MySQL Lists: commits: bk commit into 5.0 tree (msvensson:1.2517) BUG#28812

List:	Commits	« Previous Message Next Message »
From:	msvensson	Date:	August 28 2007 11:34am
Subject:	bk commit into 5.0 tree (msvensson:1.2517) BUG#28812
View as plain text
Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-08-28 11:34:43+02:00, msvensson@pilot.(none) +2 -0
  Bug#28812 rpl_ssl fails due to assert in extra/yassl/src/socket_wrapper.cpp:117
   - Merge sslaccept and sslconnect.
   - Atomically "reset" vio to VIO_TYPE_SSL when the SSL connection has
     succeeded, this avoids having to revert anything and thus protects
     against "close_active_vio" in the middle.
   - Add some variance to the testcase

  mysql-test/t/rpl_ssl.test@stripped, 2007-08-28 11:34:42+02:00, msvensson@pilot.(none) +15 -0
    Add some variance by running two selects before stopping the slave
    Check that number of records in t1 are equal on master and slave

  vio/viossl.c@stripped, 2007-08-28 11:34:42+02:00, msvensson@pilot.(none) +46 -96
    Rewrite sslconnect and sslaccept to automically "reset" the vio
    to VIO_TYPE_SSL. Also use the fd from 'SSL_get_fd' to avoid
    setting vio->sd to -1, that previously occured when "close_active_vio"
    was called during connect/accept.
    
    Merge the two function since they were exactly the same except for one line.
    
    Update the DBUG printouts to be generic(i.e use peer instead of client/server).

diff -Nrup a/mysql-test/t/rpl_ssl.test b/mysql-test/t/rpl_ssl.test
--- a/mysql-test/t/rpl_ssl.test	2007-06-15 13:09:26 +02:00
+++ b/mysql-test/t/rpl_ssl.test	2007-08-28 11:34:42 +02:00
@@ -41,24 +41,39 @@ select * from t1;
 
 # Do the same thing a number of times
 disable_query_log;
+disable_result_log;
 let $i= 100;
 while ($i)
 {
   start slave;
   connection master;
   insert into t1 values (NULL);
+  select * from t1; # Some variance
   connection slave;
+  select * from t1; # Some variance
   stop slave;
   dec $i;
 }
 start slave;
 enable_query_log;
+enable_result_log;
 connection master;
 insert into t1 values (NULL);
+let $master_count= `select count(*) from t1`;
+
 sync_slave_with_master;
 --source include/wait_for_slave_to_start.inc
 --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
 --replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 #
 query_vertical show slave status;
+
+let $slave_count= `select count(*) from t1`;
+
+if (`select $slave_count != $master_count`)
+{
+  echo master and slave differed in number of rows;
+  echo master: $master_count;
+  echo slave: $slave_count;
+}
 
 --echo End of 5.0 tests
diff -Nrup a/vio/viossl.c b/vio/viossl.c
--- a/vio/viossl.c	2007-07-13 04:06:31 +02:00
+++ b/vio/viossl.c	2007-08-28 11:34:42 +02:00
@@ -172,78 +172,10 @@ void vio_ssl_delete(Vio *vio)
   vio_delete(vio);
 }
 
-
 int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
-  SSL *ssl;
-  my_bool unused;
-  my_bool net_blocking;
-  enum enum_vio_type old_type;
   DBUG_ENTER("sslaccept");
-  DBUG_PRINT("enter", ("sd: %d  ptr: 0x%lx, timeout: %ld",
-                       vio->sd, (long) ptr, timeout));
-
-  old_type= vio->type;
-  net_blocking= vio_is_blocking(vio);
-  vio_blocking(vio, 1, &unused);	/* Must be called before reset */
-  vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
-
-  if (!(ssl= SSL_new(ptr->ssl_context)))
-  {
-    DBUG_PRINT("error", ("SSL_new failure"));
-    report_errors(ssl);
-    vio_reset(vio, old_type,vio->sd,0,FALSE);
-    vio_blocking(vio, net_blocking, &unused);
-    DBUG_RETURN(1);
-  }
-  vio->ssl_arg= (void*)ssl;
-  DBUG_PRINT("info", ("ssl: 0x%lx  timeout: %ld", (long) ssl, timeout));
-  SSL_clear(ssl);
-  SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
-  SSL_set_fd(ssl, vio->sd);
-  if (SSL_accept(ssl) < 1)
-  {
-    DBUG_PRINT("error", ("SSL_accept failure"));
-    report_errors(ssl);
-    SSL_free(ssl);
-    vio->ssl_arg= 0;
-    vio_reset(vio, old_type,vio->sd,0,FALSE);
-    vio_blocking(vio, net_blocking, &unused);
-    DBUG_RETURN(1);
-  }
-
-#ifndef DBUG_OFF
-  {
-    char buf[1024];
-    X509 *client_cert;
-    DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
-
-    if ((client_cert= SSL_get_peer_certificate (ssl)))
-    {
-      DBUG_PRINT("info",("Client certificate:"));
-      X509_NAME_oneline (X509_get_subject_name (client_cert),
-                         buf, sizeof(buf));
-      DBUG_PRINT("info",("\t subject: %s", buf));
-
-      X509_NAME_oneline (X509_get_issuer_name  (client_cert),
-                         buf, sizeof(buf));
-      DBUG_PRINT("info",("\t issuer: %s", buf));
-
-      X509_free (client_cert);
-    }
-    else
-      DBUG_PRINT("info",("Client does not have certificate."));
-
-    if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
-    {
-      DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
-    }
-    else
-      DBUG_PRINT("info",("no shared ciphers!"));
-  }
-#endif
-
-  DBUG_RETURN(0);
+  DBUG_RETURN(sslconnect(ptr, vio, timeout));
 }
 
 
@@ -251,57 +183,75 @@ int sslconnect(struct st_VioSSLFd *ptr, 
 {
   SSL *ssl;
   my_bool unused;
-  my_bool net_blocking;
-  enum enum_vio_type old_type;
+  my_bool was_blocking;
 
   DBUG_ENTER("sslconnect");
-  DBUG_PRINT("enter", ("sd: %d  ptr: 0x%lx  ctx: 0x%lx",
-                       vio->sd, (long) ptr, (long) ptr->ssl_context));
+  DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d  ctx: 0x%lx",
+                       (long) ptr, vio->sd, (long) ptr->ssl_context));
+
+  /* Set socket to blocking if not already set */
+  vio_blocking(vio, 1, &was_blocking);
 
-  old_type= vio->type;
-  net_blocking= vio_is_blocking(vio);
-  vio_blocking(vio, 1, &unused);	/* Must be called before reset */
-  vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
   if (!(ssl= SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors(ssl);
-    vio_reset(vio, old_type, vio->sd, 0, FALSE);
-    vio_blocking(vio, net_blocking, &unused);
+    vio_blocking(vio, was_blocking, &unused);
     DBUG_RETURN(1);
   }
-  vio->ssl_arg= (void*)ssl;
   DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
   SSL_clear(ssl);
   SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
   SSL_set_fd(ssl, vio->sd);
-  if (SSL_connect(ssl) < 1)
+
+  /*
+    SSL_do_handshake will select between SSL_connect
+    or SSL_accept depending on server or client side
+  */
+  if (SSL_do_handshake(ssl) < 1)
   {
-    DBUG_PRINT("error", ("SSL_connect failure"));
+    DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors(ssl);
     SSL_free(ssl);
-    vio->ssl_arg= 0;
-    vio_reset(vio, old_type, vio->sd, 0, FALSE);
-    vio_blocking(vio, net_blocking, &unused);
+    vio_blocking(vio, was_blocking, &unused);
     DBUG_RETURN(1);
   }
+
+  /*
+    Connection succeeded. Install new function handlers,
+    change type, set sd to the fd used when connecting
+    and set pointer to the SSL structure
+  */
+  vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), 0, 0);
+  vio->ssl_arg= (void*)ssl;
+
 #ifndef DBUG_OFF
   {
-    X509 *server_cert;
-    DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl)));
+    /* Print some info about the peer */
+    X509 *cert;
+    char buf[512];
+
+    DBUG_PRINT("info",("SSL connection succeeded"));
+    DBUG_PRINT("info",("Using cipher: '%s'" , SSL_get_cipher_name(ssl)));
+
+    if ((cert= SSL_get_peer_certificate (ssl)))
+    {
+      DBUG_PRINT("info",("Peer certificate:"));
+      X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
+      DBUG_PRINT("info",("\t subject: '%s'", buf));
+      X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
+      DBUG_PRINT("info",("\t issuer: '%s'", buf));
+      X509_free(cert);
+    }
+    else
+      DBUG_PRINT("info",("Peer does not have certificate."));
 
-    if ((server_cert= SSL_get_peer_certificate (ssl)))
+    if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
     {
-      char buf[256];
-      DBUG_PRINT("info",("Server certificate:"));
-      X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
-      DBUG_PRINT("info",("\t subject: %s", buf));
-      X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf));
-      DBUG_PRINT("info",("\t issuer: %s", buf));
-      X509_free (server_cert);
+      DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
     }
     else
-      DBUG_PRINT("info",("Server does not have certificate."));
+      DBUG_PRINT("info",("no shared ciphers!"));
   }
 #endif
Thread
• bk commit into 5.0 tree (msvensson:1.2517) BUG#28812	msvensson	28 Aug