| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
On FreeBSD, perl isn't in /usr/bin, its in /usr/local/bin or
elsewhere in the path.
Like storage/{maria/unittest/,}ma_test_* , we use /usr/bin/env to
find perl and run it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
cmake -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Debug
Maintainer mode makes all warnings errors. This patch fix warnings. Mostly about
deprecated `register` keyword.
Too much warnings came from Mroonga and I gave up on it.
|
| |\ \
| |/ |
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
* Update wrong zip-code
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
LAST BYTE ONLY (YASSL)
Description:- TLS cipher negociation happens incorrectly
leading to the use of a different
Analysis:- YaSSL based MySQL server will compare only the
last byte of each cipher sent in the Client Hello message.
This can cause TLS connections to fail, due to the server
picking a cipher which the client doesn't actually support.
Fix:- A fix for detecting cipher suites with non leading
zeros is included as YaSSL only supports cipher suites with
leading zeros.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Use OpenSSL 1.1 when applicable.
Create compatibility macros for OpenSSL 1.0- and YaSSL.
|
| |\ \ \
| |/ / |
|
| | |\ \ |
|
| | | |/ |
|
| |/ / |
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
EXPECTED.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
one leading zeros for the key agreement instead of
potentially any number.
There is about 1 in 50,000 connections to fail
when using DHE cipher suites. The second problem was the
case where a server would send a public value shorter than
the prime value, causing about 1 in 128 client connections
to fail, and also caused the yaSSL client to read off the
end of memory.
All client side DHE cipher suite users should update.
Note: The patch is received from YaSSL people
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
INITIAL STARTUP
Updated yassl to yassl-2.3.7e
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
(cherry picked from commit 7f9941eab55ed672bfcccd382dafbdbcfdc75aaa)
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
INITIAL STARTUP
Updated yassl to yassl-2.3.7e
(cherry picked from commit 6e21c8c04b922bdb60b6a7c174709d2e1bdd3618)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
YASSL-COMPILED SERVER/CLIENT
Description: thread_pool.thread_pool_connect hangs when the server and
client are compiled with yaSSL.
Bug-fix: Test thread_pool.thread_pool_connect was temporary disabled for
yaSSL. However, now that yaSSL is fixed it runs OK. The bug was
introduced by one of the yaSSL updates. set_current was not working for
i == 0. Now this is fixed. YASSL is updated to 2.3.7d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
INITIAL STARTUP
Description: By using mysql_ssl_rsa_setup to get SSL enabled server
(after running mysqld --initialize) server don't answer properly
to "mysqladmin ping" first 30 secs after startup.
Bug-fix: YASSL validated certificate date to the minute but should have
to the second. This is why the ssl on the server side was not up right
away after new certs were created with mysql_ssl_rsa_setup. The fix for
that was submitted by Todd. YASSL was updated to 2.3.7c.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Affects at least 5.6 and 5.7. In customer case, the "client" happened to
be a replication slave, therefore his server crashed.
Bug-fix:
The bug was in yassl. Todd Ouska has provided us with the patch.
(cherry picked from commit 42ffa91aad898b02f0793b669ffd04f5c178ce39)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
Upgrading YaSSL from 2.3.5 to 2.3.7
Reviewed-by : Kristofer Pettersson <kristofer.pettersson@oracle.com>
Reviewed-by : Vamsikrishna Bhagi <vamsikrishna.bhagi@oracle.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
LIES ABOUT SUITE_LEN_
and
Bug#19355577 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT
LIES ABOUT COMP_LEN_
Description : Updating yaSSL to version 2.3.4.
|
| | |
| |
| |
| | |
to copyright header.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem:
It was reported that on Debian and KFreeBSD platforms, i386 architecture
machines certain SSL tests are failing. main.ssl_connect rpl.rpl_heartbeat_ssl
rpl.rpl_ssl1 rpl.rpl_ssl main.ssl_cipher, main.func_encrypt were the tests that
were reportedly failing (crashing). The reason for the crashes are said to be
due to the assembly code of yaSSL.
Solution:
There was initially a workaround suggested i.e., to enable
-DTAOCRYPT_DISABLE_X86ASM flag which would prevent the crash, but at an expense
of 4X reduction of speed. Since this was unacceptable, the fix was the
functions using assembly, now input variables from the function call using
extended inline assembly on GCC instead of relying on direct assembly code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
WITH SSL ENABLED
Problem:
It was reported that MySQL community utilities cannot connect to a MySQL
Enterprise 5.6.x server with SSL configured. We can reproduce the issue
when we try to connect an MySQL Enterprise Server with a MySQL Client with
--ssl-ca parameter enabled.
We get an ERROR 2026 (HY000): SSL connection error: unknown error number.
Solution:
The root cause of the problem was determined to be the difference in handling
of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects
a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key)
has not been specified.On the other hand yaSSL doesn't send any certificate and
since OpenSSL does not expect this behaviour it returns an Unknown SSL error.
The issue was resolved by yaSSL adding capability to send blank certificate when
any of the parameter is missing.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| | |
Description: Updated yassl to version 2.2.2
|
| | |
| |
| |
| |
| |
| | |
to pick up some new security fixes that are in it.
Patch provided by Georgi Kodinov.
|
| | |
| |
| |
| |
| |
| |
| | |
$SUBJ$
1. Took a diff between the previous base version and the
mysql sources.
2. Added the new 2.1.4 base version.
3. Reviewed and re-applied the diff from step #1.
|
| | |
| |
| |
| |
| |
| |
| | |
AND 5.5 YASSL FIXES.
Took the 5.5 yassl code and applied it to the 5.0 codebase, keeping the
compilation files.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Removed files specific to compiling on OS/2
- Removed files specific to SCO Unix packaging
- Removed "libmysqld/copyright", text is included in documentation
- Removed LaTeX headers for NDB Doxygen documentation
- Removed obsolete NDB files
- Removed "mkisofs" binaries
- Removed the "cvs2cl.pl" script
- Changed a few GPL texts to use "program" instead of "library"
|
| | |
| |
| |
| |
| | |
- Fix bug#27265
- Support for fixing bug#18441
|
| | |
| |
| |
| | |
Added an option to yassl to allow "quiet shutdown" like openssl does. This option causes the SSL libs to NOT perform the close_notify handshake during shutdown. This fixes a hang we experience because we hold a lock during socket shutdown.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Fixed a couple of usage of not initialized warnings (unlikely cases)
|
| | |
| |
| |
| |
| |
| |
| | |
- Replace SawTooth copyright header with MySQL's
- Bug#19209 Test 'rpl_openssl' hangs on Windows
- Spurious "2013 Connection to server lost" errors fixed
yaSSL doesn't close socket anymore, that is left to the application
|
| | |
| |
| |
| | |
- Includes patch for Bug#25189
|
| | | |
|
