openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Added mysql as starttls protocol. 

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3456)
This commit is contained in:
Keigo Tanaka 2017-05-13 09:50:49 +09:00 committed by Rich Salz
parent 5e44201bc5
commit a2d9cfbac5
2 changed files with 84 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
apps/s_client.c
View File

@ -754,6 +754,7 @@ typedef enum PROTOCOL_choice {
PROTO_XMPP_SERVER,
PROTO_CONNECT,
PROTO_IRC,
PROTO_MYSQL,
PROTO_POSTGRES,
PROTO_LMTP,
PROTO_NNTP,
@ -770,6 +771,7 @@ static const OPT_PAIR services[] = {
{"xmpp-server", PROTO_XMPP_SERVER},
{"telnet", PROTO_TELNET},
{"irc", PROTO_IRC},
{"mysql", PROTO_MYSQL},
{"postgres", PROTO_POSTGRES},
{"lmtp", PROTO_LMTP},
{"nntp", PROTO_NNTP},
@ -2257,6 +2259,87 @@ int s_client_main(int argc, char **argv)
}
}
break;
case PROTO_MYSQL:
{
/* SSL request packet */
static const unsigned char ssl_req[] = {
/* payload_length, sequence_id */
0x20, 0x00, 0x00, 0x01,
/* payload */
/* capability flags, CLIENT_SSL always set */
0x85, 0xae, 0x7f, 0x00,
/* max-packet size */
0x00, 0x00, 0x00, 0x01,
/* character set */
0x21,
/* string[23] reserved (all [0]) */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int bytes = 0;
int ssl_flg = 0x800;
int pos;
const unsigned char *packet = (const unsigned char *)sbuf;
/* Receiving Initial Handshake packet. */
bytes = BIO_read(sbio, (void *)packet, BUFSIZZ);
if (bytes < 0) {
BIO_printf(bio_err, "BIO_read failed\n");
goto shut;
/* Packet length[3], Packet number[1] + minimum payload[17] */
} else if (bytes < 21) {
BIO_printf(bio_err, "MySQL packet too short.\n");
goto shut;
} else if (bytes != (4 + packet[0] +
(packet[1] << 8) +
(packet[2] << 16))) {
BIO_printf(bio_err, "MySQL packet length does not match.\n");
goto shut;
/* protocol version[1] */
} else if (packet[4] != 0xA) {
BIO_printf(bio_err,
"Only MySQL protocol version 10 is supported.\n");
goto shut;
}
pos = 5;
/* server version[string+NULL] */
for (;;) {
if (pos >= bytes) {
BIO_printf(bio_err, "Cannot confirm server version. ");
goto shut;
} else if (packet[pos++] == '\0') {
break;
}
pos++;
}
/* make sure we have more 15 bytes left in the packet */
if (pos + 15 > bytes) {
BIO_printf(bio_err,
"MySQL server handshake packet is broken.\n");
goto shut;
}
pos += 12; /* skip over conn id[4] + SALT[8] */
if (packet[pos++] != '\0') { /* verify filler */
BIO_printf(bio_err,
"MySQL packet is broken.\n");
goto shut;
}
/* capability flags[2] */
if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) {
BIO_printf(bio_err, "MySQL server does not support SSL.\n");
goto shut;
}
/* Sending SSL Handshake packet. */
BIO_write(sbio, ssl_req, sizeof(ssl_req));
(void)BIO_flush(sbio);
}
break;
case PROTO_POSTGRES:
{
static const unsigned char ssl_request[] = {

2
doc/man1/s_client.pod
View File

@ -493,7 +493,7 @@ command for more information.
Send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server",
"irc", "postgres", "lmtp", "nntp", "sieve" and "ldap".
"irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap".
=item B<-xmpphost hostname>