diff options
| author | Anirudh Mangipudi <anirudh.mangipudi@oracle.com> | 2014-01-08 18:31:42 +0530 |
|---|---|---|
| committer | Anirudh Mangipudi <anirudh.mangipudi@oracle.com> | 2014-01-08 18:31:42 +0530 |
| commit | 14be19518703542a6934c28536421d47ff08ec09 (patch) | |
| tree | 2892d634e2ed957b7deeb69d3deab151678972c5 /extra/yassl/taocrypt | |
| parent | 1ef8ed17f1b8547eed41f94edc73ca9b9c9dd2ea (diff) | |
| download | mariadb-git-14be19518703542a6934c28536421d47ff08ec09.tar.gz | |
Bug#16715064 MYSQL COMMUNITY UTILITIES CANNOT CONNECT TO MYSQL ENTERPRISE
WITH SSL ENABLED
Problem:
It was reported that MySQL community utilities cannot connect to a MySQL
Enterprise 5.6.x server with SSL configured. We can reproduce the issue
when we try to connect an MySQL Enterprise Server with a MySQL Client with
--ssl-ca parameter enabled.
We get an ERROR 2026 (HY000): SSL connection error: unknown error number.
Solution:
The root cause of the problem was determined to be the difference in handling
of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects
a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key)
has not been specified.On the other hand yaSSL doesn't send any certificate and
since OpenSSL does not expect this behaviour it returns an Unknown SSL error.
The issue was resolved by yaSSL adding capability to send blank certificate when
any of the parameter is missing.
Diffstat (limited to 'extra/yassl/taocrypt')
| -rw-r--r-- | extra/yassl/taocrypt/test/test.cpp | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/extra/yassl/taocrypt/test/test.cpp b/extra/yassl/taocrypt/test/test.cpp index 0643b79e51b..a7d5cb3e8af 100644 --- a/extra/yassl/taocrypt/test/test.cpp +++ b/extra/yassl/taocrypt/test/test.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1165,12 +1165,12 @@ int rsa_test() RSAES_Encryptor enc(priv); byte message[] = "Everyone gets Friday off."; const word32 len = (word32)strlen((char*)message); - byte cipher[64]; + byte cipher[512]; enc.Encrypt(message, len, cipher, rng); RSAES_Decryptor dec(priv); - byte plain[64]; - dec.Decrypt(cipher, sizeof(plain), plain, rng); + byte plain[512]; + dec.Decrypt(cipher, priv.FixedCiphertextLength(), plain, rng); if (memcmp(plain, message, len)) return -70; @@ -1242,11 +1242,11 @@ int dh_test() int dsa_test() { Source source; - FileSource("../certs/dsa512.der", source); + FileSource("../certs/dsa1024.der", source); if (source.size() == 0) { - FileSource("../../certs/dsa512.der", source); // for testsuite + FileSource("../../certs/dsa1024.der", source); // for testsuite if (source.size() == 0) { - FileSource("../../../certs/dsa512.der", source); // win32 Debug dir + FileSource("../../../certs/dsa1024.der", source); // win32 Debug dir if (source.size() == 0) err_sys("where's your certs dir?", -89); } |