Merge lp:~linuxjedi/drizzle/drizzle-libdrizzle-ssl into lp:drizzle
- drizzle-libdrizzle-ssl
- Merge into 7.2
Proposed by
Andrew Hutchings
Status: | Merged |
---|---|
Approved by: | Brian Aker |
Approved revision: | 2554 |
Merged at revision: | 2555 |
Proposed branch: | lp:~linuxjedi/drizzle/drizzle-libdrizzle-ssl |
Merge into: | lp:drizzle |
Diff against target: |
691 lines (+380/-53) 15 files modified
configure.ac (+1/-0) libdrizzle-1.0/constants.h (+6/-0) libdrizzle-1.0/drizzle.h (+10/-0) libdrizzle-1.0/drizzle_client.h (+1/-0) libdrizzle-1.0/handshake_client.h (+10/-0) libdrizzle-1.0/include.am (+5/-1) libdrizzle-1.0/return.h (+1/-0) libdrizzle-1.0/ssl.h (+49/-0) libdrizzle-1.0/structs.h (+4/-0) libdrizzle/conn.cc (+35/-17) libdrizzle/drizzle.cc (+14/-0) libdrizzle/handshake.cc (+108/-35) libdrizzle/ssl.cc (+83/-0) libdrizzle/state.h (+1/-0) m4/pandora_have_libssl.m4 (+52/-0) |
To merge this branch: | bzr merge lp:~linuxjedi/drizzle/drizzle-libdrizzle-ssl |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Drizzle Trunk | Pending | ||
Review via email: mp+105609@code.launchpad.net |
Commit message
Description of the change
Adds SSL support to client side libdrizzle. Note that it will add openssl to the dependencies
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'configure.ac' |
2 | --- configure.ac 2012-05-06 07:53:45 +0000 |
3 | +++ configure.ac 2012-05-14 06:07:23 +0000 |
4 | @@ -101,6 +101,7 @@ |
5 | PANDORA_REQUIRE_PTHREAD |
6 | PANDORA_REQUIRE_LIBUUID |
7 | PANDORA_REQUIRE_LIBZ |
8 | +PANDORA_REQUIRE_LIBSSL |
9 | PANDORA_REQUIRE_LIBPCRE |
10 | PANDORA_REQUIRE_LIBREADLINE |
11 | PANDORA_REQUIRE_LIBDL |
12 | |
13 | === modified file 'libdrizzle-1.0/constants.h' |
14 | --- libdrizzle-1.0/constants.h 2012-01-13 06:27:22 +0000 |
15 | +++ libdrizzle-1.0/constants.h 2012-05-14 06:07:23 +0000 |
16 | @@ -444,6 +444,12 @@ |
17 | DRIZZLE_COLUMN_FLAGS_RENAMED= (1 << 21) |
18 | }; |
19 | |
20 | +typedef enum |
21 | +{ |
22 | + DRIZZLE_SSL_STATE_NONE= 0, |
23 | + DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE |
24 | +} drizzle_ssl_state_t; |
25 | + |
26 | #ifndef __cplusplus |
27 | typedef enum drizzle_column_flags_t drizzle_column_flags_t; |
28 | #endif |
29 | |
30 | === modified file 'libdrizzle-1.0/drizzle.h' |
31 | --- libdrizzle-1.0/drizzle.h 2011-11-07 15:04:16 +0000 |
32 | +++ libdrizzle-1.0/drizzle.h 2012-05-14 06:07:23 +0000 |
33 | @@ -90,6 +90,8 @@ |
34 | # include <poll.h> |
35 | #endif |
36 | |
37 | +#include <openssl/ssl.h> |
38 | + |
39 | #include <assert.h> |
40 | #include <errno.h> |
41 | |
42 | @@ -119,6 +121,14 @@ |
43 | */ |
44 | |
45 | /** |
46 | + * Intialize the Drizzle library |
47 | + * |
48 | + * Currently only initalizes the SSL library |
49 | + */ |
50 | +DRIZZLE_API |
51 | +void drizzle_library_init(void); |
52 | + |
53 | +/** |
54 | * Get library version string. |
55 | * |
56 | * @return Pointer to static buffer in library that holds the version string. |
57 | |
58 | === modified file 'libdrizzle-1.0/drizzle_client.h' |
59 | --- libdrizzle-1.0/drizzle_client.h 2012-04-16 03:42:10 +0000 |
60 | +++ libdrizzle-1.0/drizzle_client.h 2012-05-14 06:07:23 +0000 |
61 | @@ -53,6 +53,7 @@ |
62 | #include <libdrizzle-1.0/row_client.h> |
63 | #include <libdrizzle-1.0/field_client.h> |
64 | #include <libdrizzle-1.0/error.h> |
65 | +#include <libdrizzle-1.0/ssl.h> |
66 | |
67 | #ifdef __cplusplus |
68 | extern "C" { |
69 | |
70 | === modified file 'libdrizzle-1.0/handshake_client.h' |
71 | --- libdrizzle-1.0/handshake_client.h 2011-11-07 15:04:16 +0000 |
72 | +++ libdrizzle-1.0/handshake_client.h 2012-05-14 06:07:23 +0000 |
73 | @@ -75,6 +75,16 @@ |
74 | DRIZZLE_API |
75 | drizzle_return_t drizzle_handshake_client_write(drizzle_con_st *con); |
76 | |
77 | +/** |
78 | + * Write client SSL handshake packet to a server. |
79 | + * |
80 | + * @param[in] con Connection structure previously initialized with |
81 | + * drizzle_con_create(), drizzle_con_clone(), or related functions. |
82 | + * @return Standard drizzle return value. |
83 | + */ |
84 | +DRIZZLE_API |
85 | +drizzle_return_t drizzle_handshake_ssl_client_write(drizzle_con_st *con); |
86 | + |
87 | /** @} */ |
88 | |
89 | #ifdef __cplusplus |
90 | |
91 | === modified file 'libdrizzle-1.0/include.am' |
92 | --- libdrizzle-1.0/include.am 2012-04-16 03:42:10 +0000 |
93 | +++ libdrizzle-1.0/include.am 2012-05-14 06:07:23 +0000 |
94 | @@ -48,6 +48,8 @@ |
95 | -version-info \ |
96 | $(LIBDRIZZLE_LIBRARY_VERSION) |
97 | |
98 | +libdrizzle_1_0_libdrizzle_la_LIBADD= $(LIBSSL) |
99 | + |
100 | libdrizzle_1_0_libdrizzle_la_SOURCES= \ |
101 | libdrizzle/column.cc \ |
102 | libdrizzle/command.cc \ |
103 | @@ -62,7 +64,8 @@ |
104 | libdrizzle/result.cc \ |
105 | libdrizzle/row.cc \ |
106 | libdrizzle/sha1.cc \ |
107 | - libdrizzle/state.cc |
108 | + libdrizzle/state.cc \ |
109 | + libdrizzle/ssl.cc |
110 | |
111 | nobase_include_HEADERS+= libdrizzle-1.0/version.h |
112 | nobase_include_HEADERS+= \ |
113 | @@ -91,6 +94,7 @@ |
114 | libdrizzle-1.0/return.h \ |
115 | libdrizzle-1.0/row_client.h \ |
116 | libdrizzle-1.0/row_server.h \ |
117 | + libdrizzle-1.0/ssl.h \ |
118 | libdrizzle-1.0/structs.h \ |
119 | libdrizzle-1.0/verbose.h \ |
120 | libdrizzle-1.0/visibility.h |
121 | |
122 | === modified file 'libdrizzle-1.0/return.h' |
123 | --- libdrizzle-1.0/return.h 2012-01-13 06:27:22 +0000 |
124 | +++ libdrizzle-1.0/return.h 2012-05-14 06:07:23 +0000 |
125 | @@ -67,6 +67,7 @@ |
126 | DRIZZLE_RETURN_HANDSHAKE_FAILED, |
127 | DRIZZLE_RETURN_TIMEOUT, |
128 | DRIZZLE_RETURN_INVALID_ARGUMENT, |
129 | + DRIZZLE_RETURN_SSL_ERROR, |
130 | DRIZZLE_RETURN_MAX /* Always add new codes to the end before this one. */ |
131 | }; |
132 | |
133 | |
134 | === added file 'libdrizzle-1.0/ssl.h' |
135 | --- libdrizzle-1.0/ssl.h 1970-01-01 00:00:00 +0000 |
136 | +++ libdrizzle-1.0/ssl.h 2012-05-14 06:07:23 +0000 |
137 | @@ -0,0 +1,49 @@ |
138 | +/* |
139 | + * Drizzle Client & Protocol Library |
140 | + * |
141 | + * Copyright (C) 2012 Andrew Hutchings (andrew@linuxjedi.co.uk) |
142 | + * All rights reserved. |
143 | + * |
144 | + * Redistribution and use in source and binary forms, with or without |
145 | + * modification, are permitted provided that the following conditions are |
146 | + * met: |
147 | + * |
148 | + * * Redistributions of source code must retain the above copyright |
149 | + * notice, this list of conditions and the following disclaimer. |
150 | + * |
151 | + * * Redistributions in binary form must reproduce the above |
152 | + * copyright notice, this list of conditions and the following disclaimer |
153 | + * in the documentation and/or other materials provided with the |
154 | + * distribution. |
155 | + * |
156 | + * * The names of its contributors may not be used to endorse or |
157 | + * promote products derived from this software without specific prior |
158 | + * written permission. |
159 | + * |
160 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
161 | + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
162 | + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
163 | + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
164 | + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
165 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
166 | + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
167 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
168 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
169 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
170 | + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
171 | + * |
172 | + */ |
173 | + |
174 | +#pragma once |
175 | + |
176 | +#ifdef __cplusplus |
177 | +extern "C" { |
178 | +#endif |
179 | + |
180 | +DRIZZLE_API |
181 | +drizzle_return_t drizzle_set_ssl(drizzle_con_st *con, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher); |
182 | + |
183 | +#ifdef __cplusplus |
184 | +} |
185 | +#endif |
186 | + |
187 | |
188 | === modified file 'libdrizzle-1.0/structs.h' |
189 | --- libdrizzle-1.0/structs.h 2012-01-30 05:36:54 +0000 |
190 | +++ libdrizzle-1.0/structs.h 2012-05-14 06:07:23 +0000 |
191 | @@ -43,6 +43,7 @@ |
192 | #pragma once |
193 | |
194 | #include <sys/types.h> |
195 | +#include <openssl/ssl.h> |
196 | |
197 | #ifdef NI_MAXHOST |
198 | # define LIBDRIZZLE_NI_MAXHOST NI_MAXHOST |
199 | @@ -157,6 +158,9 @@ |
200 | char server_extra[DRIZZLE_MAX_SERVER_EXTRA_SIZE]; |
201 | drizzle_state_fn *state_stack[DRIZZLE_STATE_STACK_SIZE]; |
202 | char user[DRIZZLE_MAX_USER_SIZE]; |
203 | + SSL_CTX *ssl_context; |
204 | + SSL *ssl; |
205 | + drizzle_ssl_state_t ssl_state; |
206 | }; |
207 | |
208 | /** |
209 | |
210 | === modified file 'libdrizzle/conn.cc' |
211 | --- libdrizzle/conn.cc 2012-04-20 20:26:15 +0000 |
212 | +++ libdrizzle/conn.cc 2012-05-14 06:07:23 +0000 |
213 | @@ -1403,6 +1403,11 @@ |
214 | return DRIZZLE_RETURN_COULD_NOT_CONNECT; |
215 | } |
216 | |
217 | + if (con->ssl) |
218 | + { |
219 | + SSL_set_fd(con->ssl, con->fd); |
220 | + } |
221 | + |
222 | drizzle_state_pop(con); |
223 | } |
224 | |
225 | @@ -1510,7 +1515,11 @@ |
226 | { |
227 | size_t available_buffer= (size_t)DRIZZLE_MAX_BUFFER_SIZE - |
228 | ((size_t)(con->buffer_ptr - con->buffer) + con->buffer_size); |
229 | - read_size = recv(con->fd, (char *)con->buffer_ptr + con->buffer_size, |
230 | + |
231 | + if (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) |
232 | + read_size= SSL_read(con->ssl, (char*)con->buffer_ptr + con->buffer_size, available_buffer); |
233 | + else |
234 | + read_size = recv(con->fd, (char *)con->buffer_ptr + con->buffer_size, |
235 | available_buffer, 0); |
236 | #ifdef _WIN32 |
237 | errno = WSAGetLastError(); |
238 | @@ -1548,8 +1557,10 @@ |
239 | break; |
240 | } |
241 | #endif /* _WIN32 */ |
242 | - drizzle_log_crazy(con->drizzle, "read fd=%d return=%zd errno=%s", con->fd, |
243 | - read_size, strerror(errno)); |
244 | + drizzle_log_crazy(con->drizzle, "read fd=%d return=%zd ssl= %d errno=%s", |
245 | + con->fd, read_size, |
246 | + (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) ? 1 : 0, |
247 | + strerror(errno)); |
248 | |
249 | if (read_size == 0) |
250 | { |
251 | @@ -1629,8 +1640,10 @@ |
252 | |
253 | while (con->buffer_size != 0) |
254 | { |
255 | - |
256 | - write_size = send(con->fd,(char *) con->buffer_ptr, con->buffer_size, 0); |
257 | + if (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) |
258 | + write_size= SSL_write(con->ssl, con->buffer_ptr, con->buffer_size); |
259 | + else |
260 | + write_size = send(con->fd,(char *) con->buffer_ptr, con->buffer_size, 0); |
261 | |
262 | #ifdef _WIN32 |
263 | errno = WSAGetLastError(); |
264 | @@ -1669,8 +1682,10 @@ |
265 | } |
266 | #endif /* _WIN32 */ |
267 | |
268 | - drizzle_log_crazy(con->drizzle, "write fd=%d return=%zd errno=%s", con->fd, |
269 | - write_size, strerror(errno)); |
270 | + drizzle_log_crazy(con->drizzle, "write fd=%d return=%zd ssl=%d errno=%s", |
271 | + con->fd, write_size, |
272 | + (con->ssl_state == DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE) ? 1 : 0, |
273 | + strerror(errno)); |
274 | |
275 | if (write_size == 0) |
276 | { } |
277 | @@ -1944,18 +1959,21 @@ |
278 | ioctlsocket(con->fd, FIONBIO, &asyncmode); |
279 | } |
280 | #else |
281 | - ret= fcntl(con->fd, F_GETFL, 0); |
282 | - if (ret == -1) |
283 | + if (!con->ssl) |
284 | { |
285 | - drizzle_set_error(con->drizzle, __func__, "fcntl:F_GETFL:%s", strerror(errno)); |
286 | - return DRIZZLE_RETURN_ERRNO; |
287 | - } |
288 | + ret= fcntl(con->fd, F_GETFL, 0); |
289 | + if (ret == -1) |
290 | + { |
291 | + drizzle_set_error(con->drizzle, __func__, "fcntl:F_GETFL:%s", strerror(errno)); |
292 | + return DRIZZLE_RETURN_ERRNO; |
293 | + } |
294 | |
295 | - ret= fcntl(con->fd, F_SETFL, ret | O_NONBLOCK); |
296 | - if (ret == -1) |
297 | - { |
298 | - drizzle_set_error(con->drizzle, __func__, "fcntl:F_SETFL:%s", strerror(errno)); |
299 | - return DRIZZLE_RETURN_ERRNO; |
300 | + ret= fcntl(con->fd, F_SETFL, ret | O_NONBLOCK); |
301 | + if (ret == -1) |
302 | + { |
303 | + drizzle_set_error(con->drizzle, __func__, "fcntl:F_SETFL:%s", strerror(errno)); |
304 | + return DRIZZLE_RETURN_ERRNO; |
305 | + } |
306 | } |
307 | #endif |
308 | |
309 | |
310 | === modified file 'libdrizzle/drizzle.cc' |
311 | --- libdrizzle/drizzle.cc 2012-04-16 03:42:10 +0000 |
312 | +++ libdrizzle/drizzle.cc 2012-05-14 06:07:23 +0000 |
313 | @@ -67,6 +67,11 @@ |
314 | * Common Definitions |
315 | */ |
316 | |
317 | +void drizzle_library_init(void) |
318 | +{ |
319 | + SSL_library_init(); |
320 | +} |
321 | + |
322 | const char *drizzle_version(void) |
323 | { |
324 | return LIBDRIZZLE_VERSION_STRING; |
325 | @@ -457,6 +462,9 @@ |
326 | con->server_version[0]= 0; |
327 | /* con->state_stack doesn't need to be set */ |
328 | con->user[0]= 0; |
329 | + con->ssl_context= NULL; |
330 | + con->ssl= NULL; |
331 | + con->ssl_state= DRIZZLE_SSL_STATE_NONE; |
332 | |
333 | return con; |
334 | } |
335 | @@ -539,6 +547,12 @@ |
336 | if (con->next != NULL) |
337 | con->next->prev= con->prev; |
338 | |
339 | + if (con->ssl) |
340 | + SSL_free(con->ssl); |
341 | + |
342 | + if (con->ssl_context) |
343 | + SSL_CTX_free(con->ssl_context); |
344 | + |
345 | con->drizzle->con_count--; |
346 | |
347 | if (con->options & DRIZZLE_CON_ALLOCATED) |
348 | |
349 | === modified file 'libdrizzle/handshake.cc' |
350 | --- libdrizzle/handshake.cc 2011-12-28 21:59:11 +0000 |
351 | +++ libdrizzle/handshake.cc 2012-05-14 06:07:23 +0000 |
352 | @@ -63,6 +63,12 @@ |
353 | { |
354 | drizzle_state_push(con, drizzle_state_write); |
355 | drizzle_state_push(con, drizzle_state_handshake_client_write); |
356 | + |
357 | + if (con->ssl) |
358 | + { |
359 | + drizzle_state_push(con, drizzle_state_write); |
360 | + drizzle_state_push(con, drizzle_state_handshake_ssl_client_write); |
361 | + } |
362 | } |
363 | |
364 | return drizzle_state_loop(con); |
365 | @@ -226,6 +232,11 @@ |
366 | drizzle_state_push(con, drizzle_state_packet_read); |
367 | drizzle_state_push(con, drizzle_state_write); |
368 | drizzle_state_push(con, drizzle_state_handshake_client_write); |
369 | + if (con->ssl) |
370 | + { |
371 | + drizzle_state_push(con, drizzle_state_write); |
372 | + drizzle_state_push(con, drizzle_state_handshake_ssl_client_write); |
373 | + } |
374 | } |
375 | |
376 | return DRIZZLE_RETURN_OK; |
377 | @@ -491,42 +502,9 @@ |
378 | return DRIZZLE_RETURN_OK; |
379 | } |
380 | |
381 | -drizzle_return_t drizzle_state_handshake_client_write(drizzle_con_st *con) |
382 | +int drizzle_compile_capabilities(drizzle_con_st *con) |
383 | { |
384 | - uint8_t *ptr; |
385 | int capabilities; |
386 | - drizzle_return_t ret; |
387 | - |
388 | - if (con == NULL) |
389 | - { |
390 | - return DRIZZLE_RETURN_INVALID_ARGUMENT; |
391 | - } |
392 | - drizzle_log_debug(con->drizzle, "drizzle_state_handshake_client_write"); |
393 | - |
394 | - /* Calculate max packet size. */ |
395 | - con->packet_size= 4 /* Capabilities */ |
396 | - + 4 /* Max packet size */ |
397 | - + 1 /* Charset */ |
398 | - + 23 /* Unused */ |
399 | - + strlen(con->user) + 1 |
400 | - + 1 /* Scramble size */ |
401 | - + DRIZZLE_MAX_SCRAMBLE_SIZE |
402 | - + strlen(con->db) + 1; |
403 | - |
404 | - /* Assume the entire handshake packet will fit in the buffer. */ |
405 | - if ((con->packet_size + 4) > DRIZZLE_MAX_BUFFER_SIZE) |
406 | - { |
407 | - drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_write", |
408 | - "buffer too small:%zu", con->packet_size + 4); |
409 | - return DRIZZLE_RETURN_INTERNAL_ERROR; |
410 | - } |
411 | - |
412 | - ptr= con->buffer_ptr; |
413 | - |
414 | - /* Store packet size at the end since it may change. */ |
415 | - ptr[3]= con->packet_number; |
416 | - con->packet_number++; |
417 | - ptr+= 4; |
418 | |
419 | if (con->options & DRIZZLE_CON_MYSQL) |
420 | con->capabilities|= DRIZZLE_CAPABILITIES_PROTOCOL_41; |
421 | @@ -550,10 +528,69 @@ |
422 | capabilities|= int(DRIZZLE_CAPABILITIES_PLUGIN_AUTH); |
423 | } |
424 | |
425 | - capabilities&= ~(int(DRIZZLE_CAPABILITIES_COMPRESS) | int(DRIZZLE_CAPABILITIES_SSL)); |
426 | + if (con->ssl) |
427 | + { |
428 | + capabilities|= int(DRIZZLE_CAPABILITIES_SSL); |
429 | + } |
430 | + |
431 | + capabilities&= ~(int(DRIZZLE_CAPABILITIES_COMPRESS)); |
432 | if (con->db[0] == 0) |
433 | capabilities&= ~int(DRIZZLE_CAPABILITIES_CONNECT_WITH_DB); |
434 | |
435 | + return capabilities; |
436 | +} |
437 | + |
438 | +drizzle_return_t drizzle_state_handshake_client_write(drizzle_con_st *con) |
439 | +{ |
440 | + uint8_t *ptr; |
441 | + int capabilities; |
442 | + int ssl_ret; |
443 | + drizzle_return_t ret; |
444 | + |
445 | + if (con == NULL) |
446 | + { |
447 | + return DRIZZLE_RETURN_INVALID_ARGUMENT; |
448 | + } |
449 | + drizzle_log_debug(con->drizzle, "drizzle_state_handshake_client_write"); |
450 | + |
451 | + if (con->ssl) |
452 | + { |
453 | + ssl_ret= SSL_connect(con->ssl); |
454 | + if (ssl_ret != 1) |
455 | + { |
456 | + drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_write", "SSL error: %d", SSL_get_error(con->ssl, ssl_ret)); |
457 | + return DRIZZLE_RETURN_SSL_ERROR; |
458 | + } |
459 | + con->ssl_state= DRIZZLE_SSL_STATE_HANDSHAKE_COMPLETE; |
460 | + } |
461 | + |
462 | + /* Calculate max packet size. */ |
463 | + con->packet_size= 4 /* Capabilities */ |
464 | + + 4 /* Max packet size */ |
465 | + + 1 /* Charset */ |
466 | + + 23 /* Unused */ |
467 | + + strlen(con->user) + 1 |
468 | + + 1 /* Scramble size */ |
469 | + + DRIZZLE_MAX_SCRAMBLE_SIZE |
470 | + + strlen(con->db) + 1; |
471 | + |
472 | + /* Assume the entire handshake packet will fit in the buffer. */ |
473 | + if ((con->packet_size + 4) > DRIZZLE_MAX_BUFFER_SIZE) |
474 | + { |
475 | + drizzle_set_error(con->drizzle, "drizzle_state_handshake_client_write", |
476 | + "buffer too small:%zu", con->packet_size + 4); |
477 | + return DRIZZLE_RETURN_INTERNAL_ERROR; |
478 | + } |
479 | + |
480 | + ptr= con->buffer_ptr; |
481 | + |
482 | + /* Store packet size at the end since it may change. */ |
483 | + ptr[3]= con->packet_number; |
484 | + con->packet_number++; |
485 | + ptr+= 4; |
486 | + |
487 | + capabilities= drizzle_compile_capabilities(con); |
488 | + |
489 | drizzle_set_byte4(ptr, capabilities); |
490 | ptr+= 4; |
491 | |
492 | @@ -588,6 +625,42 @@ |
493 | return DRIZZLE_RETURN_OK; |
494 | } |
495 | |
496 | +drizzle_return_t drizzle_state_handshake_ssl_client_write(drizzle_con_st *con) |
497 | +{ |
498 | + uint8_t *ptr; |
499 | + int capabilities; |
500 | + |
501 | + drizzle_log_debug(con->drizzle, "drizzle_state_handshake_ssl_client_write"); |
502 | + |
503 | + /* SSL handshake packet structure */ |
504 | + con->packet_size= 4 /* Capabilities */ |
505 | + + 4 /* Max packet size */ |
506 | + + 1 /* Charset */ |
507 | + + 23; /* Padding unused bytes */ |
508 | + |
509 | + ptr= con->buffer_ptr; |
510 | + drizzle_set_byte3(ptr, con->packet_size); |
511 | + ptr[3]= con->packet_number; |
512 | + con->packet_number++; |
513 | + ptr+= 4; |
514 | + |
515 | + capabilities= drizzle_compile_capabilities(con); |
516 | + drizzle_set_byte4(ptr, capabilities); |
517 | + ptr+= 4; |
518 | + drizzle_set_byte4(ptr, con->max_packet_size); |
519 | + ptr+= 4; |
520 | + |
521 | + ptr[0]= con->charset; |
522 | + |
523 | + con->buffer_size+= con->packet_size + 4; |
524 | + ptr++; |
525 | + |
526 | + memset(ptr, 0, 23); |
527 | + |
528 | + drizzle_state_pop(con); |
529 | + return DRIZZLE_RETURN_OK; |
530 | +} |
531 | + |
532 | drizzle_return_t drizzle_state_handshake_result_read(drizzle_con_st *con) |
533 | { |
534 | if (con == NULL) |
535 | |
536 | === added file 'libdrizzle/ssl.cc' |
537 | --- libdrizzle/ssl.cc 1970-01-01 00:00:00 +0000 |
538 | +++ libdrizzle/ssl.cc 2012-05-14 06:07:23 +0000 |
539 | @@ -0,0 +1,83 @@ |
540 | +/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: |
541 | + * |
542 | + * Drizzle Client & Protocol Library |
543 | + * |
544 | + * Copyright (C) 2012 Andrew Hutchings (andrew@linuxjedi.co.uk) |
545 | + * All rights reserved. |
546 | + * |
547 | + * Redistribution and use in source and binary forms, with or without |
548 | + * modification, are permitted provided that the following conditions are |
549 | + * met: |
550 | + * |
551 | + * * Redistributions of source code must retain the above copyright |
552 | + * notice, this list of conditions and the following disclaimer. |
553 | + * |
554 | + * * Redistributions in binary form must reproduce the above |
555 | + * copyright notice, this list of conditions and the following disclaimer |
556 | + * in the documentation and/or other materials provided with the |
557 | + * distribution. |
558 | + * |
559 | + * * The names of its contributors may not be used to endorse or |
560 | + * promote products derived from this software without specific prior |
561 | + * written permission. |
562 | + * |
563 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
564 | + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
565 | + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
566 | + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
567 | + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
568 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
569 | + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
570 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
571 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
572 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
573 | + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
574 | + * |
575 | + */ |
576 | + |
577 | +#include <libdrizzle/common.h> |
578 | + |
579 | +drizzle_return_t drizzle_set_ssl(drizzle_con_st *con, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher) |
580 | +{ |
581 | + con->ssl_context= SSL_CTX_new(TLSv1_client_method()); |
582 | + |
583 | + if (cipher) |
584 | + { |
585 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot set the SSL cipher list"); |
586 | + return DRIZZLE_RETURN_SSL_ERROR; |
587 | + } |
588 | + |
589 | + if (SSL_CTX_load_verify_locations(con->ssl_context, ca, capath) != 1) |
590 | + { |
591 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate authority file"); |
592 | + return DRIZZLE_RETURN_SSL_ERROR; |
593 | + } |
594 | + |
595 | + if (cert) |
596 | + { |
597 | + if (SSL_CTX_use_certificate_file(con->ssl_context, cert, SSL_FILETYPE_PEM) != 1) |
598 | + { |
599 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL certificate file"); |
600 | + return DRIZZLE_RETURN_SSL_ERROR; |
601 | + } |
602 | + |
603 | + if (!key) |
604 | + key= cert; |
605 | + |
606 | + if (SSL_CTX_use_PrivateKey_file(con->ssl_context, key, SSL_FILETYPE_PEM) != 1) |
607 | + { |
608 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Cannot load the SSL key file"); |
609 | + return DRIZZLE_RETURN_SSL_ERROR; |
610 | + } |
611 | + |
612 | + if (SSL_CTX_check_private_key(con->ssl_context) != 1) |
613 | + { |
614 | + drizzle_set_error(con->drizzle, "drizzle_set_ssl", "Error validating the SSL private key"); |
615 | + return DRIZZLE_RETURN_SSL_ERROR; |
616 | + } |
617 | + } |
618 | + |
619 | + con->ssl= SSL_new(con->ssl_context); |
620 | + |
621 | + return DRIZZLE_RETURN_OK; |
622 | +} |
623 | |
624 | === modified file 'libdrizzle/state.h' |
625 | --- libdrizzle/state.h 2011-12-28 21:59:11 +0000 |
626 | +++ libdrizzle/state.h 2012-05-14 06:07:23 +0000 |
627 | @@ -79,6 +79,7 @@ |
628 | drizzle_return_t drizzle_state_handshake_server_write(drizzle_con_st *con); |
629 | drizzle_return_t drizzle_state_handshake_client_read(drizzle_con_st *con); |
630 | drizzle_return_t drizzle_state_handshake_client_write(drizzle_con_st *con); |
631 | +drizzle_return_t drizzle_state_handshake_ssl_client_write(drizzle_con_st *con); |
632 | drizzle_return_t drizzle_state_handshake_result_read(drizzle_con_st *con); |
633 | |
634 | /* Functions in command.c */ |
635 | |
636 | === added file 'm4/pandora_have_libssl.m4' |
637 | --- m4/pandora_have_libssl.m4 1970-01-01 00:00:00 +0000 |
638 | +++ m4/pandora_have_libssl.m4 2012-05-14 06:07:23 +0000 |
639 | @@ -0,0 +1,52 @@ |
640 | +dnl Copyright (C) 2009 Sun Microsystems, Inc. |
641 | +dnl This file is free software; Sun Microsystems, Inc. |
642 | +dnl gives unlimited permission to copy and/or distribute it, |
643 | +dnl with or without modifications, as long as this notice is preserved. |
644 | + |
645 | +#-------------------------------------------------------------------- |
646 | +# Check for openssl |
647 | +#-------------------------------------------------------------------- |
648 | + |
649 | + |
650 | +AC_DEFUN([_PANDORA_SEARCH_LIBSSL],[ |
651 | + AC_REQUIRE([AC_LIB_PREFIX]) |
652 | + |
653 | + AC_LIB_HAVE_LINKFLAGS(ssl,, |
654 | + [ |
655 | + #include <openssl/ssl.h> |
656 | + ],[ |
657 | + SSL_CTX *ctx; |
658 | + ctx= SSL_CTX_new(TLSv1_client_method()); |
659 | + ]) |
660 | + |
661 | + AM_CONDITIONAL(HAVE_LIBSSL, [test "x${ac_cv_libssl}" = "xyes"]) |
662 | +]) |
663 | + |
664 | +AC_DEFUN([_PANDORA_HAVE_LIBSSL],[ |
665 | + |
666 | + AC_ARG_ENABLE([libssl], |
667 | + [AS_HELP_STRING([--disable-libssl], |
668 | + [Build with libssl support @<:@default=on@:>@])], |
669 | + [ac_enable_libssl="$enableval"], |
670 | + [ac_enable_libssl="yes"]) |
671 | + |
672 | + _PANDORA_SEARCH_LIBSSL |
673 | +]) |
674 | + |
675 | + |
676 | +AC_DEFUN([PANDORA_HAVE_LIBSSL],[ |
677 | + AC_REQUIRE([_PANDORA_HAVE_LIBSSL]) |
678 | +]) |
679 | + |
680 | +AC_DEFUN([_PANDORA_REQUIRE_LIBSSL],[ |
681 | + ac_enable_libssl="yes" |
682 | + _PANDORA_SEARCH_LIBSSL |
683 | + |
684 | + AS_IF([test x$ac_cv_libssl = xno],[ |
685 | + PANDORA_MSG_ERROR([libssl is required for ${PACKAGE}. On Debian this can be found in libssl-dev. On RedHat this can be found in openssl-devel.]) |
686 | + ]) |
687 | +]) |
688 | + |
689 | +AC_DEFUN([PANDORA_REQUIRE_LIBSSL],[ |
690 | + AC_REQUIRE([_PANDORA_REQUIRE_LIBSSL]) |
691 | +]) |