From 480046c52e5938582a67223606f3813336b4405a Mon Sep 17 00:00:00 2001 From: Chad MILLER Date: Tue, 18 Nov 2008 11:45:44 -0500 Subject: Bug#39178: non-RSA keys in connection to a RSA-keyed yaSSL-using server \ using crashes server When the server is configured to use a RSA key, and when the client sends a cipher-suite list that contains a non-RSA key as acceptable, the server would try to process that key even though it was impossible. Now, yaSSL sets its own acceptable-cipher list according to what kind of key the server is started with, and will never explore and try to pair impossible combinations. This involves a partial import of the current YaSSL tree, not the whole thing, so as to try to avoid introducing new bugs. (Updated to avoid many whitespace changes and make diff smaller.) --- mysql-test/r/openssl_1.result | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'mysql-test/r/openssl_1.result') diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index a042d0a5dc3..70151acda22 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -73,11 +73,10 @@ variable_name LIKE 'SSL_CALLBACK_CACHE_HITS'; END$$ SELECT variable_name, variable_value FROM thread_status; variable_name variable_value -SSL_ACCEPTS 0 -SSL_CALLBACK_CACHE_HITS 0 +SSL_ACCEPTS # +SSL_CALLBACK_CACHE_HITS # DROP TABLE thread_status; SET GLOBAL event_scheduler=0; -End of 5.1 tests SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value Ssl_cipher AES128-SHA @@ -192,3 +191,15 @@ UNLOCK TABLES; SSL error: Unable to get private key from 'MYSQL_TEST_DIR/std_data/client-cert.pem' mysqldump: Got error: 2026: SSL connection error when trying to connect DROP TABLE t1; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA +Variable_name Value +Ssl_cipher EDH-RSA-DES-CBC3-SHA +Variable_name Value +Ssl_cipher EDH-RSA-DES-CBC-SHA +Variable_name Value +Ssl_cipher RC4-SHA +select 'is still running; no cipher request crashed the server' as result from dual; +result +is still running; no cipher request crashed the server +End of 5.1 tests -- cgit v1.2.1