static int ma_tls_session_cb(SSL *ssl, SSL_SESSION *session)
{
MYSQL *mysql;
MA_SSL_SESSION *stored_session;
int i;
mysql= (MYSQL *)SSL_get_app_data(ssl);
/* check if we already stored session key */
if ((stored_session= ma_tls_get_session(mysql)))
{
SSL_SESSION_free(stored_session->session);
stored_session->session= session;
return 1;
}
for (i=0; i < ma_tls_session_cache_size; i++)
{
if (!ma_tls_sessions[i].session)
{
ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_tls_sessions[i].md4_hash);
ma_tls_sessions[i].session= session;
}
return 1;
}
return 0;
}
void *ma_tls_init(MYSQL *mysql)
{
SSL *ssl= NULL;
#ifdef HAVE_TLS_SESSION_CACHE
MA_SSL_SESSION *session= ma_tls_get_session(mysql);
#endif
pthread_mutex_lock(&LOCK_openssl_config);
if (ma_tls_set_certs(mysql))
{
goto error;
}
if (!(ssl= SSL_new(SSL_context)))
goto error;
if (!SSL_set_app_data(ssl, mysql))
goto error;
#ifdef HAVE_TLS_SESSION_CACHE
if (session)
SSL_set_session(ssl, session->session);
#endif
pthread_mutex_unlock(&LOCK_openssl_config);
return (void *)ssl;
error:
pthread_mutex_unlock(&LOCK_openssl_config);
if (ssl)
SSL_free(ssl);
return NULL;
}
void *ma_tls_init(MYSQL *mysql)
{
int verify;
SSL *ssl= NULL;
#ifdef HAVE_TLS_SESSION_CACHE
MA_SSL_SESSION *session= ma_tls_get_session(mysql);
#endif
pthread_mutex_lock(&LOCK_openssl_config);
if (ma_tls_set_certs(mysql))
{
goto error;
}
if (!(ssl= SSL_new(SSL_context)))
goto error;
if (!SSL_set_app_data(ssl, mysql))
goto error;
#ifdef HAVE_TLS_SESSION_CACHE
if (session)
SSL_set_session(ssl, session->session);
#endif
verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ?
SSL_VERIFY_NONE : SSL_VERIFY_PEER;
SSL_CTX_set_verify(SSL_context, verify, my_verify_callback);
SSL_CTX_set_verify_depth(SSL_context, 1);
pthread_mutex_unlock(&LOCK_openssl_config);
return (void *)ssl;
error:
pthread_mutex_unlock(&LOCK_openssl_config);
if (ssl)
SSL_free(ssl);
return NULL;
}
