Skip to content

Commit 472b73e

Browse files
author
Ramil Kalimullin
committed
WL#12903: Support compilation with OpenSSL 1.1.1 for MYSQL 5.6 & 5.7
RB: 22486
1 parent d6ece18 commit 472b73e

30 files changed

+220
-97
lines changed

cmake/ssl.cmake

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,7 @@ MACRO (MYSQL_CHECK_SSL)
126126
# OpenSSL-1.1 requires backport of the patch for
127127
# Bug #28179051: ADD SUPPORT FOR OPENSSL 1.1 ON WINDOWS
128128
# SET(WITH_SSL_PATH "C:/OpenSSL-1.1-Win64/")
129+
SET(WITH_SSL_PATH "C:/Program Files/OpenSSL-Win64/")
129130
ENDIF()
130131
ENDIF()
131132

@@ -251,7 +252,7 @@ MACRO (MYSQL_CHECK_SSL)
251252
ENDIF()
252253
MESSAGE(STATUS "SSL_LIBRARIES = ${SSL_LIBRARIES}")
253254
IF(WIN32 AND WITH_SSL STREQUAL "system")
254-
MESSAGE(STATUS "Please do\nPATH=${WITH_SSL_PATH}:$PATH")
255+
MESSAGE(STATUS "Please do\nPATH=\"${WITH_SSL_PATH}/bin\":$PATH")
255256
ENDIF()
256257
SET(SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
257258
SET(SSL_INTERNAL_INCLUDE_DIRS "")

extra/CMakeLists.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ ADD_CUSTOM_TARGET(GenError
5959
${PROJECT_SOURCE_DIR}/sql/share/errmsg-utf8.txt)
6060

6161
MYSQL_ADD_EXECUTABLE(my_print_defaults my_print_defaults.c)
62-
TARGET_LINK_LIBRARIES(my_print_defaults mysys mysys_ssl)
62+
TARGET_LINK_LIBRARIES(my_print_defaults mysys mysys_ssl)
6363
SET_TARGET_PROPERTIES(my_print_defaults PROPERTIES LINKER_LANGUAGE CXX)
6464

6565
MYSQL_ADD_EXECUTABLE(perror perror.c)

libmysql/CMakeLists.txt

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,10 @@ ELSE()
185185
LIST(APPEND LIBS_TO_LINK ${ZLIB_LIBRARY})
186186
ENDIF()
187187

188-
IF(WITH_SSL STREQUAL "system")
188+
IF(WIN32)
189+
OPTION(LINK_DYNAMIC_OPENSSL "On Windows link OpenSSL dynamically" OFF)
190+
ENDIF()
191+
IF(WITH_SSL STREQUAL "system" OR LINK_DYNAMIC_OPENSSL)
189192
LIST(APPEND LIBS_TO_LINK ${SSL_LIBRARIES})
190193
ELSE()
191194
LIST(APPEND LIBS_TO_MERGE ${SSL_LIBRARIES})

mysql-test/include/allowed_ciphers.inc

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
2+
# List of allowed ciphers which will be
3+
# replaced with "SSL_CIPHER" in the result files.
4+
# DHE-XXX ciphers are for OpenSSL 1.0.X while
5+
# ECDHE-XXX for OpenSSL 1.1.X
6+
# Usage: --replace_regex $ALLOWED_CIPHERS_REGEX
7+
#
8+
9+
LET $ALLOWED_CIPHERS_REGEX =
10+
/DHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-AES128-GCM-SHA256|DHE-RSA-AES256-SHA|ECDHE-RSA-AES256-SHA|DHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384/SSL_CIPHER/;

mysql-test/include/have_openssl.inc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@
22
disable_query_log;
33
show variables like "have_openssl";
44
enable_query_log;
5+
--source include/allowed_ciphers.inc

mysql-test/include/have_ssl.inc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@
22
disable_query_log;
33
show variables like 'have_ssl';
44
enable_query_log;
5+
--source include/allowed_ciphers.inc

mysql-test/include/have_ssl_communication.inc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@
22
disable_query_log;
33
show variables like 'have_ssl';
44
enable_query_log;
5+
--source include/allowed_ciphers.inc

mysql-test/r/openssl_1.result

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,40 +2,40 @@ drop table if exists t1;
22
create table t1(f1 int);
33
insert into t1 values (5);
44
grant select on test.* to ssl_user1@localhost require SSL;
5-
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
6-
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";
7-
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
8-
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
5+
grant select on test.* to ssl_user2@localhost require cipher "SSL_CIPHER";;
6+
grant select on test.* to ssl_user3@localhost require cipher "SSL_CIPHER" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";;
7+
grant select on test.* to ssl_user4@localhost require cipher "SSL_CIPHER" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";;
8+
grant select on test.* to ssl_user5@localhost require cipher "SSL_CIPHER" AND SUBJECT "xxx";;
99
flush privileges;
1010
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
1111
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
1212
SHOW STATUS LIKE 'Ssl_cipher';
1313
Variable_name Value
14-
Ssl_cipher DHE-RSA-AES256-SHA
14+
Ssl_cipher SSL_CIPHER
1515
select * from t1;
1616
f1
1717
5
1818
delete from t1;
1919
ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1'
2020
SHOW STATUS LIKE 'Ssl_cipher';
2121
Variable_name Value
22-
Ssl_cipher DHE-RSA-AES256-SHA
22+
Ssl_cipher SSL_CIPHER
2323
select * from t1;
2424
f1
2525
5
2626
delete from t1;
2727
ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1'
2828
SHOW STATUS LIKE 'Ssl_cipher';
2929
Variable_name Value
30-
Ssl_cipher DHE-RSA-AES256-SHA
30+
Ssl_cipher SSL_CIPHER
3131
select * from t1;
3232
f1
3333
5
3434
delete from t1;
3535
ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1'
3636
SHOW STATUS LIKE 'Ssl_cipher';
3737
Variable_name Value
38-
Ssl_cipher DHE-RSA-AES256-SHA
38+
Ssl_cipher SSL_CIPHER
3939
select * from t1;
4040
f1
4141
5
@@ -55,7 +55,7 @@ SHOW STATUS LIKE 'Ssl_cipher';
5555
Variable_name Value
5656
Ssl_cipher DHE-RSA-AES256-SHA
5757
Variable_name Value
58-
Ssl_cipher DHE-RSA-AES256-SHA
58+
Ssl_cipher SSL_CIPHER
5959
End of 5.0 tests
6060
DROP TABLE IF EXISTS thread_status;
6161
DROP EVENT IF EXISTS event_status;
@@ -194,18 +194,16 @@ DROP TABLE t1;
194194
Variable_name Value
195195
Ssl_cipher DHE-RSA-AES256-SHA
196196
Variable_name Value
197-
Ssl_cipher EDH-RSA-DES-CBC3-SHA
197+
Ssl_cipher DHE-RSA-AES128-SHA
198198
Variable_name Value
199199
Ssl_cipher AES256-SHA
200-
Variable_name Value
201-
Ssl_cipher RC4-SHA
202200
select 'is still running; no cipher request crashed the server' as result from dual;
203201
result
204202
is still running; no cipher request crashed the server
205203
GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
206204
FLUSH PRIVILEGES;
207205
SHOW STATUS LIKE 'Ssl_cipher';
208206
Variable_name Value
209-
Ssl_cipher DHE-RSA-AES256-SHA
207+
Ssl_cipher SSL_CIPHER
210208
DROP USER bug42158@localhost;
211209
End of 5.1 tests

mysql-test/r/plugin_auth_sha256_tls.result

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
SHOW STATUS LIKE 'Ssl_cipher';
22
Variable_name Value
3-
Ssl_cipher DHE-RSA-AES256-SHA
3+
Ssl_cipher SSL_CIPHER
44
CREATE USER 'kristofer' IDENTIFIED WITH 'sha256_password';
55
SET GLOBAL old_passwords= 2;
66
SET SESSION old_passwords= 2;

mysql-test/r/ssl.result

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
SHOW STATUS LIKE 'Ssl_cipher';
22
Variable_name Value
3-
Ssl_cipher DHE-RSA-AES256-SHA
3+
Ssl_cipher SSL_CIPHER
44
SHOW STATUS LIKE 'Ssl_server_not_before';
55
Variable_name Value
66
Ssl_server_not_before Dec 5 04:48:40 2014 GMT
@@ -2162,7 +2162,7 @@ Warning 1052 Column 'kundentyp' in group statement is ambiguous
21622162
drop table t1;
21632163
SHOW STATUS LIKE 'Ssl_cipher';
21642164
Variable_name Value
2165-
Ssl_cipher DHE-RSA-AES256-SHA
2165+
Ssl_cipher SSL_CIPHER
21662166
#
21672167
# Bug#54790: Use of non-blocking mode for sockets limits performance
21682168
#

0 commit comments

Comments
 (0)