From: Date: April 2 2007 1:13pm
Subject: bk commit into 5.0 tree (msvensson:1.2421) BUG#21611
List-Archive: http://lists.mysql.com/commits/23530
X-Bug: 21611
Message-Id: <200704021113.l32BD4Ok020365@pilot.blaudden>

Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-04-02 13:12:59+02:00, msvensson@stripped +3 -0
  Bug#21611 Slave can't connect when master-ssl-cipher specified
   - Change check for return value of 'SSL_CTX_set_cipher_list'
     in order to handle 0 as error setting cipher.
   - Thanks to Dan Lukes for finding the problem!

  mysql-test/r/openssl_1.result@stripped, 2007-04-02 13:12:57+02:00, msvensson@stripped +3 -0
    Update result

  mysql-test/t/openssl_1.test@stripped, 2007-04-02 13:12:57+02:00, msvensson@stripped +8 -0
    Add test for setting ssl-cipher to be used

  vio/viosslfactories.c@stripped, 2007-04-02 13:12:57+02:00, msvensson@stripped +7 -2
    Change error handling of SSL_CTX_set_cipher_list to
    detect 0 as an error

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	pilot.blaudden
# Root:	/home/msvensson/mysql/bug21611/my50-bug21611

--- 1.17/mysql-test/r/openssl_1.result	2007-02-06 16:28:33 +01:00
+++ 1.18/mysql-test/r/openssl_1.result	2007-04-02 13:12:57 +02:00
@@ -51,3 +51,6 @@ SSL error: Unable to get private key fro
 mysqltest: Could not open connection 'default': 2026 SSL connection error
 SSL error: Unable to get certificate from ''
 mysqltest: Could not open connection 'default': 2026 SSL connection error
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA

--- 1.18/mysql-test/t/openssl_1.test	2007-03-05 10:03:40 +01:00
+++ 1.19/mysql-test/t/openssl_1.test	2007-04-02 13:12:57 +02:00
@@ -97,3 +97,11 @@ drop table t1;
 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 
 
+#
+# BUG#21611 Slave can't connect when master-ssl-cipher specified
+# - Apparently selecting a cipher doesn't work at all
+# - Usa a cipher that both yaSSL and OpenSSL supports
+#
+--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
+--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+

--- 1.32/vio/viosslfactories.c	2007-02-06 18:52:15 +01:00
+++ 1.33/vio/viosslfactories.c	2007-04-02 13:12:57 +02:00
@@ -249,8 +249,13 @@ new_VioSSLFd(const char *key_file, const
     DBUG_RETURN(0);
   }
 
-  /* Set the ciphers that can be used */
-  if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher))
+  /*
+    Set the ciphers that can be used
+    NOTE: SSL_CTX_set_cipher_list will return 0 if
+    none of the provided ciphers could be selected
+  */
+  if (cipher &&
+      SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0)
   {
     DBUG_PRINT("error", ("failed to set ciphers to use"));
     report_errors();