct st_VioSSLAcceptorFd* session_id_context_; + SSL_CTX *ssl_context; + SSL_METHOD *ssl_method; + struct st_VioSSLAcceptorFd *session_id_context; }; /* One copy for client */ struct st_VioSSLConnectorFd { - SSL_CTX* ssl_context_; + SSL_CTX *ssl_context; /* function pointers which are only once for SSL client */ - SSL_METHOD* ssl_method_; + SSL_METHOD *ssl_method; }; -int sslaccept(struct st_VioSSLAcceptorFd*, Vio*, long timeout); -int sslconnect(struct st_VioSSLConnectorFd*, Vio*, long timeout); +int sslaccept(struct st_VioSSLAcceptorFd*, Vio *, long timeout); +int sslconnect(struct st_VioSSLConnectorFd*, Vio *, long timeout); struct st_VioSSLConnectorFd -*new_VioSSLConnectorFd(const char* key_file, const char* cert_file, - const char* ca_file, const char* ca_path, - const char* cipher); +*new_VioSSLConnectorFd(const char *key_file, const char *cert_file, + const char *ca_file, const char *ca_path, + const char *cipher); struct st_VioSSLAcceptorFd -*new_VioSSLAcceptorFd(const char* key_file, const char* cert_file, - const char* ca_file,const char* ca_path, - const char* cipher); -Vio* new_VioSSL(struct st_VioSSLAcceptorFd* fd, Vio* sd,int state); +*new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, + const char *ca_file,const char *ca_path, + const char *cipher); +Vio *new_VioSSL(struct st_VioSSLAcceptorFd *fd, Vio *sd, int state); +#endif #ifdef __cplusplus } #endif -#endif /* HAVE_OPENSSL */ + +#if defined(HAVE_VIO) && !defined(DONT_MAP_VIO) +#define vio_delete(vio) (vio)->viodelete(vio) +#define vio_errno(vio) (vio)->vioerrno(vio) +#define vio_read(vio, buf, size) (vio)->read(vio,buf,size) +#define vio_write(vio, buf, size) (vio)->write(vio, buf, size) +#define vio_blocking(vio, set_blocking_mode, old_mode)\ + (vio)->vioblocking(vio, set_blocking_mode, old_mode) +#define vio_is_blocking(vio) (vio)->is_blocking(vio) +#define vio_fastsend(vio) (vio)->fastsend(vio) +#define vio_keepalive(vio, set_keep_alive) (vio)->viokeepalive(vio, set_keep_alive) +#define vio_should_retry(vio) (vio)->should_retry(vio) +#define vio_close(vio) ((vio)->vioclose)(vio) +#define vio_peer_addr(vio, buf, prt) (vio)->peer_addr(vio, buf, prt) +#define vio_in_addr(vio, in) (vio)->in_addr(vio, in) +#define vio_timeout(vio, seconds) (vio)->timeout(vio, seconds) +#endif /* defined(HAVE_VIO) && !defined(DONT_MAP_VIO) */ /* This enumerator is used in parser - should be always visible */ enum SSL_type @@ -228,10 +168,8 @@ struct st_vio void (*in_addr)(Vio*, struct in_addr*); my_bool (*should_retry)(Vio*); int (*vioclose)(Vio*); - -#ifdef HAVE_OPENSSL - SSL* ssl_; -#endif /* HAVE_OPENSSL */ + void (*timeout)(Vio*, unsigned int timeout); + void *ssl_arg; #endif /* HAVE_VIO */ }; #endif /* EMBEDDED_LIBRARY */ diff --git a/libmysql/Makefile.am b/libmysql/Makefile.am index c767771c93f..686f7807949 100644 --- a/libmysql/Makefile.am +++ b/libmysql/Makefile.am @@ -41,7 +41,7 @@ link_sources: rm -f $(srcdir)/$$f; \ @LN_CP_F@ $(srcdir)/../strings/$$f $(srcdir)/$$f; \ done; \ - for f in $$vs; do \ + for f in $$vs $(vioheaders); do \ rm -f $(srcdir)/$$f; \ @LN_CP_F@ $(srcdir)/../vio/$$f $(srcdir)/$$f; \ done; \ diff --git a/libmysql/Makefile.shared b/libmysql/Makefile.shared index 9f4b3e9ccdd..764983506d1 100644 --- a/libmysql/Makefile.shared +++ b/libmysql/Makefile.shared @@ -46,6 +46,7 @@ mystringsextra= strto.c mystringsgen= ctype_autoconf.c dbugobjects = dbug.lo # IT IS IN SAFEMALLOC.C sanity.lo mysysheaders = mysys_priv.h my_static.h +vioheaders = vio_priv.h mysysobjects1 = my_init.lo my_static.lo my_malloc.lo my_realloc.lo \ my_create.lo my_delete.lo mf_tempfile.lo my_open.lo \ mf_casecnv.lo my_read.lo my_write.lo errors.lo \ @@ -86,7 +87,7 @@ clean-local: `echo $(mysysobjects) | sed "s;\.lo;.c;g"` \ `echo $(vio_objects) | sed "s;\.lo;.c;g"` \ $(CHARSET_SRCS) $(CHARSET_OBJS) \ - $(mystringsextra) $(mystringsgen) $(mysysheaders) \ + $(mystringsextra) $(mystringsgen) $(mysysheaders) $(vioheaders)\ ctype_extra_sources.c net.c ../linked_client_sources ctype_extra_sources.c: conf_to_src diff --git a/libmysqld/lib_vio.c b/libmysqld/lib_vio.c index 448c11f9abd..ccad6ac8b7e 100644 --- a/libmysqld/lib_vio.c +++ b/libmysqld/lib_vio.c @@ -218,4 +218,9 @@ my_bool vio_poll_read(Vio *vio,uint timeout) return 0; } + +void vio_timeout(Vio *vio __attribute__((unused)), + uint timeout __attribute__((unused))) +{ +} #endif /* HAVE_VIO */ diff --git a/mysql-test/include/have_openssl_2.inc b/mysql-test/include/have_openssl_2.inc deleted file mode 100644 index 724d295a398..00000000000 --- a/mysql-test/include/have_openssl_2.inc +++ /dev/null @@ -1,4 +0,0 @@ --- require r/have_openssl_2.require -disable_query_log; -SHOW STATUS LIKE "SSL_get_cipher"; -enable_query_log; diff --git a/mysql-test/r/have_openssl_2.require b/mysql-test/r/have_openssl_2.require deleted file mode 100644 index 09a65d7d9bc..00000000000 --- a/mysql-test/r/have_openssl_2.require +++ /dev/null @@ -1,2 +0,0 @@ -Variable_name Value -jkhjkhfs diff --git a/mysql-test/t/openssl_2.test b/mysql-test/t/openssl_2.test deleted file mode 100644 index 12f1240f3af..00000000000 --- a/mysql-test/t/openssl_2.test +++ /dev/null @@ -1,5 +0,0 @@ -# We want to test everything with SSL turned on. --- source include/have_openssl_2.inc - -SHOW STATUS LIKE 'SSL%'; - diff --git a/mysys/my_getopt.c b/mysys/my_getopt.c index e18c5a0b9eb..5644d81837d 100644 --- a/mysys/my_getopt.c +++ b/mysys/my_getopt.c @@ -464,8 +464,7 @@ static int setval(const struct my_option *opts, char *argument, break; case GET_STR_ALLOC: if ((*((char**) result_pos))) - my_free((*(char**) result_pos), - MYF(MY_WME | MY_FAE)); + my_free((*(char**) result_pos), MYF(MY_WME | MY_FAE)); if (!(*((char**) result_pos)= my_strdup(argument, MYF(MY_WME)))) return EXIT_OUT_OF_MEMORY; break; diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc index 04c27de63eb..b940064923f 100644 --- a/sql/item_cmpfunc.cc +++ b/sql/item_cmpfunc.cc @@ -1177,7 +1177,10 @@ Item_cond::fix_fields(THD *thd,TABLE_LIST *tables) { List_iterator<Item> li(list); Item *item; +#ifndef EMBEDDED_LIBRARY // Avoid compiler warning char buff[sizeof(char*)]; // Max local vars in function +#endif + not_null_tables_cache= used_tables_cache= 0; const_item_cache= 0; /* diff --git a/sql/item_func.cc b/sql/item_func.cc index 8e9677cc459..be5d98f20ec 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -59,7 +59,10 @@ bool Item_func::fix_fields(THD *thd,TABLE_LIST *tables) { Item **arg,**arg_end; +#ifndef EMBEDDED_LIBRARY // Avoid compiler warning char buff[STACK_BUFF_ALLOC]; // Max argument in function +#endif + binary=0; used_tables_cache= not_null_tables_cache= 0; const_item_cache=1; @@ -1159,7 +1162,9 @@ bool udf_handler::fix_fields(THD *thd,TABLE_LIST *tables,Item_result_field *func, uint arg_count, Item **arguments) { +#ifndef EMBEDDED_LIBRARY // Avoid compiler warning char buff[STACK_BUFF_ALLOC]; // Max argument in function +#endif DBUG_ENTER("Item_udf_func::fix_fields"); if (thd) diff --git a/sql/mini_client.cc b/sql/mini_client.cc index a8a0c639abd..9993951d8e9 100644 --- a/sql/mini_client.cc +++ b/sql/mini_client.cc @@ -843,7 +843,7 @@ mc_mysql_connect(MYSQL *mysql,const char *host, const char *user, } /* Do the SSL layering. */ DBUG_PRINT("info", ("IO layer change in progress...")); - DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context_)); + DBUG_PRINT("info", ("IO context %p",((struct st_VioSSLConnectorFd*)mysql->connector_fd)->ssl_context)); sslconnect((struct st_VioSSLConnectorFd*)(mysql->connector_fd),mysql->net.vio, (long)(mysql->options.connect_timeout)); DBUG_PRINT("info", ("IO layer change done!")); } diff --git a/sql/mysqld.cc b/sql/mysqld.cc index eaecb6e1aa3..10d7955f13b 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -1136,7 +1136,14 @@ static void server_init(void) IPaddr.sin_family = AF_INET; IPaddr.sin_addr.s_addr = my_bind_addr; IPaddr.sin_port = (unsigned short) htons((unsigned short) mysql_port); + +#ifndef __WIN__ + /* + We should not use SO_REUSEADDR on windows as this would enable a + user to open two mysqld servers with the same TCP/IP port. + */ (void) setsockopt(ip_sock,SOL_SOCKET,SO_REUSEADDR,(char*)&arg,sizeof(arg)); +#endif if (bind(ip_sock, my_reinterpret_cast(struct sockaddr *) (&IPaddr), sizeof(IPaddr)) < 0) { @@ -3011,6 +3018,12 @@ extern "C" pthread_handler_decl(handle_connections_sockets, } if (sock == unix_sock) thd->host=(char*) localhost; +#ifdef __WIN__ + /* Set default wait_timeout */ + ulong wait_timeout= global_system_variables.net_wait_timeout * 1000; + (void) setsockopt(new_sock, SOL_SOCKET, SO_RCVTIMEO, (char*)&wait_timeout, + sizeof(wait_timeout)); +#endif create_new_thread(thd); } diff --git a/sql/net_serv.cc b/sql/net_serv.cc index 8f0d659daf2..18dadf24efa 100644 --- a/sql/net_serv.cc +++ b/sql/net_serv.cc @@ -434,6 +434,7 @@ net_real_write(NET *net,const char *packet,ulong len) thr_alarm(&alarmed,(uint) net->write_timeout,&alarm_buff); #else alarmed=0; + vio_timeout(net->vio, net->write_timeout); #endif /* NO_ALARM */ pos=(char*) packet; end=pos+len; @@ -623,6 +624,8 @@ my_real_read(NET *net, ulong *complen) #ifndef NO_ALARM if (net_blocking) thr_alarm(&alarmed,net->read_timeout,&alarm_buff); +#else + vio_timeout(net->vio, net->read_timeout); #endif /* NO_ALARM */ pos = net->buff + net->where_b; /* net->packet -4 */ diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 9f3068fce85..3b5e9983b80 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -531,6 +531,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, (my_bool) old_ver))) { Vio *vio=thd->net.vio; +#ifdef HAVE_OPENSSL + SSL *ssl= (SSL*) vio->ssl_arg; +#endif /* In this point we know that user is allowed to connect from given host by given username/password pair. Now @@ -553,8 +556,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, we should reject connection. */ if (vio_type(vio) == VIO_TYPE_SSL && - SSL_get_verify_result(vio->ssl_) == X509_V_OK && - SSL_get_peer_certificate(vio->ssl_)) + SSL_get_verify_result(ssl) == X509_V_OK && + SSL_get_peer_certificate(ssl)) user_access=acl_user->access; break; case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ @@ -563,28 +566,28 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, we should reject connection. */ if (vio_type(vio) == VIO_TYPE_SSL && - SSL_get_verify_result(vio->ssl_) == X509_V_OK) + SSL_get_verify_result(ssl) == X509_V_OK) { if (acl_user->ssl_cipher) { DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", acl_user->ssl_cipher, - SSL_get_cipher(vio->ssl_))); - if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_))) + SSL_get_cipher(ssl))); + if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(ssl))) user_access=acl_user->access; else { if (global_system_variables.log_warnings) sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'", acl_user->ssl_cipher, - SSL_get_cipher(vio->ssl_)); + SSL_get_cipher(ssl)); user_access=NO_ACCESS; break; } } /* Prepare certificate (if exists) */ DBUG_PRINT("info",("checkpoint 1")); - X509* cert=SSL_get_peer_certificate(vio->ssl_); + X509* cert=SSL_get_peer_certificate(ssl); DBUG_PRINT("info",("checkpoint 2")); /* If X509 issuer is speified, we check it... */ if (acl_user->x509_issuer) diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 6680485ef0c..a7de04d0bfa 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -1274,77 +1274,77 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables, case SHOW_SSL_CTX_SESS_ACCEPT: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_accept(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_ACCEPT_GOOD: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_accept_good(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_CONNECT_GOOD: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_connect_good(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_ACCEPT_RENEGOTIATE: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_accept_renegotiate(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_CONNECT_RENEGOTIATE: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_connect_renegotiate(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_CB_HITS: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_cb_hits(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_HITS: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_hits(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_CACHE_FULL: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_cache_full(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_MISSES: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_misses(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_TIMEOUTS: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_timeouts(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_NUMBER: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_number(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_CONNECT: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_connect(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_SESS_GET_CACHE_SIZE: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_sess_get_cache_size(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_GET_VERIFY_MODE: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_get_verify_mode(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_GET_VERIFY_DEPTH: net_store_data(&packet2,(uint32) (!ssl_acceptor_fd ? 0 : - SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context_))); + SSL_CTX_get_verify_depth(ssl_acceptor_fd->ssl_context))); break; case SHOW_SSL_CTX_GET_SESSION_CACHE_MODE: if (!ssl_acceptor_fd) @@ -1352,7 +1352,7 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables, net_store_data(&packet2,"NONE" ); break; } - switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context_)) + switch (SSL_CTX_get_session_cache_mode(ssl_acceptor_fd->ssl_context)) { case SSL_SESS_CACHE_OFF: net_store_data(&packet2,"OFF" ); @@ -1379,37 +1379,38 @@ int mysqld_show(THD *thd, const char *wild, show_var_st *variables, break; /* First group - functions relying on SSL */ case SHOW_SSL_GET_VERSION: - net_store_data(&packet2, thd->net.vio->ssl_ ? - SSL_get_version(thd->net.vio->ssl_) : ""); + net_store_data(&packet2, thd->net.vio->ssl_arg ? + SSL_get_version((SSL*) thd->net.vio->ssl_arg) : ""); break; case SHOW_SSL_SESSION_REUSED: - net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? - SSL_session_reused(thd->net.vio->ssl_) : 0)); + net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ? + SSL_session_reused((SSL*) thd->net.vio->ssl_arg) : 0)); break; case SHOW_SSL_GET_DEFAULT_TIMEOUT: - net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? - SSL_get_default_timeout(thd->net.vio->ssl_):0)); + net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ? + SSL_get_default_timeout((SSL*) thd->net.vio->ssl_arg) : + 0)); break; case SHOW_SSL_GET_VERIFY_MODE: - net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? - SSL_get_verify_mode(thd->net.vio->ssl_):0)); + net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ? + SSL_get_verify_mode((SSL*) thd->net.vio->ssl_arg):0)); break; case SHOW_SSL_GET_VERIFY_DEPTH: - net_store_data(&packet2,(uint32) (thd->net.vio->ssl_ ? - SSL_get_verify_depth(thd->net.vio->ssl_):0)); + net_store_data(&packet2,(uint32) (thd->net.vio->ssl_arg ? + SSL_get_verify_depth((SSL*) thd->net.vio->ssl_arg):0)); break; case SHOW_SSL_GET_CIPHER: - net_store_data(&packet2, thd->net.vio->ssl_ ? - SSL_get_cipher(thd->net.vio->ssl_) : ""); + net_store_data(&packet2, thd->net.vio->ssl_arg ? + SSL_get_cipher((SSL*) thd->net.vio->ssl_arg) : ""); break; case SHOW_SSL_GET_CIPHER_LIST: - if (thd->net.vio->ssl_) + if (thd->net.vio->ssl_arg) { char buf[1024], *pos; pos=buf; for (int i=0 ; i++ ;) { - const char *p=SSL_get_cipher_list(thd->net.vio->ssl_,i); + const char *p=SSL_get_cipher_list((SSL*) thd->net.vio->ssl_arg,i); if (p == NULL) break; pos=strmov(pos, p); diff --git a/vio/vio.c b/vio/vio.c index d822651cca6..2b745ab3ec6 100644 --- a/vio/vio.c +++ b/vio/vio.c @@ -21,13 +21,7 @@ the file descriptior. */ -#define DONT_MAP_VIO -#include <my_global.h> -#include <mysql_com.h> -#include <my_sys.h> -#include <m_string.h> -#include <violite.h> -#include <errno.h> +#include "vio_priv.h" /* * Helper to fill most of the Vio* with defaults. @@ -61,6 +55,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type, vio->in_addr =vio_ssl_in_addr; vio->vioblocking =vio_ssl_blocking; vio->is_blocking =vio_is_blocking; + vio->timeout =vio_ssl_timeout; } else /* default is VIO_TYPE_TCPIP */ #endif /* HAVE_OPENSSL */ @@ -77,6 +72,7 @@ void vio_reset(Vio* vio, enum enum_vio_type type, vio->in_addr =vio_in_addr; vio->vioblocking =vio_blocking; vio->is_blocking =vio_is_blocking; + vio->timeout =vio_timeout; } #endif /* HAVE_VIO */ DBUG_VOID_RETURN; diff --git a/vio/vio_priv.h b/vio/vio_priv.h new file mode 100644 index 00000000000..66a9bde4e0d --- /dev/null +++ b/vio/vio_priv.h @@ -0,0 +1,54 @@ +/* Copyright (C) 2003 MySQL AB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + +/* Structures and functions private to the vio package */ + +#define DONT_MAP_VIO +#include <my_global.h> +#include <mysql_com.h> +#include <my_sys.h> +#include <m_string.h> +#include <violite.h> + +#ifdef HAVE_OPENSSL +#include "my_net.h" /* needed because of struct in_addr */ + +void vio_ssl_delete(Vio* vio); +int vio_ssl_read(Vio *vio,gptr buf, int size); +int vio_ssl_write(Vio *vio,const gptr buf,int size); +void vio_ssl_timeout(Vio *vio, uint timeout); + +/* setsockopt TCP_NODELAY at IPPROTO_TCP level, when possible. */ +int vio_ssl_fastsend(Vio *vio); +/* setsockopt SO_KEEPALIVE at SOL_SOCKET level, when possible. */ +int vio_ssl_keepalive(Vio *vio, my_bool onoff); +/* Whenever we should retry the last read/write operation. */ +my_bool vio_ssl_should_retry(Vio *vio); +/* When the workday is over... */ +int vio_ssl_close(Vio *vio); +/* Return last error number */ +int vio_ssl_errno(Vio *vio); +my_bool vio_ssl_peer_addr(Vio *vio, char *buf, uint16 *port); +void vio_ssl_in_addr(Vio *vio, struct in_addr *in); +int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode); + +/* Single copy for server */ +enum vio_ssl_acceptorfd_state +{ + state_connect = 1, + state_accept = 2 +}; +#endif /* HAVE_OPENSSL */ diff --git a/vio/viosocket.c b/vio/viosocket.c index 6f5c4142a45..ad156fc33bf 100644 --- a/vio/viosocket.c +++ b/vio/viosocket.c @@ -21,19 +21,7 @@ the file descriptior. */ -#define DONT_MAP_VIO -#include <my_global.h> -#include <mysql_com.h> - -#include <errno.h> -#include <my_sys.h> -#include <violite.h> -#include <my_net.h> -#include <m_string.h> - -#ifndef __WIN__ -#define HANDLE void * -#endif +#include "vio_priv.h" void vio_delete(Vio* vio) { @@ -334,3 +322,14 @@ my_bool vio_poll_read(Vio *vio,uint timeout) DBUG_RETURN(fds.revents & POLLIN ? 0 : 1); #endif } + + +void vio_timeout(Vio *vio __attribute__((unused)), + uint timeout __attribute__((unused))) +{ +#ifdef __WIN__ + ulong wait_timeout= (ulong) timeout * 1000; + (void) setsockopt(vio->sd, SOL_SOCKET, SO_RCVTIMEO, (char*) &wait_timeout, + sizeof(wait_timeout)); +#endif /* __WIN__ */ +} diff --git a/vio/viossl.c b/vio/viossl.c index fc95b0755ce..fafe48b7a84 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -21,23 +21,10 @@ the file descriptior. */ -#include <my_global.h> +#include "vio_priv.h" #ifdef HAVE_OPENSSL -#include <mysql_com.h> - -#include <errno.h> -#include <assert.h> -#include <violite.h> -#include <my_sys.h> -#include <my_net.h> -#include <m_string.h> - -#ifndef __WIN__ -#define HANDLE void * -#endif - static void report_errors() { @@ -88,11 +75,11 @@ int vio_ssl_read(Vio * vio, gptr buf, int size) int r; DBUG_ENTER("vio_ssl_read"); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d, ssl_=%p", - vio->sd, buf, size, vio->ssl_)); + vio->sd, buf, size, vio->ssl_arg)); - if ((r= SSL_read(vio->ssl_, buf, size)) < 0) + if ((r= SSL_read((SSL*) vio->ssl_arg, buf, size)) < 0) { - int err= SSL_get_error(vio->ssl_, r); + int err= SSL_get_error((SSL*) vio->ssl_arg, r); DBUG_PRINT("error",("SSL_read(): %d SSL_get_error(): %d", r, err)); report_errors(); } @@ -107,7 +94,7 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size) DBUG_ENTER("vio_ssl_write"); DBUG_PRINT("enter", ("sd=%d, buf=%p, size=%d", vio->sd, buf, size)); - if ((r= SSL_write(vio->ssl_, buf, size)) < 0) + if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0) report_errors(); DBUG_PRINT("exit", ("%d", r)); DBUG_RETURN(r); @@ -171,11 +158,11 @@ int vio_ssl_close(Vio * vio) int r; DBUG_ENTER("vio_ssl_close"); r=0; - if (vio->ssl_) + if ((SSL*) vio->ssl_arg) { - r = SSL_shutdown(vio->ssl_); - SSL_free(vio->ssl_); - vio->ssl_= 0; + r = SSL_shutdown((SSL*) vio->ssl_arg); + SSL_free((SSL*) vio->ssl_arg); + vio->ssl_arg= 0; } if (vio->sd >= 0) { @@ -273,8 +260,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) net_blocking = vio_is_blocking(vio); vio_blocking(vio, 1, &unused); /* Must be called before reset */ vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); - vio->ssl_=0; - if (!(vio->ssl_ = SSL_new(ptr->ssl_context_))) + vio->ssl_arg= 0; + if (!(vio->ssl_arg= (void*) SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); report_errors(); @@ -282,25 +269,25 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } - DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout)); - SSL_clear(vio->ssl_); - SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); - SSL_set_fd(vio->ssl_,vio->sd); - SSL_set_accept_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1) + DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout)); + SSL_clear((SSL*) vio->ssl_arg); + SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout); + SSL_set_fd((SSL*) vio->ssl_arg,vio->sd); + SSL_set_accept_state((SSL*) vio->ssl_arg); + if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); - SSL_free(vio->ssl_); - vio->ssl_=0; + SSL_free((SSL*) vio->ssl_arg); + vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } #ifndef DBUF_OFF DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" - ,SSL_get_cipher_name(vio->ssl_))); - client_cert = SSL_get_peer_certificate (vio->ssl_); + ,SSL_get_cipher_name((SSL*) vio->ssl_arg))); + client_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg); if (client_cert != NULL) { DBUG_PRINT("info",("Client certificate:")); @@ -317,7 +304,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) else DBUG_PRINT("info",("Client does not have certificate.")); - str=SSL_get_shared_ciphers(vio->ssl_, buf, sizeof(buf)); + str=SSL_get_shared_ciphers((SSL*) vio->ssl_arg, buf, sizeof(buf)); if (str) { DBUG_PRINT("info",("SSL_get_shared_ciphers() returned '%s'",str)); @@ -340,14 +327,14 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) my_bool net_blocking; enum enum_vio_type old_type; DBUG_ENTER("sslconnect"); - DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context_)); + DBUG_PRINT("enter", ("sd=%d ptr=%p ctx: %p", vio->sd,ptr,ptr->ssl_context)); old_type= vio->type; net_blocking = vio_is_blocking(vio); vio_blocking(vio, 1, &unused); /* Must be called before reset */ vio_reset(vio,VIO_TYPE_SSL,vio->sd,0,FALSE); - vio->ssl_=0; - if (!(vio->ssl_ = SSL_new(ptr->ssl_context_))) + vio->ssl_arg= 0; + if (!(vio->ssl_arg = SSL_new(ptr->ssl_context))) { DBUG_PRINT("error", ("SSL_new failure")); report_errors(); @@ -355,25 +342,25 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } - DBUG_PRINT("info", ("ssl_=%p timeout=%ld",vio->ssl_, timeout)); - SSL_clear(vio->ssl_); - SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); - SSL_set_fd (vio->ssl_, vio->sd); - SSL_set_connect_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1) + DBUG_PRINT("info", ("ssl_=%p timeout=%ld",(SSL*) vio->ssl_arg, timeout)); + SSL_clear((SSL*) vio->ssl_arg); + SSL_SESSION_set_timeout(SSL_get_session((SSL*) vio->ssl_arg), timeout); + SSL_set_fd ((SSL*) vio->ssl_arg, vio->sd); + SSL_set_connect_state((SSL*) vio->ssl_arg); + if (SSL_do_handshake((SSL*) vio->ssl_arg) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); - SSL_free(vio->ssl_); - vio->ssl_=0; + SSL_free((SSL*) vio->ssl_arg); + vio->ssl_arg= 0; vio_reset(vio, old_type,vio->sd,0,FALSE); vio_blocking(vio, net_blocking, &unused); DBUG_RETURN(1); } #ifndef DBUG_OFF DBUG_PRINT("info",("SSL_get_cipher_name() = '%s'" - ,SSL_get_cipher_name(vio->ssl_))); - server_cert = SSL_get_peer_certificate (vio->ssl_); + ,SSL_get_cipher_name((SSL*) vio->ssl_arg))); + server_cert = SSL_get_peer_certificate ((SSL*) vio->ssl_arg); if (server_cert != NULL) { DBUG_PRINT("info",("Server certificate:")); @@ -407,4 +394,10 @@ int vio_ssl_blocking(Vio * vio __attribute__((unused)), return set_blocking_mode ? 0 : 1; } + +void vio_ssl_timeout(Vio *vio __attribute__((unused)), + uint timeout __attribute__((unused))) +{ + /* Not yet implemented (non critical) */ +} #endif /* HAVE_OPENSSL */ diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 69d4f3007b8..0997e3909db 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -14,15 +14,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include <my_global.h> +#include "vio_priv.h" #ifdef HAVE_OPENSSL -#include <mysql_com.h> -#include <my_sys.h> -#include <violite.h> - - static bool ssl_algorithms_added = FALSE; static bool ssl_error_strings_loaded= FALSE; static int verify_depth = 0; @@ -203,8 +198,8 @@ new_VioSSLConnectorFd(const char* key_file, my_malloc(sizeof(struct st_VioSSLConnectorFd),MYF(0))))) DBUG_RETURN(0); - ptr->ssl_context_= 0; - ptr->ssl_method_= 0; + ptr->ssl_context= 0; + ptr->ssl_method= 0; /* FIXME: constants! */ if (!ssl_algorithms_added) @@ -219,10 +214,10 @@ new_VioSSLConnectorFd(const char* key_file, ssl_error_strings_loaded = TRUE; SSL_load_error_strings(); } - ptr->ssl_method_ = TLSv1_client_method(); - ptr->ssl_context_ = SSL_CTX_new(ptr->ssl_method_); - DBUG_PRINT("info", ("ssl_context_: %p",ptr->ssl_context_)); - if (ptr->ssl_context_ == 0) + ptr->ssl_method = TLSv1_client_method(); + ptr->ssl_context = SSL_CTX_new(ptr->ssl_method); + DBUG_PRINT("info", ("ssl_context: %p",ptr->ssl_context)); + if (ptr->ssl_context == 0) { DBUG_PRINT("error", ("SSL_CTX_new failed")); report_errors(); @@ -234,20 +229,20 @@ new_VioSSLConnectorFd(const char* key_file, */ if (cipher) { - result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); + result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); } - SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); - if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) + SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback); + if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); report_errors(); goto ctor_failure; } - if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file,ca_path) == 0) + if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file,ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_) == 0) + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context) == 0) { DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); report_errors(); @@ -257,7 +252,7 @@ new_VioSSLConnectorFd(const char* key_file, /* DH stuff */ dh=get_dh512(); - SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); + SSL_CTX_set_tmp_dh(ptr->ssl_context,dh); DH_free(dh); DBUG_RETURN(ptr); @@ -292,10 +287,10 @@ new_VioSSLAcceptorFd(const char *key_file, ptr= ((struct st_VioSSLAcceptorFd*) my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0))); - ptr->ssl_context_=0; - ptr->ssl_method_=0; + ptr->ssl_context=0; + ptr->ssl_method=0; /* FIXME: constants! */ - ptr->session_id_context_ = ptr; + ptr->session_id_context= ptr; if (!ssl_algorithms_added) { @@ -310,9 +305,9 @@ new_VioSSLAcceptorFd(const char *key_file, ssl_error_strings_loaded = TRUE; SSL_load_error_strings(); } - ptr->ssl_method_= TLSv1_server_method(); - ptr->ssl_context_= SSL_CTX_new(ptr->ssl_method_); - if (ptr->ssl_context_ == 0) + ptr->ssl_method= TLSv1_server_method(); + ptr->ssl_context= SSL_CTX_new(ptr->ssl_method); + if (ptr->ssl_context == 0) { DBUG_PRINT("error", ("SSL_CTX_new failed")); report_errors(); @@ -320,31 +315,31 @@ new_VioSSLAcceptorFd(const char *key_file, } if (cipher) { - result=SSL_CTX_set_cipher_list(ptr->ssl_context_, cipher); + result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher); DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result)); } /* SSL_CTX_set_quiet_shutdown(ctx,1); */ - SSL_CTX_sess_set_cache_size(ptr->ssl_context_,128); + SSL_CTX_sess_set_cache_size(ptr->ssl_context,128); /* DH? */ - SSL_CTX_set_verify(ptr->ssl_context_, verify, vio_verify_callback); - SSL_CTX_set_session_id_context(ptr->ssl_context_, - (const uchar*) &(ptr->session_id_context_), - sizeof(ptr->session_id_context_)); + SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback); + SSL_CTX_set_session_id_context(ptr->ssl_context, + (const uchar*) &(ptr->session_id_context), + sizeof(ptr->session_id_context)); /* SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); */ - if (vio_set_cert_stuff(ptr->ssl_context_, cert_file, key_file) == -1) + if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); report_errors(); goto ctor_failure; } - if (SSL_CTX_load_verify_locations( ptr->ssl_context_, ca_file, ca_path) == 0) + if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0) { DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed")); - if (SSL_CTX_set_default_verify_paths(ptr->ssl_context_)==0) + if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0) { DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed")); report_errors(); @@ -353,7 +348,7 @@ new_VioSSLAcceptorFd(const char *key_file, } /* DH stuff */ dh=get_dh512(); - SSL_CTX_set_tmp_dh(ptr->ssl_context_,dh); + SSL_CTX_set_tmp_dh(ptr->ssl_context,dh); DH_free(dh); DBUG_RETURN(ptr); @@ -362,6 +357,4 @@ ctor_failure: my_free((gptr) ptr,MYF(0)); DBUG_RETURN(0); } - - #endif /* HAVE_OPENSSL */ |