From: Date: April 11 2007 10:08pm
Subject: bk commit into 5.1 tree (msvensson:1.2578)
List-Archive: http://lists.mysql.com/commits/24322
Message-Id: <200704112008.l3BK84t7024372@pilot.blaudden>

Below is the list of changes that have just been committed into a local
5.1 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-04-11 22:08:00+02:00, msvensson@stripped +4 -0
  Merge pilot.blaudden:/home/msvensson/mysql/mysql-5.0-maint
  into  pilot.blaudden:/home/msvensson/mysql/mysql-5.1-maint
  MERGE: 1.1810.2374.126

  mysql-test/r/openssl_1.result@stripped, 2007-04-11 22:07:59+02:00, msvensson@stripped +3 -3
    Manual merge
    MERGE: 1.18.1.2

  mysql-test/t/openssl_1.test@stripped, 2007-04-11 22:07:59+02:00, msvensson@stripped +8 -8
    Manual merge
    MERGE: 1.19.2.2

  sql/mysqld.cc@stripped, 2007-04-11 22:04:41+02:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.439.1.164

  vio/viosslfactories.c@stripped, 2007-04-11 22:04:41+02:00, msvensson@stripped +0 -0
    Auto merged
    MERGE: 1.26.2.8

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	pilot.blaudden
# Root:	/home/msvensson/mysql/mysql-5.1-maint/RESYNC

--- 1.630/sql/mysqld.cc	2007-04-07 11:55:23 +02:00
+++ 1.631/sql/mysqld.cc	2007-04-11 22:04:41 +02:00
@@ -3160,6 +3160,7 @@ static void init_ssl()
     DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
     if (!ssl_acceptor_fd)
     {
+      sql_print_warning("Failed to setup SSL");
       opt_use_ssl = 0;
       have_ssl= SHOW_OPTION_DISABLED;
     }

--- 1.19/mysql-test/r/openssl_1.result	2007-04-06 12:15:26 +02:00
+++ 1.20/mysql-test/r/openssl_1.result	2007-04-11 22:07:59 +02:00
@@ -51,6 +51,9 @@ SSL error: Unable to get private key fro
 mysqltest: Could not open connection 'default': 2026 SSL connection error
 SSL error: Unable to get certificate from ''
 mysqltest: Could not open connection 'default': 2026 SSL connection error
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
 Variable_name	Value
 Ssl_cipher	DHE-RSA-AES256-SHA
 End of 5.0 tests
@@ -75,3 +78,10 @@ SSL_CALLBACK_CACHE_HITS	0.0000000
 DROP TABLE thread_status;
 SET GLOBAL event_scheduler=0;
 End of 5.1 tests
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	AES128-SHA
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	AES128-SHA
+mysqltest: Could not open connection 'default': 2026 SSL connection error

--- 1.22/mysql-test/t/openssl_1.test	2007-04-06 12:15:26 +02:00
+++ 1.23/mysql-test/t/openssl_1.test	2007-04-11 22:07:59 +02:00
@@ -97,6 +97,14 @@ drop table t1;
 --exec $MYSQL_TEST --ssl-cert= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 
 #
+# BUG#21611 Slave can't connect when master-ssl-cipher specified
+# - Apparently selecting a cipher doesn't work at all
+# - Usa a cipher that both yaSSL and OpenSSL supports
+#
+--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
+--exec $MYSQL_TEST --ssl-cipher=DHE-RSA-AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+#
 # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23
 #
 # Test that we can open encrypted connection to server without
@@ -142,3 +150,24 @@ SELECT variable_name, variable_value FRO
 DROP TABLE thread_status;
 SET GLOBAL event_scheduler=0;
 --echo End of 5.1 tests
+
+
+#
+# Test to connect using a list of ciphers
+#
+--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
+--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+
+# Test to connect using a specifi cipher
+#
+--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
+--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+# Test to connect using an unknown cipher
+#
+--exec echo "SHOW STATUS LIKE 'Ssl_cipher';" > $MYSQLTEST_VARDIR/tmp/test.sql
+--error 1
+--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+
+

--- 1.39/vio/viosslfactories.c	2007-03-29 11:48:03 +02:00
+++ 1.40/vio/viosslfactories.c	2007-04-11 22:04:41 +02:00
@@ -257,8 +257,13 @@ new_VioSSLFd(const char *key_file, const
     DBUG_RETURN(0);
   }
 
-  /* Set the ciphers that can be used */
-  if (cipher && SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher))
+  /*
+    Set the ciphers that can be used
+    NOTE: SSL_CTX_set_cipher_list will return 0 if
+    none of the provided ciphers could be selected
+  */
+  if (cipher &&
+      SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0)
   {
     DBUG_PRINT("error", ("failed to set ciphers to use"));
     report_errors();