From c7e68606c02b7f87a48c27eb358d4d07480f40f4 Mon Sep 17 00:00:00 2001
From: Arun Kuruvila <arun.kuruvila@oracle.com>
Date: Tue, 1 Mar 2016 10:17:25 +0530
Subject: Bug#21920657: SSL-CA FAILS SILENTLY IF THE PATH CANNOT BE            
   FOUND

Description:- Failure during the validation of CA
certificate path which is provided as an option for 'ssl-ca'
returns two different errors for YaSSL and OPENSSL.

Analysis:- 'ssl-ca', option used for specifying the ssl ca
certificate path. Failing to validate this certificate with
OPENSSL returns an error, "ERROR 2026 (HY000): SSL
connection error: SSL_CTX_set_default_verify_paths failed".
While YASSL returns "ERROR 2026 (HY000): SSL connection
error: ASN: bad other signature confirmation". Error
returned by the OPENSSL is correct since
"SSL_CTX_load_verify_locations()" returns 0 (in case of
OPENSSL) for the failure and sets error as
"SSL_INITERR_BAD_PATHS". In case of YASSL,
"SSL_CTX_load_verify_locations()" returns an error number
which is less than or equal to 0 in case of error. Error
numbers for YASSL is mentioned in the file,
'extra/yassl/include/openssl/ssl.h'(line no : 292). Also
'ssl-ca' does not accept tilde home directory path
substitution.

Fix:- The condition which checks for the error in the
"SSL_CTX_load_verify_locations()" is changed in order to
accommodate YASSL as well. A logic is written in
"mysql_ssl_set()" in order accept the tilde home directory
path substitution for all ssl options.
---
 mysql-test/t/ssl_ca.test | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 mysql-test/t/ssl_ca.test

(limited to 'mysql-test/t')

diff --git a/mysql-test/t/ssl_ca.test b/mysql-test/t/ssl_ca.test
new file mode 100644
index 00000000000..92695de4b0d
--- /dev/null
+++ b/mysql-test/t/ssl_ca.test
@@ -0,0 +1,35 @@
+--source include/have_ssl.inc
+--source include/not_embedded.inc
+
+--echo #
+--echo # Bug#21920657: SSL-CA FAILS SILENTLY IF THE PATH CANNOT BE FOUND
+--echo #
+
+--echo # try to connect with wrong '--ssl-ca' path : should fail
+--error 1
+--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1
+
+--echo # try to connect with correct '--ssl-ca' path : should connect
+--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
+
+--echo #
+--echo # Bug#21920678: SSL-CA DOES NOT ACCEPT ~USER TILDE HOME DIRECTORY
+--echo #               PATH SUBSTITUTION
+--echo #
+
+--let $mysql_test_dir_path= `SELECT REPLACE('$MYSQL_TEST_DIR', '$HOME', '~')`
+
+--echo # try to connect with '--ssl-ca' option using tilde home directoy
+--echo # path substitution : should connect
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--exec $MYSQL --ssl-ca=$mysql_test_dir_path/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
+
+--echo # try to connect with '--ssl-key' option using tilde home directoy
+--echo # path substitution : should connect
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$mysql_test_dir_path/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
+
+--echo # try to connect with '--ssl-cert' option using tilde home directoy
+--echo # path substitution : should connect
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+--exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$mysql_test_dir_path/std_data/client-cert.pem test -e "SHOW STATUS LIKE 'Ssl_cipher'"
-- 
cgit v1.2.1


From 3b6f9aac02b126db57fa3e3f1873713438d0a950 Mon Sep 17 00:00:00 2001
From: Nisha Gopalakrishnan <nisha.gopalakrishnan@oracle.com>
Date: Fri, 22 Apr 2016 10:25:16 +0530
Subject: BUG#23135731: INSERT WITH DUPLICATE KEY UPDATE REPORTS              
 INCORRECT ERROR.

Analysis
========
INSERT with DUPLICATE KEY UPDATE and REPLACE on a table
where foreign key constraint is defined fails with an
incorrect 'duplicate entry' error rather than foreign
key constraint violation error.

As part of the bug fix for BUG#22037930, a new flag
'HA_CHECK_FK_ERROR' was added while checking for non fatal
errors to manage FK errors based on the 'IGNORE' flag. For
INSERT with DUPLICATE KEY UPDATE and REPLACE queries, the
foreign key constraint violation error was marked as non-fatal,
even though IGNORE was not set. Hence it continued with the
duplicate key processing resulting in an incorrect error.

Fix:
===
Foreign key violation errors are treated as non fatal only when
the IGNORE is not set in the above mentioned queries. Hence reports
the appropriate foreign key violation error.
---
 mysql-test/t/insert.test | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'mysql-test/t')

diff --git a/mysql-test/t/insert.test b/mysql-test/t/insert.test
index ea89872200c..94cf5d3b475 100644
--- a/mysql-test/t/insert.test
+++ b/mysql-test/t/insert.test
@@ -591,3 +591,25 @@ UPDATE t1, t2 SET t2.fld2= t2.fld2 + 3;
 UPDATE t1, t2 SET t1.fld1= t1.fld1 + 3;
 
 DROP TABLE t2, t1;
+
+
+--echo #
+--echo # BUG#22037930: INSERT IGNORE FAILS TO IGNORE FOREIGN
+--echo #               KEY CONSTRAINT
+
+CREATE TABLE t1 (fld1 INT PRIMARY KEY) ENGINE= INNODB;
+
+CREATE TABLE t2 (fld1 VARCHAR(10), fld2 INT NOT NULL,
+CONSTRAINT fk FOREIGN KEY (fld2) REFERENCES t1(fld1)) ENGINE= INNODB;
+
+--echo # Without patch, reports incorrect error.
+--error ER_NO_REFERENCED_ROW_2
+INSERT INTO t2 VALUES('abc', 2) ON DUPLICATE KEY UPDATE fld1= 'def';
+--error ER_NO_REFERENCED_ROW_2
+REPLACE INTO t2 VALUES('abc', 2);
+
+--enable_warnings
+INSERT IGNORE INTO t2 VALUES('abc', 2) ON DUPLICATE KEY UPDATE fld1= 'def';
+--disable_warnings
+
+DROP TABLE t2, t1;
-- 
cgit v1.2.1