List:Commits« Previous MessageNext Message »
From:Davi Arnaut Date:March 28 2011 4:25pm
Subject:Re: bzr commit into mysql-trunk branch (Georgi.Kodinov:3749) Bug#11764778
View as plain text  
Hi Georgi,

On 3/28/11 9:29 AM, Georgi Kodinov wrote:
> #At file:///Users/kgeorge/mysql/work/B57648-ossl-trunk/ based on
> revid:marc.alff@stripped
>
>   3749 Georgi Kodinov	2011-03-28
>        Bug #11764778: server feature request - expose ssl certificate details
>          in show global st
>
>        There was no easy way to get the expiration dates of the server's
>        certificate.
>
>        Implemented two session status variables (Ssl_server_not_before and
>        Ssl_server_not_after) with the same scope as e.g. Ssl_verify_depth to
>        return the two dates in a format similar to OpenSSL's ASN1_TIME_print.
>
>        Since yaSSL doesn't preserve the parsed server certificate beyond
>        reading it, the diff extends yaSSL to preserve it and return it
>        through SSL_get_certificate().  Also fixed the storage of the
>        certificate expiration dates to have the ASN1_TIME subtype.
>
>        Implemented an yaSSL specific extension function
>        yaSSL_ASN1_TIME_to_string() to return the string representation of the
>        date in an ASN1_TIME  in a format similar to OpenSSL's format.
>
>        Created a wrapper in MySQL to call either ASN1_TIME_print() or
>        yaSSL_ASN1_TIME_to_string() depending on the library type.
>
>        Did some type cleanups of some of the internal yaSSL functions.
>
>        Test case added.
>

Patch approved, one minor condition below. Thanks for working on this.

> === modified file 'extra/yassl/src/ssl.cpp'
> --- a/extra/yassl/src/ssl.cpp	2010-02-22 13:23:47 +0000
> +++ b/extra/yassl/src/ssl.cpp	2011-03-28 12:29:22 +0000
> @@ -1174,8 +1174,7 @@ void SSL_CTX_set_default_passwd_cb_userd
>
>   X509* SSL_get_certificate(SSL* ssl)
>   {
> -    // only used to pass to get_privatekey which isn't used
> -    return 0;
> +    return ssl->getCrypto().get_certManager().get_selfX509();
>   }
>
>
> @@ -1667,6 +1666,25 @@ unsigned long ERR_get_error()
>
>       // end stunnel needs
>
> +    char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len)
> +    {
> +      tm t;

Hum, this shouldn't work given that we are not including time.h 
directly. Also, since it seems time.h is not directly included in any of 
the yaSSL headers, this means time.h gets included through some kind of 
(system) internal dependency. This has the potential for some nastiness 
if the time.h ends up inside some namespace.

In handsight, I think its better just include time.h in asn.hpp.

Regards,

Davi
Thread
bzr commit into mysql-trunk branch (Georgi.Kodinov:3749) Bug#11764778Georgi Kodinov28 Mar
  • Re: bzr commit into mysql-trunk branch (Georgi.Kodinov:3749) Bug#11764778Davi Arnaut28 Mar