~drizzle-trunk/drizzle/development

« back to all changes in this revision

Viewing changes to libmysql/client.c

Committer: Mark Atwood
Date: 2008-07-01 21:25:46 UTC
mto: This revision was merged to the branch mainline in revision 45.
Revision ID: mark@localhost.localdomain-20080701212546-jzs7ljtwcp2dcmgd

Remove all OpenSSL and all YaSSL code

files modified:
client/mysql.cc

client/mysqladmin.cc

client/mysqlcheck.c

client/mysqldump.c

client/mysqlimport.c

client/mysqlshow.c

client/mysqltest.c

include/sha2.h

include/violite.h

libmysql/client.c

tests/ssl_test.c

vio/vio.c

vio/vio_priv.h

Show diffs side-by-side

added added

removed removed

libmysql/client.c

1103

case 12: /* return-found-rows */

1104

options->client_flag|=CLIENT_FOUND_ROWS;

1105

break;

1106

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

1107

case 13: /* ssl_key */

1108

my_free(options->ssl_key, MYF(MY_ALLOW_ZERO_PTR));

1109

options->ssl_key = my_strdup(opt_arg, MYF(MY_WME));

1110

break;

1111

case 14: /* ssl_cert */

1112

my_free(options->ssl_cert, MYF(MY_ALLOW_ZERO_PTR));

1113

options->ssl_cert = my_strdup(opt_arg, MYF(MY_WME));

1114

break;

1115

case 15: /* ssl_ca */

1116

my_free(options->ssl_ca, MYF(MY_ALLOW_ZERO_PTR));

1117

options->ssl_ca = my_strdup(opt_arg, MYF(MY_WME));

1118

break;

1119

case 16: /* ssl_capath */

1120

my_free(options->ssl_capath, MYF(MY_ALLOW_ZERO_PTR));

1121

options->ssl_capath = my_strdup(opt_arg, MYF(MY_WME));

1122

break;

1123

case 23: /* ssl_cipher */

1124

my_free(options->ssl_cipher, MYF(MY_ALLOW_ZERO_PTR));

1125

options->ssl_cipher= my_strdup(opt_arg, MYF(MY_WME));

1126

break;

1127

#else

1128

1106

case 13: /* Ignore SSL options */

1129

1107

case 14:

1130

1108

case 15:

1131

1109

case 16:

1132

1110

case 23:

1133

1111

break;

1134

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

1135

1112

case 17: /* charset-lib */

1136

1113

my_free(options->charset_dir,MYF(MY_ALLOW_ZERO_PTR));

1137

1114

options->charset_dir = my_strdup(opt_arg, MYF(MY_WME));

1564

1541

const char *cipher __attribute__((unused)))

1565

1542

{

1566

1543

DBUG_ENTER("mysql_ssl_set");

1567

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

1568

mysql->options.ssl_key= strdup_if_not_null(key);

1569

mysql->options.ssl_cert= strdup_if_not_null(cert);

1570

mysql->options.ssl_ca= strdup_if_not_null(ca);

1571

mysql->options.ssl_capath= strdup_if_not_null(capath);

1572

mysql->options.ssl_cipher= strdup_if_not_null(cipher);

1573

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

1574

1544

DBUG_RETURN(0);

1575

1545

}

1576

1546

1580

1550

NB! Errors are not reported until you do mysql_real_connect.

1581

1551

1582

1552

1583

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

1584

1585

static void

1586

mysql_ssl_free(MYSQL *mysql __attribute__((unused)))

1587

{

1588

struct st_VioSSLFd *ssl_fd= (struct st_VioSSLFd*) mysql->connector_fd;

1589

DBUG_ENTER("mysql_ssl_free");

1590

1591

my_free(mysql->options.ssl_key, MYF(MY_ALLOW_ZERO_PTR));

1592

my_free(mysql->options.ssl_cert, MYF(MY_ALLOW_ZERO_PTR));

1593

my_free(mysql->options.ssl_ca, MYF(MY_ALLOW_ZERO_PTR));

1594

my_free(mysql->options.ssl_capath, MYF(MY_ALLOW_ZERO_PTR));

1595

my_free(mysql->options.ssl_cipher, MYF(MY_ALLOW_ZERO_PTR));

1596

if (ssl_fd)

1597

SSL_CTX_free(ssl_fd->ssl_context);

1598

my_free(mysql->connector_fd,MYF(MY_ALLOW_ZERO_PTR));

1599

mysql->options.ssl_key = 0;

1600

mysql->options.ssl_cert = 0;

1601

mysql->options.ssl_ca = 0;

1602

mysql->options.ssl_capath = 0;

1603

mysql->options.ssl_cipher= 0;

1604

mysql->options.use_ssl = FALSE;

1605

mysql->connector_fd = 0;

1606

DBUG_VOID_RETURN;

1607

}

1608

1609

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

1610

1611

1553

1612

1554

Return the SSL cipher (if any) used for current

1613

1555

connection to the server.

1622

1564

mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))

1623

1565

{

1624

1566

DBUG_ENTER("mysql_get_ssl_cipher");

1625

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

1626

if (mysql->net.vio && mysql->net.vio->ssl_arg)

1627

DBUG_RETURN(SSL_get_cipher_name((SSL*)mysql->net.vio->ssl_arg));

1628

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

1629

1567

DBUG_RETURN(NULL);

1630

1568

}

1631

1569

1645

1583

1646

1584

1647

1585

1648

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

1649

1650

static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)

1651

{

1652

SSL *ssl;

1653

X509 *server_cert;

1654

char *cp1, *cp2;

1655

char buf[256];

1656

DBUG_ENTER("ssl_verify_server_cert");

1657

DBUG_PRINT("enter", ("server_hostname: %s", server_hostname));

1658

1659

if (!(ssl= (SSL*)vio->ssl_arg))

1660

{

1661

DBUG_PRINT("error", ("No SSL pointer found"));

1662

DBUG_RETURN(1);

1663

}

1664

1665

if (!server_hostname)

1666

{

1667

DBUG_PRINT("error", ("No server hostname supplied"));

1668

DBUG_RETURN(1);

1669

}

1670

1671

if (!(server_cert= SSL_get_peer_certificate(ssl)))

1672

{

1673

DBUG_PRINT("error", ("Could not get server certificate"));

1674

DBUG_RETURN(1);

1675

}

1676

1677

1678

We already know that the certificate exchanged was valid; the SSL library

1679

handled that. Now we need to verify that the contents of the certificate

1680

are what we expect.

1681

1682

1683

X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));

1684

X509_free (server_cert);

1685

1686

DBUG_PRINT("info", ("hostname in cert: %s", buf));

1687

cp1= strstr(buf, "/CN=");

1688

if (cp1)

1689

{

1690

cp1+= 4; /* Skip the "/CN=" that we found */

1691

/* Search for next / which might be the delimiter for email */

1692

cp2= strchr(cp1, '/');

1693

if (cp2)

1694

*cp2= '\0';

1695

DBUG_PRINT("info", ("Server hostname in cert: %s", cp1));

1696

if (!strcmp(cp1, server_hostname))

1697

{

1698

/* Success */

1699

DBUG_RETURN(0);

1700

}

1701

}

1702

DBUG_PRINT("error", ("SSL certificate validation failure"));

1703

DBUG_RETURN(1);

1704

}

1705

1706

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

1707

1708

1586

1709

1587

1710

1588

Note that the mysql argument must be initialized with mysql_init()

2222

2100

if (client_flag & CLIENT_MULTI_STATEMENTS)

2223

2101

client_flag|= CLIENT_MULTI_RESULTS;

2224

2102

2225

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

2226

if (mysql->options.ssl_key || mysql->options.ssl_cert ||

2227

mysql->options.ssl_ca || mysql->options.ssl_capath ||

2228

mysql->options.ssl_cipher)

2229

mysql->options.use_ssl= 1;

2230

if (mysql->options.use_ssl)

2231

client_flag|=CLIENT_SSL;

2232

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY*/

2233

2103

if (db)

2234

2104

client_flag|=CLIENT_CONNECT_WITH_DB;

2235

2105

2256

2126

}

2257

2127

mysql->client_flag=client_flag;

2258

2128

2259

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

2260

if (client_flag & CLIENT_SSL)

2261

{

2262

/* Do the SSL layering. */

2263

struct st_mysql_options *options= &mysql->options;

2264

struct st_VioSSLFd *ssl_fd;

2265

2266

2267

Send client_flag, max_packet_size - unencrypted otherwise

2268

the server does not know we want to do SSL

2269

2270

if (my_net_write(net, (uchar*) buff, (uint) (end-buff)) || net_flush(net))

2271

{

2272

set_mysql_extended_error(mysql, CR_SERVER_LOST, unknown_sqlstate,

2273

ER(CR_SERVER_LOST_EXTENDED),

2274

"sending connection information to server",

2275

errno);

2276

goto error;

2277

}

2278

2279

/* Create the VioSSLConnectorFd - init SSL and load certs */

2280

if (!(ssl_fd= new_VioSSLConnectorFd(options->ssl_key,

2281

options->ssl_cert,

2282

options->ssl_ca,

2283

options->ssl_capath,

2284

options->ssl_cipher)))

2285

{

2286

set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);

2287

goto error;

2288

}

2289

mysql->connector_fd= (void*)ssl_fd;

2290

2291

/* Connect to the server */

2292

DBUG_PRINT("info", ("IO layer change in progress..."));

2293

if (sslconnect(ssl_fd, mysql->net.vio,

2294

(long) (mysql->options.connect_timeout)))

2295

{

2296

set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);

2297

goto error;

2298

}

2299

DBUG_PRINT("info", ("IO layer change done!"));

2300

2301

/* Verify server cert */

2302

if ((client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&

2303

ssl_verify_server_cert(mysql->net.vio, mysql->host))

2304

{

2305

set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);

2306

goto error;

2307

}

2308

2309

}

2310

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

2311

2312

2129

DBUG_PRINT("info",("Server version = '%s' capabilites: %lu status: %u client_flag: %lu",

2313

2130

mysql->server_version,mysql->server_capabilities,

2314

2131

mysql->server_status, client_flag));

2593

2410

delete_dynamic(init_commands);

2594

2411

my_free((char*)init_commands,MYF(MY_WME));

2595

2412

}

2596

#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)

2597

mysql_ssl_free(mysql);

2598

#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */

2599

2413

#ifdef HAVE_SMEM

2600

2414

if (mysql->options.shared_memory_base_name != def_shared_memory_base_name)

2601

2415

my_free(mysql->options.shared_memory_base_name,MYF(MY_ALLOW_ZERO_PTR));

Older »