List:Commits« Previous MessageNext Message »
From:msvensson Date:November 29 2006 11:11am
Subject:bk commit into 5.0 tree (msvensson:1.2352)
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-11-29 12:11:04+01:00, msvensson@shellback.(none) +1 -0
  Merge shellback.(none):/home/msvensson/mysql/yassl_import/my50-yassl_import
  into  shellback.(none):/home/msvensson/mysql/yassl_import/mysql-5.0-maint
  MERGE: 1.2341.2.2

  extra/yassl/src/ssl.cpp@stripped, 2006-11-29 12:11:01+01:00, msvensson@shellback.(none) +0 -0
    Auto merged
    MERGE: 1.19.1.1

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	shellback.(none)
# Root:	/home/msvensson/mysql/yassl_import/mysql-5.0-maint/RESYNC

--- 1.20/extra/yassl/src/ssl.cpp	2006-11-29 12:11:11 +01:00
+++ 1.21/extra/yassl/src/ssl.cpp	2006-11-29 12:11:11 +01:00
@@ -184,10 +184,22 @@
 }
 
 
+SSL_METHOD* TLSv1_1_server_method()
+{
+    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* TLSv1_1_client_method()
+{
+    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
+}
+
+
 SSL_METHOD* SSLv23_server_method()
 {
     // compatibility only, no version 2 support, but does SSL 3 and TLS 1
-    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1), true);
+    return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2), true);
 }
 
 
@@ -196,7 +208,7 @@
     // compatibility only, no version 2 support, but does SSL 3 and TLS 1
     // though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline
     // TODO: maybe add support to send SSLv2 hello ???
-    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1), true);
+    return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2), true);
 }
 
 
@@ -407,7 +419,6 @@
     Alert alert(warning, close_notify);
     sendAlert(*ssl, alert);
     ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
-    ssl->useSocket().closeSocket();
 
     GetErrors().Remove();
 
@@ -415,8 +426,21 @@
 }
 
 
+/* on by default but allow user to turn off */
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)
+{
+    if (mode == SSL_SESS_CACHE_OFF)
+        ctx->SetSessionCacheOff();
+
+    return SSL_SUCCESS;
+}
+
+
 SSL_SESSION* SSL_get_session(SSL* ssl)
 {
+    if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+        return 0;
+
     return GetSessions().lookup(
         ssl->getSecurity().get_connection().sessionID_);
 }
@@ -424,6 +448,9 @@
 
 int SSL_set_session(SSL* ssl, SSL_SESSION* session)
 {
+    if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+        return SSL_FAILURE;
+
     ssl->set_session(session);
     return SSL_SUCCESS;
 }
@@ -512,6 +539,19 @@
 }
 
 
+
+/* turn on yaSSL zlib compression
+   returns 0 for success, else error (not built in)
+   only need to turn on for client, becuase server on by default if built in
+   but calling for server will tell you whether it's available or not
+*/
+int SSL_set_compression(SSL* ssl)
+{
+    return ssl->SetCompression();
+}
+
+
+
 X509* SSL_get_peer_certificate(SSL* ssl)
 {
     return ssl->getCrypto().get_certManager().get_peerX509();
@@ -1359,6 +1399,56 @@
 }
 
 
+void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
+{
+    ctx->SetPasswordCb(cb);
+}
+
+
+int SSLeay_add_ssl_algorithms()  // compatibility only
+{
+    return 1;
+}
+
+
+void ERR_remove_state(unsigned long)
+{
+    GetErrors().Remove();
+}
+
+
+int ERR_GET_REASON(int l)
+{
+    return l & 0xfff;
+}
+
+
+unsigned long err_helper(bool peek = false)
+{
+    int ysError = GetErrors().Lookup(peek);
+
+    // translate cert error for libcurl, it uses OpenSSL hex code
+    switch (ysError) {
+    case TaoCrypt::SIG_OTHER_E:
+        return CERTFICATE_ERROR;
+        break;
+    default :
+        return 0;
+    }
+}
+
+
+unsigned long ERR_peek_error()
+{
+    return err_helper(true);
+}
+
+
+unsigned long ERR_get_error()
+{
+    return err_helper();
+}
+
 
     // functions for stunnel
 
@@ -1477,13 +1567,6 @@
     }
 
 
-    long SSL_CTX_set_session_cache_mode(SSL_CTX*, long)
-    {
-        // TDOD:
-        return SSL_SUCCESS;
-    }
-
-
     long SSL_CTX_set_timeout(SSL_CTX*, long)
     {
         // TDOD:
@@ -1498,12 +1581,6 @@
     }
 
 
-    void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
-    {
-        ctx->SetPasswordCb(cb);
-    }
-
-
     int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int)
     {
         // TDOD:
@@ -1554,49 +1631,6 @@
         return 0;
     }
 
-
-    int SSLeay_add_ssl_algorithms()  // compatibility only
-    {
-        return 1;
-    }
-
-
-    void ERR_remove_state(unsigned long)
-    {
-        GetErrors().Remove();
-    }
-
-
-    int ERR_GET_REASON(int l)
-    {
-        return l & 0xfff;
-    }
-
-    unsigned long err_helper(bool peek = false)
-    {
-        int ysError = GetErrors().Lookup(peek);
-
-        // translate cert error for libcurl, it uses OpenSSL hex code
-        switch (ysError) {
-        case TaoCrypt::SIG_OTHER_E:
-            return CERTFICATE_ERROR;
-            break;
-        default :
-            return 0;
-        }
-    }
-
-
-    unsigned long ERR_peek_error()
-    {
-        return err_helper(true);
-    }
-
-
-    unsigned long ERR_get_error()
-    {
-        return err_helper();
-    }
 
 
     // end stunnel needs
Thread
bk commit into 5.0 tree (msvensson:1.2352)msvensson29 Nov