diff options
Diffstat (limited to 'sql-common')
| -rw-r--r-- | sql-common/client.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/sql-common/client.c b/sql-common/client.c index 203e822d3da..fe43b593b1c 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -579,11 +579,11 @@ cli_safe_read(MYSQL *mysql) restart: if (net->vio != 0) len= my_net_read_packet(net, 0); - + if (len == packet_error || len == 0) { DBUG_PRINT("error",("Wrong connection or packet. fd: %s len: %lu", - vio_description(net->vio),len)); + net->vio ? vio_description(net->vio) : NULL, len)); #ifdef MYSQL_SERVER if (net->vio && (net->last_errno == ER_NET_READ_INTERRUPTED)) return (packet_error); @@ -1232,11 +1232,12 @@ void mysql_read_default_options(struct st_mysql_options *options, options->max_allowed_packet= atoi(opt_arg); break; case OPT_protocol: - if ((options->protocol= find_type(opt_arg, &sql_protocol_typelib, + if (options->protocol != UINT_MAX32 && + (options->protocol= find_type(opt_arg, &sql_protocol_typelib, FIND_TYPE_BASIC)) <= 0) { fprintf(stderr, "Unknown option to protocol: %s\n", opt_arg); - exit(1); + options->protocol= UINT_MAX32; } break; case OPT_shared_memory_base_name: @@ -1777,15 +1778,22 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused))) #if defined(HAVE_OPENSSL) +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(HAVE_YASSL) +#include <openssl/x509v3.h> +#define HAVE_X509_check_host +#endif + static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const char **errptr) { SSL *ssl; X509 *server_cert= NULL; +#ifndef HAVE_X509_check_host char *cn= NULL; int cn_loc= -1; ASN1_STRING *cn_asn1= NULL; X509_NAME_ENTRY *cn_entry= NULL; X509_NAME *subject= NULL; +#endif int ret_validation= 1; DBUG_ENTER("ssl_verify_server_cert"); @@ -1820,14 +1828,10 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c are what we expect. */ - /* - Some notes for future development - We should check host name in alternative name first and then if needed check in common name. - Currently yssl doesn't support alternative name. - openssl 1.0.2 support X509_check_host method for host name validation, we may need to start using - X509_check_host in the future. - */ - +#ifdef HAVE_X509_check_host + ret_validation= X509_check_host(server_cert, server_hostname, + strlen(server_hostname), 0, 0) != 1; +#else subject= X509_get_subject_name(server_cert); cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1); if (cn_loc < 0) @@ -1835,7 +1839,6 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c *errptr= "Failed to get CN location in the certificate subject"; goto error; } - cn_entry= X509_NAME_get_entry(subject, cn_loc); if (cn_entry == NULL) { @@ -1864,7 +1867,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c /* Success */ ret_validation= 0; } - +#endif *errptr= "SSL certificate validation failure"; error: @@ -3097,7 +3100,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, uint port, const char *unix_socket,ulong client_flag) { char buff[NAME_LEN+USERNAME_LENGTH+100]; - int scramble_data_len, pkt_scramble_len= 0; + int scramble_data_len, UNINIT_VAR(pkt_scramble_len); char *end,*host_info= 0, *server_version_end, *pkt_end; char *scramble_data; const char *scramble_plugin; @@ -3110,7 +3113,6 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, struct sockaddr_un UNIXaddr; #endif DBUG_ENTER("mysql_real_connect"); - LINT_INIT(pkt_scramble_len); DBUG_PRINT("enter",("host: %s db: %s user: %s (client)", host ? host : "(Null)", @@ -3141,6 +3143,8 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, my_free(mysql->options.my_cnf_file); my_free(mysql->options.my_cnf_group); mysql->options.my_cnf_file=mysql->options.my_cnf_group=0; + if (mysql->options.protocol == UINT_MAX32) + goto error; } /* Some empty-string-tests are done because of ODBC */ @@ -3418,7 +3422,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, if (mysql->options.extension && mysql->options.extension->async_context) net->vio->async_context= mysql->options.extension->async_context; - if (my_net_init(net, net->vio, MYF(0))) + if (my_net_init(net, net->vio, _current_thd(), MYF(0))) { vio_delete(net->vio); net->vio = 0; |