Bug #29579 Clients using SSL can hang the server

  Q_REPLACE_REGEX, Q_REMOVE_FILE, Q_FILE_EXIST,

  Q_WRITE_FILE, Q_COPY_FILE, Q_PERL, Q_DIE, Q_EXIT, Q_SKIP,

  Q_CHMOD_FILE, Q_APPEND_FILE, Q_CAT_FILE, Q_DIFF_FILES,

  Q_SEND_QUIT,

  Q_UNKNOWN,			       /* Unknown command.   */

  Q_COMMENT,			       /* Comments, ignored. */

  "append_file",

  "cat_file",

  "diff_files",

  "send_quit",

  0

};

  DBUG_VOID_RETURN;

}

  /*

    SYNOPSIS

    do_send_quit

    command	called command

    DESCRIPTION

    Sends a simple quit command to the server for the named connection.

  */

void do_send_quit(struct st_command *command)

{

  char *p= command->first_argument, *name;

  struct st_connection *con;

  DBUG_ENTER("do_send_quit");

  DBUG_PRINT("enter",("name: '%s'",p));

  if (!*p)

    die("Missing connection name in do_send_quit");

  name= p;

  while (*p && !my_isspace(charset_info,*p))

    p++;

  if (*p)

    *p++= 0;

  command->last_argument= p;

  /* Loop through connection pool for connection to close */

  for (con= connections; con < next_con; con++)

  {

    DBUG_PRINT("info", ("con->name: %s", con->name));

    if (!strcmp(con->name, name))

    {

      simple_command(&con->mysql,COM_QUIT,NullS,0,1);

      DBUG_VOID_RETURN;

    }

  }

  die("connection '%s' not found in connection pool", name);

}

/*

  SYNOPSIS

  do_perl

      my_free(con->name, MYF(0));

      /*

        When the connection is closed set name to "closed_connection"

        When the connection is closed set name to "-closed_connection-"

        to make it possible to reuse the connection name.

        The connection slot will not be reused

      */

      if (!(con->name = my_strdup("closed_connection", MYF(MY_WME))))

      if (!(con->name = my_strdup("-closed_connection-", MYF(MY_WME))))

        die("Out of memory");

      DBUG_VOID_RETURN;

  int con_port= opt_port;

  char *con_options;

  bool con_ssl= 0, con_compress= 0;

  struct st_connection* con_slot;

  static DYNAMIC_STRING ds_connection_name;

  static DYNAMIC_STRING ds_host;

    con_options= end;

  }

  if (find_connection_by_name(ds_connection_name.str))

    die("Connection %s already exists", ds_connection_name.str);

  if (!(con_slot= find_connection_by_name("-closed_connection-")))

  {

    if (next_con == connections_end)

      die("Connection limit exhausted, you can have max %d connections",

          (int) (sizeof(connections)/sizeof(struct st_connection)));

  if (find_connection_by_name(ds_connection_name.str))

    die("Connection %s already exists", ds_connection_name.str);

    con_slot= next_con;

  }

  if (!mysql_init(&next_con->mysql))

  if (!mysql_init(&con_slot->mysql))

    die("Failed on mysql_init()");

  if (opt_compress || con_compress)

    mysql_options(&next_con->mysql, MYSQL_OPT_COMPRESS, NullS);

  mysql_options(&next_con->mysql, MYSQL_OPT_LOCAL_INFILE, 0);

  mysql_options(&next_con->mysql, MYSQL_SET_CHARSET_NAME,

    mysql_options(&con_slot->mysql, MYSQL_OPT_COMPRESS, NullS);

  mysql_options(&con_slot->mysql, MYSQL_OPT_LOCAL_INFILE, 0);

  mysql_options(&con_slot->mysql, MYSQL_SET_CHARSET_NAME,

                charset_info->csname);

  if (opt_charsets_dir)

    mysql_options(&cur_con->mysql, MYSQL_SET_CHARSET_DIR,

#ifdef HAVE_OPENSSL

  if (opt_use_ssl || con_ssl)

  {

    mysql_ssl_set(&next_con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,

    mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,

		  opt_ssl_capath, opt_ssl_cipher);

#if MYSQL_VERSION_ID >= 50000

    /* Turn on ssl_verify_server_cert only if host is "localhost" */

    opt_ssl_verify_server_cert= !strcmp(ds_host.str, "localhost");

    mysql_options(&next_con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,

    mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT,

                  &opt_ssl_verify_server_cert);

#endif

  }

  if (ds_database.length && !strcmp(ds_database.str,"*NO-ONE*"))

    dynstr_set(&ds_database, "");

  if (connect_n_handle_errors(command, &next_con->mysql,

  if (connect_n_handle_errors(command, &con_slot->mysql,

                              ds_host.str,ds_user.str,

                              ds_password.str, ds_database.str,

                              con_port, ds_sock.str))

  {

    DBUG_PRINT("info", ("Inserting connection %s in connection pool",

                        ds_connection_name.str));

    if (!(next_con->name= my_strdup(ds_connection_name.str, MYF(MY_WME))))

    if (!(con_slot->name= my_strdup(ds_connection_name.str, MYF(MY_WME))))

      die("Out of memory");

    cur_con= next_con++;

    cur_con= con_slot;

    if (con_slot == next_con)

      next_con++; /* if we used the next_con slot, advance the pointer */

  }

  dynstr_free(&ds_connection_name);

      case Q_WRITE_FILE: do_write_file(command); break;

      case Q_APPEND_FILE: do_append_file(command); break;

      case Q_DIFF_FILES: do_diff_files(command); break;

      case Q_SEND_QUIT: do_send_quit(command); break;

      case Q_CAT_FILE: do_cat_file(command); break;

      case Q_COPY_FILE: do_copy_file(command); break;

      case Q_CHMOD_FILE: do_chmod_file(command); break;

int  SSL_set_rfd(SSL*, int);

int  SSL_set_wfd(SSL*, int);

void SSL_set_shutdown(SSL*, int);

void SSL_set_quiet_shutdown(SSL *ssl,int mode);

int SSL_get_quiet_shutdown(SSL *ssl);

int SSL_want_read(SSL*);

int SSL_want_write(SSL*);

    Socket              socket_;                // socket wrapper

    Buffers             buffers_;               // buffered handshakes and data

    Log                 log_;                   // logger

    bool                quietShutdown_;

    // optimization variables

    bool                has_data_;              // buffered data ready?

    Buffers&   useBuffers();

    bool       HasData() const;

    bool       GetQuietShutdown() const;

    // sets

    void set_pending(Cipher suite);

    void SetError(YasslError);

    int  SetCompression();

    void UnSetCompression();

    void SetQuietShutdown(bool mode);

    // helpers

    bool isTLS() const;

int SSL_shutdown(SSL* ssl)

{

    if (!ssl->GetQuietShutdown()) {

      Alert alert(warning, close_notify);

      sendAlert(*ssl, alert);

    }

    ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);

    GetErrors().Remove();

}

void SSL_set_quiet_shutdown(SSL *ssl,int mode)

{

    ssl->SetQuietShutdown(mode != 0);

}

int SSL_get_quiet_shutdown(SSL *ssl)

{

    return ssl->GetQuietShutdown();

}

/* on by default but allow user to turn off */

long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)

{

SSL::SSL(SSL_CTX* ctx) 

    : secure_(ctx->getMethod()->getVersion(), crypto_.use_random(),

              ctx->getMethod()->getSide(), ctx->GetCiphers(), ctx,

              ctx->GetDH_Parms().set_), has_data_(false)

              ctx->GetDH_Parms().set_), has_data_(false), quietShutdown_(false)

{

    if (int err = crypto_.get_random().GetError()) {

        SetError(YasslError(err));

    // TODO: add string here

}

// set the quiet shutdown mode (close_nofiy not sent or received on shutdown)

void SSL::SetQuietShutdown(bool mode)

{

  quietShutdown_ = mode;

}

Buffers& SSL::useBuffers()

{

}

bool SSL::GetQuietShutdown() const

{

    return quietShutdown_;

}

bool SSL::GetMultiProtocol() const

{

    return secure_.GetContext()->getMethod()->multipleProtocol();