diff options
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | vio/docs/TODO | 3 | ||||
| -rw-r--r-- | vio/vio.c | 65 | ||||
| -rw-r--r-- | vio/vio_priv.h | 8 | ||||
| -rw-r--r-- | vio/viopipe.c | 1 | ||||
| -rw-r--r-- | vio/vioshm.c | 217 | ||||
| -rw-r--r-- | vio/viosocket.c | 56 | ||||
| -rw-r--r-- | vio/viossl.c | 49 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 99 |
9 files changed, 131 insertions, 369 deletions
diff --git a/vio/CMakeLists.txt b/vio/CMakeLists.txt index 6749d3c699b..85810840273 100644 --- a/vio/CMakeLists.txt +++ b/vio/CMakeLists.txt @@ -17,6 +17,6 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${SSL_INCLUDE_DIRS}) ADD_DEFINITIONS(${SSL_DEFINES}) -SET(VIO_SOURCES vio.c viosocket.c viossl.c viopipe.c vioshm.c viosslfactories.c) +SET(VIO_SOURCES vio.c viosocket.c viossl.c viopipe.c viosslfactories.c) ADD_CONVENIENCE_LIBRARY(vio ${VIO_SOURCES}) TARGET_LINK_LIBRARIES(vio ${LIBSOCKET}) diff --git a/vio/docs/TODO b/vio/docs/TODO deleted file mode 100644 index 7296ab73a10..00000000000 --- a/vio/docs/TODO +++ /dev/null @@ -1,3 +0,0 @@ -* Consistent error handling. May be the initialization should - be taken out of constructors and be put into virtual method open(). -* The open() method is named very misleadingly(). diff --git a/vio/vio.c b/vio/vio.c index 52a5387a852..3f92c1e6853 100644 --- a/vio/vio.c +++ b/vio/vio.c @@ -54,18 +54,6 @@ static my_bool has_no_data(Vio *vio __attribute__((unused))) } #ifdef _WIN32 -my_bool vio_shared_memory_has_data(Vio *vio) -{ - return (vio->shared_memory_remain > 0); -} - -int vio_shared_memory_shutdown(Vio *vio, int how) -{ - SetEvent(vio->event_conn_closed); - SetEvent(vio->event_server_wrote); - return 0; -} - int vio_pipe_shutdown(Vio *vio, int how) { return CancelIoEx(vio->hPipe, NULL); @@ -116,28 +104,7 @@ static void vio_init(Vio *vio, enum enum_vio_type type, DBUG_VOID_RETURN; } #endif -#ifdef HAVE_SMEM - if (type == VIO_TYPE_SHARED_MEMORY) - { - vio->viodelete =vio_delete; - vio->vioerrno =vio_errno; - vio->read =vio_read_shared_memory; - vio->write =vio_write_shared_memory; - vio->fastsend =vio_fastsend; - vio->viokeepalive =vio_keepalive; - vio->should_retry =vio_should_retry; - vio->was_timeout =vio_was_timeout; - vio->vioclose =vio_close_shared_memory; - vio->peer_addr =vio_peer_addr; - vio->vioblocking =vio_blocking; - vio->is_blocking =vio_is_blocking; - vio->io_wait =no_io_wait; - vio->is_connected =vio_is_connected_shared_memory; - vio->has_data =vio_shared_memory_has_data; - vio->shutdown =vio_shared_memory_shutdown; - DBUG_VOID_RETURN; - } -#endif + #ifdef HAVE_OPENSSL if (type == VIO_TYPE_SSL) { @@ -296,31 +263,7 @@ Vio *vio_new_win32pipe(HANDLE hPipe) DBUG_RETURN(vio); } -#ifdef HAVE_SMEM -Vio *vio_new_win32shared_memory(HANDLE handle_file_map, HANDLE handle_map, - HANDLE event_server_wrote, HANDLE event_server_read, - HANDLE event_client_wrote, HANDLE event_client_read, - HANDLE event_conn_closed) -{ - Vio *vio; - DBUG_ENTER("vio_new_win32shared_memory"); - if ((vio = (Vio*) my_malloc(sizeof(Vio),MYF(MY_WME)))) - { - vio_init(vio, VIO_TYPE_SHARED_MEMORY, 0, VIO_LOCALHOST); - vio->desc= "shared memory"; - vio->handle_file_map= handle_file_map; - vio->handle_map= handle_map; - vio->event_server_wrote= event_server_wrote; - vio->event_server_read= event_server_read; - vio->event_client_wrote= event_client_wrote; - vio->event_client_read= event_client_read; - vio->event_conn_closed= event_conn_closed; - vio->shared_memory_remain= 0; - vio->shared_memory_pos= handle_map; - } - DBUG_RETURN(vio); -} -#endif + #endif @@ -386,8 +329,8 @@ void vio_delete(Vio* vio) */ void vio_end(void) { -#ifdef HAVE_YASSL - yaSSL_CleanUp(); +#ifdef HAVE_WOLFSSL + wolfSSL_Cleanup(); #elif defined(HAVE_OPENSSL) // This one is needed on the client side ERR_remove_state(0); diff --git a/vio/vio_priv.h b/vio/vio_priv.h index 6780ec5664a..3a0f826e7e8 100644 --- a/vio/vio_priv.h +++ b/vio/vio_priv.h @@ -36,14 +36,6 @@ int vio_shutdown_pipe(Vio *vio,int how); uint vio_pending_pipe(Vio* vio); #endif -#ifdef HAVE_SMEM -size_t vio_read_shared_memory(Vio *vio, uchar * buf, size_t size); -size_t vio_write_shared_memory(Vio *vio, const uchar * buf, size_t size); -my_bool vio_is_connected_shared_memory(Vio *vio); -int vio_close_shared_memory(Vio * vio); -my_bool vio_shared_memory_has_data(Vio *vio); -int vio_shutdown_shared_memory(Vio *vio, int how); -#endif int vio_socket_shutdown(Vio *vio, int how); my_bool vio_buff_has_data(Vio *vio); diff --git a/vio/viopipe.c b/vio/viopipe.c index 5007599aa17..567884807fe 100644 --- a/vio/viopipe.c +++ b/vio/viopipe.c @@ -131,7 +131,6 @@ int vio_close_pipe(Vio *vio) CancelIo(vio->hPipe); CloseHandle(vio->overlapped.hEvent); - DisconnectNamedPipe(vio->hPipe); ret= CloseHandle(vio->hPipe); vio->type= VIO_CLOSED; diff --git a/vio/vioshm.c b/vio/vioshm.c deleted file mode 100644 index 7b491b8f9b4..00000000000 --- a/vio/vioshm.c +++ /dev/null @@ -1,217 +0,0 @@ -/* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ - -#include "vio_priv.h" - -#if defined(_WIN32) && defined(HAVE_SMEM) - -size_t vio_read_shared_memory(Vio *vio, uchar *buf, size_t size) -{ - size_t length; - size_t remain_local; - char *current_position; - HANDLE events[2]; - DWORD timeout; - DBUG_ENTER("vio_read_shared_memory"); - - remain_local= size; - current_position= buf; - timeout= vio->read_timeout >= 0 ? vio->read_timeout : INFINITE; - - events[0]= vio->event_server_wrote; - events[1]= vio->event_conn_closed; - - do - { - if (vio->shared_memory_remain == 0) - { - DWORD wait_status; - - wait_status= WaitForMultipleObjects(array_elements(events), events, - FALSE, timeout); - - /* - WaitForMultipleObjects can return next values: - WAIT_OBJECT_0+0 - event from vio->event_server_wrote - WAIT_OBJECT_0+1 - event from vio->event_conn_closed. - We can't read anything - WAIT_ABANDONED_0 and WAIT_TIMEOUT - fail. We can't read anything - */ - if (wait_status != WAIT_OBJECT_0) - { - /* - If wait_status is WAIT_TIMEOUT, set error code to indicate a - timeout error. If vio->event_conn_closed was set, use an EOF - condition (return value of zero) to indicate that the operation - has been aborted. - */ - if (wait_status == WAIT_TIMEOUT) - SetLastError(SOCKET_ETIMEDOUT); - else if (wait_status == (WAIT_OBJECT_0 + 1)) - DBUG_RETURN(0); - - DBUG_RETURN(-1); - } - - vio->shared_memory_pos= vio->handle_map; - vio->shared_memory_remain= uint4korr((ulong*)vio->shared_memory_pos); - vio->shared_memory_pos+= 4; - } - - length= size; - - if (vio->shared_memory_remain < length) - length= vio->shared_memory_remain; - if (length > remain_local) - length= remain_local; - - memcpy(current_position, vio->shared_memory_pos, length); - - vio->shared_memory_remain-= length; - vio->shared_memory_pos+= length; - current_position+= length; - remain_local-= length; - - if (!vio->shared_memory_remain) - { - if (!SetEvent(vio->event_client_read)) - DBUG_RETURN(-1); - } - } while (remain_local); - length= size; - - DBUG_RETURN(length); -} - - -size_t vio_write_shared_memory(Vio *vio, const uchar *buf, size_t size) -{ - size_t length, remain, sz; - HANDLE pos; - const uchar *current_position; - HANDLE events[2]; - DWORD timeout; - DBUG_ENTER("vio_write_shared_memory"); - - remain= size; - current_position= buf; - timeout= vio->write_timeout >= 0 ? vio->write_timeout : INFINITE; - - events[0]= vio->event_server_read; - events[1]= vio->event_conn_closed; - - while (remain != 0) - { - DWORD wait_status; - - wait_status= WaitForMultipleObjects(array_elements(events), events, - FALSE, timeout); - - if (wait_status != WAIT_OBJECT_0) - { - /* Set error code to indicate a timeout error or disconnect. */ - if (wait_status == WAIT_TIMEOUT) - SetLastError(SOCKET_ETIMEDOUT); - else - SetLastError(ERROR_GRACEFUL_DISCONNECT); - - DBUG_RETURN((size_t) -1); - } - - sz= (remain > shared_memory_buffer_length ? shared_memory_buffer_length : - remain); - - int4store(vio->handle_map, sz); - pos= vio->handle_map + 4; - memcpy(pos, current_position, sz); - remain-= sz; - current_position+= sz; - if (!SetEvent(vio->event_client_wrote)) - DBUG_RETURN((size_t) -1); - } - length= size; - - DBUG_RETURN(length); -} - - -my_bool vio_is_connected_shared_memory(Vio *vio) -{ - return (WaitForSingleObject(vio->event_conn_closed, 0) != WAIT_OBJECT_0); -} - - -/** - Close shared memory and DBUG_PRINT any errors that happen on closing. - @return Zero if all closing functions succeed, and nonzero otherwise. -*/ -int vio_close_shared_memory(Vio * vio) -{ - int error_count= 0; - DBUG_ENTER("vio_close_shared_memory"); - if (vio->type != VIO_CLOSED) - { - /* - Set event_conn_closed for notification of both client and server that - connection is closed - */ - SetEvent(vio->event_conn_closed); - /* - Close all handlers. UnmapViewOfFile and CloseHandle return non-zero - result if they are success. - */ - if (UnmapViewOfFile(vio->handle_map) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("UnmapViewOfFile() failed")); - } - if (CloseHandle(vio->event_server_wrote) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("CloseHandle(vio->esw) failed")); - } - if (CloseHandle(vio->event_server_read) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("CloseHandle(vio->esr) failed")); - } - if (CloseHandle(vio->event_client_wrote) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("CloseHandle(vio->ecw) failed")); - } - if (CloseHandle(vio->event_client_read) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("CloseHandle(vio->ecr) failed")); - } - if (CloseHandle(vio->handle_file_map) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("CloseHandle(vio->hfm) failed")); - } - if (CloseHandle(vio->event_conn_closed) == 0) - { - error_count++; - DBUG_PRINT("vio_error", ("CloseHandle(vio->ecc) failed")); - } - } - vio->type= VIO_CLOSED; - vio->mysql_socket= MYSQL_INVALID_SOCKET; - DBUG_RETURN(error_count); -} - -#endif /* #if defined(_WIN32) && defined(HAVE_SMEM) */ - diff --git a/vio/viosocket.c b/vio/viosocket.c index 6409aeb9899..0820176371d 100644 --- a/vio/viosocket.c +++ b/vio/viosocket.c @@ -74,8 +74,7 @@ int vio_errno(Vio *vio __attribute__((unused))) { /* These transport types are not Winsock based. */ #ifdef _WIN32 - if (vio->type == VIO_TYPE_NAMEDPIPE || - vio->type == VIO_TYPE_SHARED_MEMORY) + if (vio->type == VIO_TYPE_NAMEDPIPE) return GetLastError(); #endif @@ -149,6 +148,10 @@ int vio_socket_io_wait(Vio *vio, enum enum_vio_io_event event) #define VIO_DONTWAIT 0 #endif +#ifndef SOCKET_EAGAIN +#define SOCKET_EAGAIN SOCKET_EWOULDBLOCK +#endif + /* returns number of bytes read or -1 in case of an error */ @@ -363,7 +366,7 @@ int vio_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode) r= set_blocking_mode ? 0 : 1; #endif /* !defined(NO_FCNTL_NONBLOCK) */ #else /* !defined(__WIN__) */ - if (vio->type != VIO_TYPE_NAMEDPIPE && vio->type != VIO_TYPE_SHARED_MEMORY) + if (vio->type != VIO_TYPE_NAMEDPIPE) { ulong arg; int old_fcntl=vio->fcntl_mode; @@ -435,13 +438,39 @@ int vio_socket_timeout(Vio *vio, DBUG_RETURN(ret); } +/* Set TCP_NODELAY (disable Nagle's algorithm */ +int vio_nodelay(Vio *vio, my_bool on) +{ + int r; + int no_delay= MY_TEST(on); + DBUG_ENTER("vio_nodelay"); + + if (vio->type == VIO_TYPE_NAMEDPIPE || vio->type == VIO_TYPE_SOCKET) + { + DBUG_RETURN(0); + } + + r = mysql_socket_setsockopt(vio->mysql_socket, IPPROTO_TCP, TCP_NODELAY, + IF_WIN((const char*), (void*)) &no_delay, + sizeof(no_delay)); -int vio_fastsend(Vio * vio __attribute__((unused))) + if (r) + { + DBUG_PRINT("warning", + ("Couldn't set socket option for fast send, error %d", + socket_errno)); + r = -1; + } + DBUG_PRINT("exit", ("%d", r)); + DBUG_RETURN(r); +} + +int vio_fastsend(Vio * vio) { int r=0; DBUG_ENTER("vio_fastsend"); - if (vio->type == VIO_TYPE_NAMEDPIPE ||vio->type == VIO_TYPE_SHARED_MEMORY) + if (vio->type == VIO_TYPE_NAMEDPIPE) { DBUG_RETURN(0); } @@ -454,18 +483,7 @@ int vio_fastsend(Vio * vio __attribute__((unused))) } #endif /* IPTOS_THROUGHPUT */ if (!r) - { -#ifdef __WIN__ - BOOL nodelay= 1; -#else - int nodelay = 1; -#endif - - r= mysql_socket_setsockopt(vio->mysql_socket, IPPROTO_TCP, TCP_NODELAY, - IF_WIN((const char*), (void*)) &nodelay, - sizeof(nodelay)); - - } + r = vio_nodelay(vio, TRUE); if (r) { DBUG_PRINT("warning", @@ -486,7 +504,7 @@ int vio_keepalive(Vio* vio, my_bool set_keep_alive) (int)mysql_socket_getfd(vio->mysql_socket), (int)set_keep_alive)); - if (vio->type != VIO_TYPE_NAMEDPIPE && vio->type != VIO_TYPE_SHARED_MEMORY) + if (vio->type != VIO_TYPE_NAMEDPIPE) { if (set_keep_alive) opt = 1; @@ -505,7 +523,7 @@ int vio_set_keepalive_options(Vio* vio, const struct vio_keepalive_opts *opts) struct tcp_keepalive s; DWORD nbytes; - if (vio->type == VIO_TYPE_NAMEDPIPE || vio->type == VIO_TYPE_SHARED_MEMORY) + if (vio->type == VIO_TYPE_NAMEDPIPE) return 0; if (!opts->idle && !opts->interval) diff --git a/vio/viossl.c b/vio/viossl.c index 30946d3261c..a5b3396953e 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -26,19 +26,7 @@ #ifdef HAVE_OPENSSL -#ifdef HAVE_YASSL -/* - yassl seem to be different here, SSL_get_error() value can be - directly passed to ERR_error_string(), and these errors don't go - into ERR_get_error() stack. - in openssl, apparently, SSL_get_error() values live in a different - namespace, one needs to use ERR_get_error() as an argument - for ERR_error_string(). -*/ -#define SSL_errno(X,Y) SSL_get_error(X,Y) -#else #define SSL_errno(X,Y) ERR_get_error() -#endif /** Obtain the equivalent system error status for the last SSL I/O operation. @@ -124,9 +112,7 @@ static my_bool ssl_should_retry(Vio *vio, int ret, enum enum_vio_io_event *event default: should_retry= FALSE; ssl_set_sys_error(ssl_error); -#ifndef HAVE_YASSL ERR_clear_error(); -#endif break; } @@ -197,25 +183,6 @@ size_t vio_ssl_write(Vio *vio, const uchar *buf, size_t size) DBUG_RETURN(ret < 0 ? -1 : ret); } -#ifdef HAVE_YASSL - -/* Emulate a blocking recv() call with vio_read(). */ -static long yassl_recv(void *ptr, void *buf, size_t len, - int flag __attribute__((unused))) -{ - return (long)vio_read(ptr, buf, len); -} - - -/* Emulate a blocking send() call with vio_write(). */ -static long yassl_send(void *ptr, const void *buf, size_t len, - int flag __attribute__((unused))) -{ - return (long)vio_write(ptr, buf, len); -} - -#endif - int vio_ssl_close(Vio *vio) { int r= 0; @@ -335,21 +302,13 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); SSL_set_fd(ssl, (int)sd); - /* - Since yaSSL does not support non-blocking send operations, use - special transport functions that properly handles non-blocking - sockets. These functions emulate the behavior of blocking I/O - operations by waiting for I/O to become available. - */ -#ifdef HAVE_YASSL +#ifdef HAVE_WOLFSSL /* Set first argument of the transport functions. */ - yaSSL_transport_set_ptr(ssl, vio); - /* Set functions to use in order to send and receive data. */ - yaSSL_transport_set_recv_function(ssl, yassl_recv); - yaSSL_transport_set_send_function(ssl, yassl_send); + wolfSSL_SetIOReadCtx(ssl, vio); + wolfSSL_SetIOWriteCtx(ssl, vio); #endif -#if !defined(HAVE_YASSL) && defined(SSL_OP_NO_COMPRESSION) +#if defined(SSL_OP_NO_COMPRESSION) SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); #endif diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 8ab7565a666..80d1e55f358 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -18,10 +18,8 @@ #include <ssl_compat.h> #ifdef HAVE_OPENSSL -#ifndef HAVE_YASSL #include <openssl/dh.h> #include <openssl/bn.h> -#endif static my_bool ssl_algorithms_added = FALSE; static my_bool ssl_error_strings_loaded= FALSE; @@ -85,7 +83,8 @@ ssl_error_string[] = "SSL_CTX_set_default_verify_paths failed", "Failed to set ciphers to use", "SSL_CTX_new failed", - "SSL_CTX_set_tmp_dh failed" + "SSL_CTX_set_tmp_dh failed", + "Unknown TLS version" }; const char* @@ -151,7 +150,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file, } -static void check_ssl_init() +void vio_check_ssl_init() { if (!ssl_algorithms_added) { @@ -166,21 +165,76 @@ static void check_ssl_init() } } +#ifdef HAVE_WOLFSSL +static int wolfssl_recv(WOLFSSL* ssl, char* buf, int sz, void* vio) +{ + size_t ret; + (void)ssl; + ret = vio_read((Vio *)vio, (uchar *)buf, sz); + /* check if connection was closed */ + if (ret == 0) + return WOLFSSL_CBIO_ERR_CONN_CLOSE; + + return (int)ret; +} + +static int wolfssl_send(WOLFSSL* ssl, char* buf, int sz, void* vio) +{ + return (int)vio_write((Vio *)vio, (unsigned char*)buf, sz); +} +#endif /* HAVE_WOLFSSL */ + +static long vio_tls_protocol_options(ulonglong tls_version) +{ + long tls_protocol_flags= +#ifdef TLS1_3_VERSION + SSL_OP_NO_TLSv1_3 | +#endif +#if defined(TLS1_2_VERSION) || defined(HAVE_WOLFSSL) + SSL_OP_NO_TLSv1_2 | +#endif + SSL_OP_NO_TLSv1_1 | + SSL_OP_NO_TLSv1; + long disabled_tls_protocols= tls_protocol_flags, + disabled_ssl_protocols= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + + if (!tls_version) + return disabled_ssl_protocols; + + if (tls_version & VIO_TLSv1_0) + disabled_tls_protocols&= ~SSL_OP_NO_TLSv1; + if (tls_version & VIO_TLSv1_1) + disabled_tls_protocols&= ~SSL_OP_NO_TLSv1_1; +#if defined(TLS1_2_VERSION) || defined(HAVE_WOLFSSL) + if (tls_version & VIO_TLSv1_2) + disabled_tls_protocols&= ~SSL_OP_NO_TLSv1_2; +#endif +#ifdef TLS1_3_VERSION + if (tls_version & VIO_TLSv1_3) + disabled_tls_protocols&= ~SSL_OP_NO_TLSv1_3; +#endif + + /* some garbage was specified in tls_version option */ + if (tls_protocol_flags == disabled_tls_protocols) + return -1; + return (disabled_tls_protocols | disabled_ssl_protocols); +} + /************************ VioSSLFd **********************************/ static struct st_VioSSLFd * new_VioSSLFd(const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher, my_bool is_client_method, enum enum_ssl_init_error *error, - const char *crl_file, const char *crl_path) + const char *crl_file, const char *crl_path, ulonglong tls_version) { DH *dh; struct st_VioSSLFd *ssl_fd; - long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + long ssl_ctx_options; DBUG_ENTER("new_VioSSLFd"); DBUG_PRINT("enter", ("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' " - "cipher: '%s' crl_file: '%s' crl_path: '%s' ", + "cipher: '%s' crl_file: '%s' crl_path: '%s'", key_file ? key_file : "NULL", cert_file ? cert_file : "NULL", ca_file ? ca_file : "NULL", @@ -189,7 +243,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, crl_file ? crl_file : "NULL", crl_path ? crl_path : "NULL")); - check_ssl_init(); + vio_check_ssl_init(); if (!(ssl_fd= ((struct st_VioSSLFd*) my_malloc(sizeof(struct st_VioSSLFd),MYF(0))))) @@ -203,6 +257,14 @@ new_VioSSLFd(const char *key_file, const char *cert_file, goto err1; } + ssl_ctx_options= vio_tls_protocol_options(tls_version); + if (ssl_ctx_options == -1) + { + *error= SSL_INITERR_PROTOCOL; + DBUG_PRINT("error", ("%s", sslGetErrString(*error))); + goto err1; + } + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); /* @@ -232,7 +294,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, sslGetErrString(*error))); goto err2; } - +#ifndef HAVE_WOLFSSL /* otherwise go use the defaults */ if (SSL_CTX_set_default_verify_paths(ssl_fd->ssl_context) == 0) { @@ -240,13 +302,15 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_PRINT("error", ("%s", sslGetErrString(*error))); goto err2; } +#endif } if (crl_file || crl_path) { -#ifdef HAVE_YASSL - DBUG_PRINT("warning", ("yaSSL doesn't support CRL")); +#ifdef HAVE_WOLFSSL + /* CRL does not work with WolfSSL. */ DBUG_ASSERT(0); + goto err2; #else X509_STORE *store= SSL_CTX_get_cert_store(ssl_fd->ssl_context); /* Load crls from the trusted ca */ @@ -282,6 +346,12 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DH_free(dh); } +#ifdef HAVE_WOLFSSL + /* set IO functions used by wolfSSL */ + wolfSSL_SetIORecv(ssl_fd->ssl_context, wolfssl_recv); + wolfSSL_SetIOSend(ssl_fd->ssl_context, wolfssl_send); +#endif + DBUG_PRINT("exit", ("OK 1")); DBUG_RETURN(ssl_fd); @@ -317,7 +387,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, ca_path, cipher, TRUE, error, - crl_file, crl_path))) + crl_file, crl_path, 0))) { return 0; } @@ -335,13 +405,14 @@ struct st_VioSSLFd * new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher, enum enum_ssl_init_error* error, - const char *crl_file, const char *crl_path) + const char *crl_file, const char *crl_path, + ulonglong tls_version) { struct st_VioSSLFd *ssl_fd; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, ca_path, cipher, FALSE, error, - crl_file, crl_path))) + crl_file, crl_path, tls_version))) { return 0; } |