| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
EXPECTED.
|
| | |
| |
| |
| |
| |
| | |
INITIAL STARTUP
Updated yassl to yassl-2.3.7e
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
INITIAL STARTUP
Updated yassl to yassl-2.3.7e
(cherry picked from commit 6e21c8c04b922bdb60b6a7c174709d2e1bdd3618)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
INITIAL STARTUP
Description: By using mysql_ssl_rsa_setup to get SSL enabled server
(after running mysqld --initialize) server don't answer properly
to "mysqladmin ping" first 30 secs after startup.
Bug-fix: YASSL validated certificate date to the minute but should have
to the second. This is why the ssl on the server side was not up right
away after new certs were created with mysql_ssl_rsa_setup. The fix for
that was submitted by Todd. YASSL was updated to 2.3.7c.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Affects at least 5.6 and 5.7. In customer case, the "client" happened to
be a replication slave, therefore his server crashed.
Bug-fix:
The bug was in yassl. Todd Ouska has provided us with the patch.
(cherry picked from commit 42ffa91aad898b02f0793b669ffd04f5c178ce39)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
Upgrading YaSSL from 2.3.5 to 2.3.7
Reviewed-by : Kristofer Pettersson <kristofer.pettersson@oracle.com>
Reviewed-by : Vamsikrishna Bhagi <vamsikrishna.bhagi@oracle.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
LIES ABOUT SUITE_LEN_
and
Bug#19355577 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT
LIES ABOUT COMP_LEN_
Description : Updating yaSSL to version 2.3.4.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
IN
SSL_CTX_LOAD_VERIFY_
LOCATIONS()
and
OFF-BY-ONE PROBLEM IN
VOID CERTDECODER::
GETDATE(DATETYPE DT)
IN ASN.CPP
Description : Fixes corner cases in yassl code.
Refer to bug page for details.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug#18187290 ISSUE WITH BUILDING MYSQL USING CMAKE 2.8.12
We want to upgrade to VS2013 on Windows.
In order to do this, we need to upgrade to cmake 2.8.12
This has introduced some incompatibilities for .pdb files,
and "make install" no longer works.
To reproduce:
cmake --build . --target package --config debug
The fix:
Rather than installing .pdb files for static libraries, we use the /Z7 flag
to store symbolic debugging information in the .obj files.
|
| | |
| |
| |
| | |
to copyright header.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem:
It was reported that on Debian and KFreeBSD platforms, i386 architecture
machines certain SSL tests are failing. main.ssl_connect rpl.rpl_heartbeat_ssl
rpl.rpl_ssl1 rpl.rpl_ssl main.ssl_cipher, main.func_encrypt were the tests that
were reportedly failing (crashing). The reason for the crashes are said to be
due to the assembly code of yaSSL.
Solution:
There was initially a workaround suggested i.e., to enable
-DTAOCRYPT_DISABLE_X86ASM flag which would prevent the crash, but at an expense
of 4X reduction of speed. Since this was unacceptable, the fix was the
functions using assembly, now input variables from the function call using
extended inline assembly on GCC instead of relying on direct assembly code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
WITH SSL ENABLED
Problem:
It was reported that MySQL community utilities cannot connect to a MySQL
Enterprise 5.6.x server with SSL configured. We can reproduce the issue
when we try to connect an MySQL Enterprise Server with a MySQL Client with
--ssl-ca parameter enabled.
We get an ERROR 2026 (HY000): SSL connection error: unknown error number.
Solution:
The root cause of the problem was determined to be the difference in handling
of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects
a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key)
has not been specified.On the other hand yaSSL doesn't send any certificate and
since OpenSSL does not expect this behaviour it returns an Unknown SSL error.
The issue was resolved by yaSSL adding capability to send blank certificate when
any of the parameter is missing.
|
| | | |
|
| | |
| |
| |
| | |
LIBRARIES USED
|
| | | |
|
| | | |
|
| | |\ |
|
| | | | |
|
| | | |
| | |
| | | |
Description: Updated yassl to version 2.2.2
|
| | |\ \
| | |/
| | |
| | |
| | | |
AND LIBCRYPTO
Description: Merge from 5.1 to 5.5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
AND LIBCRYPTO
Problem: libmysqlclient_r exports symbols from yaSSL library which
conflict with openSSL symbols. This issue is related to symbols
used by CURL library and are defined in taocrypt. Taocrypt has
dummy implementation of these functions. Due to this when a
program which uses libcurl library functions is compiled using
libmysqlclient_r and libcurl, it hits segmentation fault in
execution phase.
Solution: MySQL should not be exporting such symbols. However, these
functions are not used by MySQL code at all. So avoid compiling
them in the first place.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Problem: Valgrind reports errors when an invalid certificate is used on the
client.
Solution: Updated yaSSL to version 2.2.2.
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | | |
Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this
particular certificate.
Added a test case with the certificate itself.
|
| | |\ \
| | |/
| | |
| | | |
Also, take a syntax fix (C++ style comment in C file) in client/mysqldump.c.
|
| | | |\ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
to pick up some new security fixes that are in it.
Patch provided by Georgi Kodinov.
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
$SUBJ$
1. Took a diff between the previous base version and the
mysql sources.
2. Added the new 2.1.4 base version.
3. Reviewed and re-applied the diff from step #1.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
AND 5.5 YASSL FIXES.
Took the 5.5 yassl code and applied it to the 5.0 codebase, keeping the
compilation files.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
AND 5.5 YASSL FIXES.
Took the 5.5 yassl directory and moved it to the 5.1 tree, while
preserving the makefiles.
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/ |
|
| | | | | |
|
| | |\ \ \
| | |/ / |
|
| | | |\ \
| | | |/ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Removed files specific to compiling on OS/2
- Removed files specific to SCO Unix packaging
- Removed "libmysqld/copyright", text is included in documentation
- Removed LaTeX headers for NDB Doxygen documentation
- Removed obsolete NDB files
- Removed "mkisofs" binaries
- Removed the "cvs2cl.pl" script
- Changed a few GPL texts to use "program" instead of "library"
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The autotools-based build system has been superseded and
is being removed in order to ease the maintenance burden on
developers tweaking and maintaining the build system.
In order to support tools that need to extract the server
version, a new file that (only) contains the server version,
called VERSION, is introduced. The file contents are human
and machine-readable. The format is:
MYSQL_VERSION_MAJOR=5
MYSQL_VERSION_MINOR=5
MYSQL_VERSION_PATCH=8
MYSQL_VERSION_EXTRA=-rc
The CMake based version extraction in cmake/mysql_version.cmake
is changed to extract the version from this file. The configure
to CMake wrapper is retained for backwards compatibility and to
support the BUILD/ scripts. Also, a new a makefile target
show-dist-name that prints the server version is introduced.
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | | |
Fixing copyright text.
|
| | |\ \ \ \
| | |/ / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Fixed obvious errors (HAVE_BROKEN_PREAD is not true for on any
of systems we use, definitely not on HPUX)
* Remove other junk flags for OSX and HPUX
* Avoid checking type sizes in universal builds on OSX, again
(CMake2.8.0 fails is different architectures return different results)
* Do not compile template instantiation stuff unless
EXPLICIT_TEMPLATE_INSTANTIATION is used.
* Some cleanup (make gen_lex_hash simpler, avoid dependencies)
* Exclude some unused files from compilation (strtol.c etc)
|
| | |\ \ \ \
| | |/ / /
| |/| / /
| | |/ / |
|
