From: Date: August 25 2006 5:54pm Subject: bk commit into 5.0 tree (cmiller:1.2235) BUG#21543 List-Archive: http://lists.mysql.com/commits/10893 X-Bug: 21543 Message-Id: <20060825155437.584F483073@zippy> Below is the list of changes that have just been committed into a local 5.0 repository of cmiller. When cmiller does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2006-08-25 11:54:33-04:00, cmiller@stripped +3 -0 Bug#21543: 5.0.24 breaks ABI compatibility for python bindings: \ InterfaceError on connect Removed the bool flag from the st_mysql_options struct, since it adds another word in size to the memory size and shifts member memory locations down, both of which break binary-interface compatibility. Instead, use a flag, 2**30, in the client_options bit-field to represent that the client should check the SSL certificate of the server. include/mysql.h@stripped, 2006-08-25 11:54:31-04:00, cmiller@stripped +0 -1 Do not change the struct size. include/mysql_com.h@stripped, 2006-08-25 11:54:31-04:00, cmiller@stripped +4 -2 Add a new bit-flag for client verifying server SSL certificate. Emphasize that we're not stepping on anyone else's bit/toes. sql-common/client.c@stripped, 2006-08-25 11:54:31-04:00, cmiller@stripped +5 -3 Set and read the bit-field for client-side SSL-cert checking of the server. # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: cmiller # Host: zippy.cornsilk.net # Root: /home/cmiller/work/mysql/release/mysql-5.0-release_mergable --- 1.158/include/mysql.h 2006-08-25 11:54:37 -04:00 +++ 1.159/include/mysql.h 2006-08-25 11:54:37 -04:00 @@ -165,7 +165,6 @@ char *ssl_ca; /* PEM CA file */ char *ssl_capath; /* PEM directory of CA-s? */ char *ssl_cipher; /* cipher to use */ - my_bool ssl_verify_server_cert; /* if to verify server cert */ char *shared_memory_base_name; unsigned long max_allowed_packet; my_bool use_ssl; /* if to use SSL or not */ --- 1.103/include/mysql_com.h 2006-08-25 11:54:37 -04:00 +++ 1.104/include/mysql_com.h 2006-08-25 11:54:37 -04:00 @@ -134,8 +134,10 @@ #define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */ #define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */ #define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */ -#define CLIENT_MULTI_STATEMENTS 65536 /* Enable/disable multi-stmt support */ -#define CLIENT_MULTI_RESULTS 131072 /* Enable/disable multi-results */ +#define CLIENT_MULTI_STATEMENTS (((ulong) 1) << 16) /* Enable/disable multi-stmt support */ +#define CLIENT_MULTI_RESULTS (((ulong) 1) << 17) /* Enable/disable multi-results */ + +#define CLIENT_SSL_VERIFY_SERVER_CERT (((ulong) 1) << 30) #define CLIENT_REMEMBER_OPTIONS (((ulong) 1) << 31) #define SERVER_STATUS_IN_TRANS 1 /* Transaction has started */ --- 1.92/sql-common/client.c 2006-08-25 11:54:37 -04:00 +++ 1.93/sql-common/client.c 2006-08-25 11:54:37 -04:00 @@ -1502,7 +1502,6 @@ mysql->options.ssl_ca= strdup_if_not_null(ca); mysql->options.ssl_capath= strdup_if_not_null(capath); mysql->options.ssl_cipher= strdup_if_not_null(cipher); - mysql->options.ssl_verify_server_cert= FALSE; /* Off by default */ #endif /* HAVE_OPENSSL */ DBUG_RETURN(0); } @@ -2162,7 +2161,7 @@ DBUG_PRINT("info", ("IO layer change done!")); /* Verify server cert */ - if (mysql->options.ssl_verify_server_cert && + if ((client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) && ssl_verify_server_cert(mysql->net.vio, mysql->host)) { set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); @@ -2909,7 +2908,10 @@ mysql->reconnect= *(my_bool *) arg; break; case MYSQL_OPT_SSL_VERIFY_SERVER_CERT: - mysql->options.ssl_verify_server_cert= *(my_bool *) arg; + if (!arg || test(*(uint*) arg)) + mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT; + else + mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT; break; default: DBUG_RETURN(1);