static int ma_tls_session_cb(SSL *ssl, SSL_SESSION *session) { MYSQL *mysql; MA_SSL_SESSION *stored_session; int i; mysql= (MYSQL *)SSL_get_app_data(ssl); /* check if we already stored session key */ if ((stored_session= ma_tls_get_session(mysql))) { SSL_SESSION_free(stored_session->session); stored_session->session= session; return 1; } for (i=0; i < ma_tls_session_cache_size; i++) { if (!ma_tls_sessions[i].session) { ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_tls_sessions[i].md4_hash); ma_tls_sessions[i].session= session; } return 1; } return 0; }
void *ma_tls_init(MYSQL *mysql) { SSL *ssl= NULL; #ifdef HAVE_TLS_SESSION_CACHE MA_SSL_SESSION *session= ma_tls_get_session(mysql); #endif pthread_mutex_lock(&LOCK_openssl_config); if (ma_tls_set_certs(mysql)) { goto error; } if (!(ssl= SSL_new(SSL_context))) goto error; if (!SSL_set_app_data(ssl, mysql)) goto error; #ifdef HAVE_TLS_SESSION_CACHE if (session) SSL_set_session(ssl, session->session); #endif pthread_mutex_unlock(&LOCK_openssl_config); return (void *)ssl; error: pthread_mutex_unlock(&LOCK_openssl_config); if (ssl) SSL_free(ssl); return NULL; }
void *ma_tls_init(MYSQL *mysql) { int verify; SSL *ssl= NULL; #ifdef HAVE_TLS_SESSION_CACHE MA_SSL_SESSION *session= ma_tls_get_session(mysql); #endif pthread_mutex_lock(&LOCK_openssl_config); if (ma_tls_set_certs(mysql)) { goto error; } if (!(ssl= SSL_new(SSL_context))) goto error; if (!SSL_set_app_data(ssl, mysql)) goto error; #ifdef HAVE_TLS_SESSION_CACHE if (session) SSL_set_session(ssl, session->session); #endif verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ? SSL_VERIFY_NONE : SSL_VERIFY_PEER; SSL_CTX_set_verify(SSL_context, verify, my_verify_callback); SSL_CTX_set_verify_depth(SSL_context, 1); pthread_mutex_unlock(&LOCK_openssl_config); return (void *)ssl; error: pthread_mutex_unlock(&LOCK_openssl_config); if (ssl) SSL_free(ssl); return NULL; }