List:Commits« Previous MessageNext Message »
From:msvensson Date:May 3 2006 2:09pm
Subject:bk commit into 5.0 tree (msvensson:1.2113)
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2113 06/05/03 14:09:08 msvensson@neptunus.(none) +2 -0
  Load CA certs before setting local certs.
  Make it possible to get the yaSSL error message printed in the DBUG log file.

  vio/viosslfactories.c
    1.24 06/05/03 14:09:03 msvensson@neptunus.(none) +11 -10
    Load the CA certs before loading the certs for this client or server.
    Improved comments.

  vio/viossl.c
    1.33 06/05/03 14:09:03 msvensson@neptunus.(none) +18 -8
    Add possibility to print out the error from yaSSL.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	msvensson
# Host:	neptunus.(none)
# Root:	/home/msvensson/mysql/mysql-5.0-maint

--- 1.32/vio/viossl.c	2006-04-12 14:06:01 +02:00
+++ 1.33/vio/viossl.c	2006-05-03 14:09:03 +02:00
@@ -51,20 +51,30 @@
 
 
 static void
-report_errors()
+report_errors(SSL* ssl)
 {
   unsigned long	l;
   const char *file;
   const char *data;
   int line,flags;
+  char buf[512];
+
   DBUG_ENTER("report_errors");
 
   while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
   {
-    char buf[512];
     DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
 			 file,line,(flags&ERR_TXT_STRING)?data:"")) ;
   }
+
+#ifdef HAVE_YASSL
+  /*
+    The above calls to ERR_* doesn't return any messages when we
+    are using yaSSL since error is stored in the SSL object we used.
+  */
+  if (ssl)
+    DBUG_PRINT("error", ("yaSSL: %s", ERR_error_string(SSL_get_error(ssl, l), buf)));
+#endif
   DBUG_PRINT("info", ("errno: %d", socket_errno));
   DBUG_VOID_RETURN;
 }
@@ -81,7 +91,7 @@
   {
     int err= SSL_get_error((SSL*) vio->ssl_arg, r);
     DBUG_PRINT("error",("SSL_read(): %d  SSL_get_error(): %d", r, err));
-    report_errors();
+    report_errors((SSL*) vio->ssl_arg);
   }
   DBUG_PRINT("exit", ("%d", r));
   DBUG_RETURN(r);
@@ -95,7 +105,7 @@
   DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d", vio->sd, buf, size));
 
   if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0)
-    report_errors();
+    report_errors((SSL*) vio->ssl_arg);
   DBUG_PRINT("exit", ("%d", r));
   DBUG_RETURN(r);
 }
@@ -148,7 +158,7 @@
   if (!(ssl= SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
-    report_errors();
+    report_errors(ssl);
     vio_reset(vio, old_type,vio->sd,0,FALSE);
     vio_blocking(vio, net_blocking, &unused);
     DBUG_RETURN(1);
@@ -162,7 +172,7 @@
   if (SSL_do_handshake(ssl) < 1)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
-    report_errors();
+    report_errors(ssl);
     SSL_free(ssl);
     vio->ssl_arg= 0;
     vio_reset(vio, old_type,vio->sd,0,FALSE);
@@ -223,7 +233,7 @@
   if (!(ssl= SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
-    report_errors();
+    report_errors(ssl);
     vio_reset(vio, old_type, vio->sd, 0, FALSE);
     vio_blocking(vio, net_blocking, &unused);
     DBUG_RETURN(1);
@@ -237,7 +247,7 @@
   if (SSL_do_handshake(ssl) < 1)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
-    report_errors();
+    report_errors(ssl);
     SSL_free(ssl);
     vio->ssl_arg= 0;
     vio_reset(vio, old_type, vio->sd, 0, FALSE);

--- 1.23/vio/viosslfactories.c	2006-04-18 17:58:22 +02:00
+++ 1.24/vio/viosslfactories.c	2006-05-03 14:09:03 +02:00
@@ -103,7 +103,7 @@
       /* FIX stderr */
       fprintf(stderr,"Error when connection to server using SSL:");
       ERR_print_errors_fp(stderr);
-      fprintf(stderr,"Unable to get private key from '%s'\n", cert_file);
+      fprintf(stderr,"Unable to get private key from '%s'\n", key_file);
       fflush(stderr);
       DBUG_RETURN(1);
     }
@@ -252,14 +252,7 @@
     DBUG_RETURN(0);
   }
 
-  if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file))
-  {
-    DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
-    report_errors();
-    my_free((void*)ssl_fd,MYF(0));
-    DBUG_RETURN(0);
-  }
-
+  /* Load certs from the trusted ca */
   if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0)
   {
     DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
@@ -272,6 +265,14 @@
     }
   }
 
+  if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file))
+  {
+    DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
+    report_errors();
+    my_free((void*)ssl_fd,MYF(0));
+    DBUG_RETURN(0);
+  }
+
   /* DH stuff */
   dh=get_dh512();
   SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
@@ -297,7 +298,7 @@
     return 0;
   }
 
-  /* Init the the VioSSLFd as a "connector" ie. the client side */
+  /* Init the VioSSLFd as a "connector" ie. the client side */
 
   /*
     The verify_callback function is used to control the behaviour
Thread
bk commit into 5.0 tree (msvensson:1.2113)msvensson3 May