Workarounds for recently-introduced SSL breakage, filed as upstream bugs
#24121, #24148, and #24157.

I believe the client.c fix is actually correct.

The viossl.c patch is just a crude reversion to the 5.0.22 approach to work
around brain death in close_connection().  I don't know the mysql code well
enough to venture changing the locking logic in close_connection(), though.

Also, change openssl_1 test to agree with the test certificate included in the
distribution.  And in viosslfactories.c, suppress ERR_print_errors_fp which
gives system-dependent error messages, since that breaks the openssl_1 test
(which has evidently only been tested with yassl, if at all).


diff -Naur mysql-5.0.33.orig/sql-common/client.c mysql-5.0.33/sql-common/client.c
--- mysql-5.0.33.orig/sql-common/client.c	2007-01-09 07:51:07.000000000 -0500
+++ mysql-5.0.33/sql-common/client.c	2007-02-09 12:36:17.000000000 -0500
@@ -3017,7 +3017,7 @@
     mysql->reconnect= *(my_bool *) arg;
     break;
   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-    if (!arg || test(*(uint*) arg))
+    if (!arg || test(*(my_bool*) arg))
       mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
     else
       mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
diff -Naur mysql-5.0.33.orig/vio/viossl.c mysql-5.0.33/vio/viossl.c
--- mysql-5.0.33.orig/vio/viossl.c	2007-01-09 07:51:50.000000000 -0500
+++ mysql-5.0.33/vio/viossl.c	2007-02-09 12:39:12.000000000 -0500
@@ -124,19 +124,10 @@
 
   if (ssl)
   {
-    switch ((r= SSL_shutdown(ssl)))
-    {
-    case 1: /* Shutdown successful */
-      break;
-    case 0: /* Shutdown not yet finished, call it again */
-      if ((r= SSL_shutdown(ssl) >= 0))
-        break;
-      /* Fallthrough */
-    default: /* Shutdown failed */
+    r = SSL_shutdown(ssl);
+    if (r < 0)
       DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d",
                                SSL_get_error(ssl, r)));
-      break;
-    }
     SSL_free(ssl);
     vio->ssl_arg= 0;
   }
diff -Naur mysql-5.0.33.orig/mysql-test/r/openssl_1.result mysql-5.0.33/mysql-test/r/openssl_1.result
--- mysql-5.0.33.orig/mysql-test/r/openssl_1.result	2007-01-09 08:09:32.000000000 -0500
+++ mysql-5.0.33/mysql-test/r/openssl_1.result	2007-02-09 12:36:17.000000000 -0500
@@ -3,8 +3,8 @@
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
 connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
diff -Naur mysql-5.0.33.orig/mysql-test/t/openssl_1.test mysql-5.0.33/mysql-test/t/openssl_1.test
--- mysql-5.0.33.orig/mysql-test/t/openssl_1.test	2007-01-09 08:09:28.000000000 -0500
+++ mysql-5.0.33/mysql-test/t/openssl_1.test	2007-02-09 12:36:17.000000000 -0500
@@ -10,8 +10,8 @@
 
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
 
diff -Naur mysql-5.0.33.orig/vio/viosslfactories.c mysql-5.0.33/vio/viosslfactories.c
--- mysql-5.0.33.orig/vio/viosslfactories.c	2007-01-09 07:51:28.000000000 -0500
+++ mysql-5.0.33/vio/viosslfactories.c	2007-02-09 12:37:26.000000000 -0500
@@ -87,7 +87,7 @@
     {
       DBUG_PRINT("error",("unable to get certificate from '%s'\n", cert_file));
       fprintf(stderr,"SSL error: ");
-      ERR_print_errors_fp(stderr);
+      DBUG_EXECUTE("error",ERR_print_errors_fp(stderr););
       fprintf(stderr,"Unable to get certificate from '%s'\n", cert_file);
       fflush(stderr);
       DBUG_RETURN(1);
@@ -100,7 +100,7 @@
     {
       DBUG_PRINT("error", ("unable to get private key from '%s'\n", key_file));
       fprintf(stderr,"SSL error: ");
-      ERR_print_errors_fp(stderr);
+      DBUG_EXECUTE("error",ERR_print_errors_fp(stderr););
       fprintf(stderr,"Unable to get private key from '%s'\n", key_file);
       fflush(stderr);
       DBUG_RETURN(1);