Merge tag 'mariadb-10.0.20' into 10.0-FusionIO10.0-FusionIO

Conflicts:
	storage/innobase/os/os0file.cc
	storage/xtradb/os/os0file.cc
	storage/xtradb/srv/srv0start.cc

2 files changed, 33 insertions, 21 deletions

diff --git a/sql-common/client.c b/sql-common/client.c
index 20ccd73596c..acfdd8531e2 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1,5 +1,5 @@
-/* Copyright (c) 2003, 2013, Oracle and/or its affiliates.
-   Copyright (c) 2009, 2013, Monty Program Ab
+/* Copyright (c) 2003, 2014, Oracle and/or its affiliates.
+   Copyright (c) 2009, 2015, MariaDB
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1848,6 +1848,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
            mysql_options(mysql, MYSQL_OPT_SSL_CAPATH, capath) |
            mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher) ?
            1 : 0);
+  mysql->options.use_ssl= TRUE;
 #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
   DBUG_RETURN(result);
 }
@@ -1942,7 +1943,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
   SSL *ssl;
   X509 *server_cert;
   char *cp1, *cp2;
-  char buf[256];
+  char *buf;
   DBUG_ENTER("ssl_verify_server_cert");
   DBUG_PRINT("enter", ("server_hostname: %s", server_hostname));
 
@@ -1976,9 +1977,15 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
     are what we expect.
   */
 
-  X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
+  buf= X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0);
   X509_free (server_cert);
 
+  if (!buf)
+  {
+    *errptr= "Out of memory";
+    DBUG_RETURN(1);
+  }
+
   DBUG_PRINT("info", ("hostname in cert: %s", buf));
   cp1= strstr(buf, "/CN=");
   if (cp1)
@@ -1991,11 +1998,13 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
     DBUG_PRINT("info", ("Server hostname in cert: %s", cp1));
     if (!strcmp(cp1, server_hostname))
     {
+      free(buf);
       /* Success */
       DBUG_RETURN(0);
     }
   }
   *errptr= "SSL certificate validation failure";
+  free(buf);
   DBUG_RETURN(1);
 }
 
@@ -2644,16 +2653,10 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
     mysql->client_flag|= CLIENT_MULTI_RESULTS;
 
 #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
-  if (mysql->options.ssl_key || mysql->options.ssl_cert ||
-      mysql->options.ssl_ca || mysql->options.ssl_capath ||
-      mysql->options.ssl_cipher ||
-      (mysql->options.extension &&
-       (mysql->options.extension->ssl_crl ||
-        mysql->options.extension->ssl_crlpath)))
-    mysql->options.use_ssl= 1;
   if (mysql->options.use_ssl)
     mysql->client_flag|= CLIENT_SSL;
 #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY*/
+
   if (mpvio->db)
     mysql->client_flag|= CLIENT_CONNECT_WITH_DB;
 
@@ -2682,6 +2685,23 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
     end= buff+5;
   }
 #ifdef HAVE_OPENSSL
+
+  /*
+     If client uses ssl and client also has to verify the server
+     certificate, a ssl connection is required.
+     If the server does not support ssl, we abort the connection.
+  */
+  if (mysql->options.use_ssl &&
+      (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
+      !(mysql->server_capabilities & CLIENT_SSL))
+  {
+    set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
+                             ER(CR_SSL_CONNECTION_ERROR),
+                             "SSL is required, but the server does not "
+                             "support it");
+    goto error;
+  }
+
   if (mysql->client_flag & CLIENT_SSL)
   {
     /* Do the SSL layering. */
diff --git a/sql-common/my_time.c b/sql-common/my_time.c
index 6a011df795a..28757a2c96c 100644
--- a/sql-common/my_time.c
+++ b/sql-common/my_time.c
@@ -1314,16 +1314,8 @@ int number_to_time(my_bool neg, ulonglong nr, ulong sec_part,
                    MYSQL_TIME *ltime, int *was_cut)
 {
   if (nr > 9999999 && nr < 99991231235959ULL && neg == 0)
-  {
-    if (number_to_datetime(nr, sec_part, ltime,
-                           TIME_INVALID_DATES, was_cut) < 0)
-      return -1;
-
-    ltime->year= ltime->month= ltime->day= 0;
-    ltime->time_type= MYSQL_TIMESTAMP_TIME;
-    *was_cut= MYSQL_TIME_NOTE_TRUNCATED;
-    return 0;
-  }
+    return number_to_datetime(nr, sec_part, ltime,
+                              TIME_INVALID_DATES, was_cut) < 0 ? -1 : 0;
 
   *was_cut= 0;
   ltime->year= ltime->month= ltime->day= 0;