Commit f40b6c27 authored by unknown's avatar unknown
Browse files

Merge salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20411 

into  salvation.intern.azundris.com:/home/tnurnberg/work/mysql-5.0-maint-20987
parents e0a6e183 cdd9147e

mysql-test/r/openssl_1.result

+6 −3
Original line number Diff line number Diff line
@@ -3,9 +3,12 @@ create table t1(f1 int); 
insert into t1 values (5);

grant select on test.* to ssl_user1@localhost require SSL;

grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";

grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";

grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";

grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";

grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";

grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";

flush privileges;

connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);

ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)

SHOW STATUS LIKE 'Ssl_cipher';

Variable_name	Value

Ssl_cipher	DHE-RSA-AES256-SHA
@@ -39,7 +42,7 @@ f1 
delete from t1;

ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1'

drop user ssl_user1@localhost, ssl_user2@localhost,

ssl_user3@localhost, ssl_user4@localhost;

ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;

drop table t1;

mysqltest: Could not open connection 'default': 2026 SSL connection error

mysqltest: Could not open connection 'default': 2026 SSL connection error

mysql-test/t/openssl_1.test

+7 −3
Original line number Diff line number Diff line
@@ -10,14 +10,18 @@ insert into t1 values (5); 


grant select on test.* to ssl_user1@localhost require SSL;

grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";

grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com";

grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/L=Uppsala/O=MySQL AB/CN=MySQL Client/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/L=Uppsala/O=MySQL AB/CN=Abstract MySQL Developer/emailAddress=abstract.mysql.developer@mysql.com";

grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";

grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";

grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";

flush privileges;



connect (con1,localhost,ssl_user1,,,,,SSL);

connect (con2,localhost,ssl_user2,,,,,SSL);

connect (con3,localhost,ssl_user3,,,,,SSL);

connect (con4,localhost,ssl_user4,,,,,SSL);

--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT

--error 1045

connect (con5,localhost,ssl_user5,,,,,SSL);



connection con1;

# Check ssl turned on
@@ -49,7 +53,7 @@ delete from t1; 


connection default;

drop user ssl_user1@localhost, ssl_user2@localhost,

ssl_user3@localhost, ssl_user4@localhost;

ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;



drop table t1;

sql/sql_acl.cc

+6 −3
Original line number Diff line number Diff line
@@ -874,6 +874,7 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, 
            sql_print_information("X509 issuer mismatch: should be '%s' "

			      "but is '%s'", acl_user->x509_issuer, ptr);

          free(ptr);

          user_access=NO_ACCESS;

          break;

        }

        user_access= acl_user->access;
@@ -889,10 +890,12 @@ int acl_getroot(THD *thd, USER_RESOURCES *mqh, 
        if (strcmp(acl_user->x509_subject,ptr))

        {

          if (global_system_variables.log_warnings)

            sql_print_information("X509 subject mismatch: '%s' vs '%s'",

            sql_print_information("X509 subject mismatch: should be '%s' but is '%s'",

                            acl_user->x509_subject, ptr);

          free(ptr);

          user_access=NO_ACCESS;

          break;

        }

        else

        user_access= acl_user->access;

        free(ptr);

      }