From f3e98745bd7b4fed004a8dbf74ec47c0ccf3942a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 7 Jul 2017 14:52:15 +0300 Subject: [PATCH 01/10] MXS-1313: Fix updating of server character sets The server character set is now updated every time a connection is created with mxs_mysql_real_connect. --- server/core/mysql_utils.c | 12 +++++++++++- server/modules/authenticator/MySQLAuth/dbusers.c | 5 ----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/server/core/mysql_utils.c b/server/core/mysql_utils.c index 901dd566f..4fb8deb33 100644 --- a/server/core/mysql_utils.c +++ b/server/core/mysql_utils.c @@ -166,7 +166,17 @@ MYSQL *mxs_mysql_real_connect(MYSQL *con, SERVER *server, const char *user, cons mysql_ssl_set(con, listener->ssl_key, listener->ssl_cert, listener->ssl_ca_cert, NULL, NULL); } - return mysql_real_connect(con, server->name, user, passwd, NULL, server->port, NULL, 0); + MYSQL* mysql = mysql_real_connect(con, server->name, user, passwd, NULL, server->port, NULL, 0); + + if (mysql) + { + /** Copy the server charset */ + MY_CHARSET_INFO cs_info; + mysql_get_character_set_info(mysql, &cs_info); + server->charset = cs_info.number; + } + + return mysql; } bool mxs_mysql_trim_quotes(char *s) diff --git a/server/modules/authenticator/MySQLAuth/dbusers.c b/server/modules/authenticator/MySQLAuth/dbusers.c index d8d07d6e2..ef72e31fc 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.c +++ b/server/modules/authenticator/MySQLAuth/dbusers.c @@ -517,11 +517,6 @@ static bool check_server_permissions(SERVICE *service, SERVER* server, return my_errno != ER_ACCESS_DENIED_ERROR; } - /** Copy the server charset */ - MY_CHARSET_INFO cs_info; - mysql_get_character_set_info(mysql, &cs_info); - server->charset = cs_info.number; - if (server->server_string == NULL) { const char *server_string = mysql_get_server_info(mysql); From 9c4711aac8b38c5476e0588d10b5d69093573a41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 7 Jul 2017 15:17:57 +0300 Subject: [PATCH 02/10] MXS-1311: Allow backtick quoted values for function rules The function rules can now take keywords as arguments if they are quoted by backticks. --- server/modules/filter/dbfwfilter/ruleparser.y | 1 + 1 file changed, 1 insertion(+) diff --git a/server/modules/filter/dbfwfilter/ruleparser.y b/server/modules/filter/dbfwfilter/ruleparser.y index 33ad53cfe..c00050ef0 100644 --- a/server/modules/filter/dbfwfilter/ruleparser.y +++ b/server/modules/filter/dbfwfilter/ruleparser.y @@ -131,6 +131,7 @@ functionlist: functionvalue: FWTOK_CMP {if (!define_function_rule(scanner, $1)){YYERROR;}} | FWTOK_STR {if (!define_function_rule(scanner, $1)){YYERROR;}} + | FWTOK_BTSTR {if (!define_function_rule(scanner, $1)){YYERROR;}} ; optional: From d47e32966f9af955e67d3a0ef0fd1cb02e851951 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 7 Jul 2017 15:41:10 +0300 Subject: [PATCH 03/10] MXS-1312: Make the permission rule the default type If a rule is defined with only an optional part, it should be of the permission type. This type is used to signal that the rule matches if the optional constraints are fulfilled. Due to refactoring, the default type was changed from RT_PERMISSION to RT_UNDEFINED. --- server/modules/filter/dbfwfilter/dbfwfilter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/modules/filter/dbfwfilter/dbfwfilter.c b/server/modules/filter/dbfwfilter/dbfwfilter.c index 343b590bc..8955aba64 100644 --- a/server/modules/filter/dbfwfilter/dbfwfilter.c +++ b/server/modules/filter/dbfwfilter/dbfwfilter.c @@ -1007,7 +1007,7 @@ bool create_rule(void* scanner, const char* name) if (ruledef && (ruledef->name = MXS_STRDUP(name))) { - ruledef->type = RT_UNDEFINED; + ruledef->type = RT_PERMISSION; ruledef->on_queries = QUERY_OP_UNDEFINED; ruledef->next = rstack->rule; ruledef->active = NULL; From 26f8f9d8697f95c754457e0680f5d510082770d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 7 Jul 2017 16:46:54 +0300 Subject: [PATCH 04/10] MXS-1311: Add tests for keywords as function parameters The dbfwfilter tests now test the function type rule with keywords as parameters. --- maxscale-system-test/fw2/deny4 | 2 ++ maxscale-system-test/fw2/pass4 | 1 + maxscale-system-test/fw2/rules4 | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/maxscale-system-test/fw2/deny4 b/maxscale-system-test/fw2/deny4 index f000fa062..6a9af9f10 100644 --- a/maxscale-system-test/fw2/deny4 +++ b/maxscale-system-test/fw2/deny4 @@ -8,3 +8,5 @@ select * from test.t1 where 1 >= 1; select * from test.t1 where 1 <= 1; select * from test.t1 where 1 != 1; select * from test.t1 where 1 <> 1; +select function(*) from test.t1; +select insert(*) from test.t1; diff --git a/maxscale-system-test/fw2/pass4 b/maxscale-system-test/fw2/pass4 index 5f597334b..6894c8432 100644 --- a/maxscale-system-test/fw2/pass4 +++ b/maxscale-system-test/fw2/pass4 @@ -3,3 +3,4 @@ create function my_function (arg int) returns int deterministic return arg * arg select "sum(1)"; select (1); select * from(select 1) as a; +insert into test.t1 values (1); diff --git a/maxscale-system-test/fw2/rules4 b/maxscale-system-test/fw2/rules4 index f428c7c9a..c104917f8 100644 --- a/maxscale-system-test/fw2/rules4 +++ b/maxscale-system-test/fw2/rules4 @@ -1,4 +1,5 @@ rule test1 deny function sum avg on_queries select rule test2 deny function my_function on_queries select rule test3 deny function = >= <= != <> on_queries select -users %@% match any rules test1 test2 test3 +rule test4 deny function `function` `insert` +users %@% match any rules test1 test2 test3 test4 From 01b611d895d3e238f7d383ae0eafcfa86b1324fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Fri, 7 Jul 2017 16:52:17 +0300 Subject: [PATCH 05/10] MXS-1312: Add tests for permission type rule The test checks that rules with only optional parts defined work. --- maxscale-system-test/fw2/deny5 | 1 + maxscale-system-test/fw2/pass5 | 1 + maxscale-system-test/fw2/rules5 | 2 ++ maxscale-system-test/fwf2.cpp | 2 +- 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 maxscale-system-test/fw2/deny5 create mode 100644 maxscale-system-test/fw2/pass5 create mode 100644 maxscale-system-test/fw2/rules5 diff --git a/maxscale-system-test/fw2/deny5 b/maxscale-system-test/fw2/deny5 new file mode 100644 index 000000000..ab290eb4c --- /dev/null +++ b/maxscale-system-test/fw2/deny5 @@ -0,0 +1 @@ +select 1; diff --git a/maxscale-system-test/fw2/pass5 b/maxscale-system-test/fw2/pass5 new file mode 100644 index 000000000..3bbec0fac --- /dev/null +++ b/maxscale-system-test/fw2/pass5 @@ -0,0 +1 @@ +create or replace table t1 (id int); diff --git a/maxscale-system-test/fw2/rules5 b/maxscale-system-test/fw2/rules5 new file mode 100644 index 000000000..9b3902fa8 --- /dev/null +++ b/maxscale-system-test/fw2/rules5 @@ -0,0 +1,2 @@ +rule no_selects deny on_queries select +users %@% match any rules no_selects diff --git a/maxscale-system-test/fwf2.cpp b/maxscale-system-test/fwf2.cpp index fdda24663..bd282d4a9 100644 --- a/maxscale-system-test/fwf2.cpp +++ b/maxscale-system-test/fwf2.cpp @@ -65,7 +65,7 @@ int main(int argc, char *argv[]) FILE* file; sprintf(rules_dir, "%s/fw2/", test_dir); - int N = 4; + int N = 5; int i; for (i = 1; i < N + 1; i++) From fd77b18c4901fbaffe15282fba98ff604875524a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Thu, 13 Jul 2017 12:30:24 +0300 Subject: [PATCH 06/10] Remove false debug assertion in avrorouter The asserted value can be false without it being an error. When a table is re-mapped to a different position, there is no guarantee that the previous value has not been reused by another table. --- server/modules/routing/avrorouter/avro_rbr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/server/modules/routing/avrorouter/avro_rbr.c b/server/modules/routing/avrorouter/avro_rbr.c index 88ef0ea5d..4ad688097 100644 --- a/server/modules/routing/avrorouter/avro_rbr.c +++ b/server/modules/routing/avrorouter/avro_rbr.c @@ -146,7 +146,6 @@ bool handle_table_map_event(AVRO_INSTANCE *router, REP_HEADER *hdr, uint8_t *ptr } else { - ss_dassert(router->active_maps[old->id % MAX_MAPPED_TABLES] == old); router->active_maps[old->id % MAX_MAPPED_TABLES] = NULL; table_map_remap(ptr, ev_len, old); router->active_maps[old->id % MAX_MAPPED_TABLES] = old; From 00f046da1b2e73efc717dac98d9870c4ac500eda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Thu, 13 Jul 2017 13:27:51 +0300 Subject: [PATCH 07/10] MXS-1316: Read the raw input in cdc_kafka_producer.py The input can be read as raw bytes since kafka expects the data to be of type bytes instead of str. --- server/modules/protocol/examples/cdc_kafka_producer.py | 1 + 1 file changed, 1 insertion(+) diff --git a/server/modules/protocol/examples/cdc_kafka_producer.py b/server/modules/protocol/examples/cdc_kafka_producer.py index 8197bc2cf..796e284aa 100755 --- a/server/modules/protocol/examples/cdc_kafka_producer.py +++ b/server/modules/protocol/examples/cdc_kafka_producer.py @@ -30,6 +30,7 @@ parser.add_argument("-T", "--kafka-topic", dest="kafka_topic", opts = parser.parse_args(sys.argv[1:]) producer = KafkaProducer(bootstrap_servers=[opts.kafka_broker]) +sys.stdin = sys.stdin.detach() while True: try: From 9752068444f38b2fff57d1f89069cf3f1ccaf7b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Tue, 18 Jul 2017 10:07:41 +0300 Subject: [PATCH 08/10] MXS-1318: Use certificate chains instead of individual files Using SSL_CTX_use_certificate_chain_file instead of SSL_CTX_use_certificate_file allows the use of certificate chains. This is the method that the OpenSSL documentation recommends: https://wiki.openssl.org/index.php/Manual%3ASSL_CTX_use_certificate%283%29 --- server/core/listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/core/listener.c b/server/core/listener.c index 6fdf71eff..0981d47be 100644 --- a/server/core/listener.c +++ b/server/core/listener.c @@ -299,7 +299,7 @@ listener_init_SSL(SSL_LISTENER *ssl_listener) if (ssl_listener->ssl_cert && ssl_listener->ssl_key) { /** Load the server certificate */ - if (SSL_CTX_use_certificate_file(ssl_listener->ctx, ssl_listener->ssl_cert, SSL_FILETYPE_PEM) <= 0) + if (SSL_CTX_use_certificate_chain_file(ssl_listener->ctx, ssl_listener->ssl_cert) <= 0) { MXS_ERROR("Failed to set server SSL certificate."); return -1; From 07a5cba2de34e1f8595ae9c5d869f5c57619e5bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Tue, 18 Jul 2017 11:21:33 +0300 Subject: [PATCH 09/10] MXS-1319: Set SQL_MODE for all internal connections When an internal connection is created, the SQL_MODE of the connection should be set to a known default. The empty SQL_MODE allows consistent functionality for all backend server versions. --- maxscale-system-test/CMakeLists.txt | 4 ++++ maxscale-system-test/mxs1319.cpp | 23 +++++++++++++++++++++++ server/core/mysql_utils.c | 5 +++++ 3 files changed, 32 insertions(+) create mode 100644 maxscale-system-test/mxs1319.cpp diff --git a/maxscale-system-test/CMakeLists.txt b/maxscale-system-test/CMakeLists.txt index 06620f9b8..22b142605 100644 --- a/maxscale-system-test/CMakeLists.txt +++ b/maxscale-system-test/CMakeLists.txt @@ -476,6 +476,10 @@ add_test_executable(mxs1045.cpp mxs1045 mxs1045 LABELS maxscale REPL_BACKEND) # https://jira.mariadb.org/browse/MXS-1123 add_test_executable(mxs1123.cpp mxs1123 mxs1123 LABELS maxscale REPL_BACKEND) +# MXS-1319: Maxscale selecting extra whitespace while loading users +# https://jira.mariadb.org/browse/MXS-1319 +add_test_executable(mxs1319.cpp mxs1319 replication LABELS MySQLAuth REPL_BACKEND) + # 'namedserverfilter' test add_test_executable(namedserverfilter.cpp namedserverfilter namedserverfilter LABELS namedserverfilter LIGHT REPL_BACKEND) diff --git a/maxscale-system-test/mxs1319.cpp b/maxscale-system-test/mxs1319.cpp new file mode 100644 index 000000000..04d3aeda5 --- /dev/null +++ b/maxscale-system-test/mxs1319.cpp @@ -0,0 +1,23 @@ +/** + * Check that SQL_MODE='PAD_CHAR_TO_FULL_LENGTH' doesn't break authentication + */ + +#include "testconnections.h" + +int main(int argc, char *argv[]) +{ + TestConnections test(argc, argv); + + test.tprintf("Changing SQL_MODE to PAD_CHAR_TO_FULL_LENGTH and restarting MaxScale"); + test.repl->connect(); + test.repl->execute_query_all_nodes("SET GLOBAL SQL_MODE='PAD_CHAR_TO_FULL_LENGTH'"); + test.restart_maxscale(); + + test.tprintf("Connecting to MaxScale and executing a query"); + test.connect_maxscale(); + test.try_query(test.conn_rwsplit, "SELECT 1"); + test.close_maxscale_connections(); + + test.repl->execute_query_all_nodes("SET GLOBAL SQL_MODE=DEFAULT"); + return test.global_result; +} diff --git a/server/core/mysql_utils.c b/server/core/mysql_utils.c index 4fb8deb33..05fb5d516 100644 --- a/server/core/mysql_utils.c +++ b/server/core/mysql_utils.c @@ -174,6 +174,11 @@ MYSQL *mxs_mysql_real_connect(MYSQL *con, SERVER *server, const char *user, cons MY_CHARSET_INFO cs_info; mysql_get_character_set_info(mysql, &cs_info); server->charset = cs_info.number; + + if (mysql_query(mysql, "SET SQL_MODE=''")) + { + MXS_ERROR("Failed to change SQL_MODE: %s", mysql_error(mysql)); + } } return mysql; From f76e4cd61dd30a59e2471d6e58dc3afca51d7d74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Sat, 22 Jul 2017 22:05:07 +0300 Subject: [PATCH 10/10] Fix GCC 7 and OpenSSL 1.1 build failures Fedora 26 and Debian 9 have both GCC 7 and OpenSSL 1.1. These fixes add support for the newer versions of these libraries. --- .../Getting-Started/Configuration-Guide.md | 9 ++- include/maxscale/ssl.h | 2 + include/maxscale/utils.h | 2 +- server/core/listener.c | 60 +++++++++++-------- server/core/server.c | 3 +- server/core/ssl.c | 12 ++-- server/modules/routing/binlogrouter/blr.h | 2 +- 7 files changed, 54 insertions(+), 36 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index 722e88068..c87bf1a56 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -1004,13 +1004,18 @@ SSL enabled listeners. #### `ssl_version` This parameter controls the level of encryption used. Accepted values are: + * TLSv10 * TLSv11 * TLSv12 * MAX -Not all backend servers will support TLSv11 or TLSv12. If available, TLSv12 -should be used. +The default is to use the highest level of encryption available. For OpenSSL 1.0 +and newer this is TLSv1.2. Older versions use TLSv1.0 as the default transport +layer encryption. + +**Note:** It is highly recommended to leave this parameter to the default value + of _MAX_. This will guarantee that the strongest available encryption is used. #### `ssl_cert_verification_depth` diff --git a/include/maxscale/ssl.h b/include/maxscale/ssl.h index dd629ad4d..f1d761982 100644 --- a/include/maxscale/ssl.h +++ b/include/maxscale/ssl.h @@ -31,7 +31,9 @@ struct dcb; typedef enum ssl_method_type { +#ifndef OPENSSL_1_1 SERVICE_TLS10, +#endif #ifdef OPENSSL_1_0 SERVICE_TLS11, SERVICE_TLS12, diff --git a/include/maxscale/utils.h b/include/maxscale/utils.h index cf22d1382..2b1188b86 100644 --- a/include/maxscale/utils.h +++ b/include/maxscale/utils.h @@ -24,7 +24,7 @@ MXS_BEGIN_DECLS -#define CALCLEN(i) ((size_t)(floor(log10(abs(i))) + 1)) +#define CALCLEN(i) ((size_t)(floor(log10(abs((int64_t)i))) + 1)) #define UINTLEN(i) (i<10 ? 1 : (i<100 ? 2 : (i<1000 ? 3 : CALCLEN(i)))) #define MXS_ARRAY_NELEMS(array) ((size_t)(sizeof(array)/sizeof(array[0]))) diff --git a/server/core/listener.c b/server/core/listener.c index 0981d47be..98322f8c0 100644 --- a/server/core/listener.c +++ b/server/core/listener.c @@ -168,10 +168,17 @@ void listener_free(SERV_LISTENER* listener) int listener_set_ssl_version(SSL_LISTENER *ssl_listener, char* version) { - if (strcasecmp(version, "TLSV10") == 0) + if (strcasecmp(version, "MAX") == 0) + { + ssl_listener->ssl_method_type = SERVICE_SSL_TLS_MAX; + } +#ifndef OPENSSL_1_1 + else if (strcasecmp(version, "TLSV10") == 0) { ssl_listener->ssl_method_type = SERVICE_TLS10; } +#else +#endif #ifdef OPENSSL_1_0 else if (strcasecmp(version, "TLSV11") == 0) { @@ -182,10 +189,6 @@ listener_set_ssl_version(SSL_LISTENER *ssl_listener, char* version) ssl_listener->ssl_method_type = SERVICE_TLS12; } #endif - else if (strcasecmp(version, "MAX") == 0) - { - ssl_listener->ssl_method_type = SERVICE_SSL_TLS_MAX; - } else { return -1; @@ -214,6 +217,20 @@ listener_set_certificates(SSL_LISTENER *ssl_listener, char* cert, char* key, cha ssl_listener->ssl_ca_cert = ca_cert ? MXS_STRDUP_A(ca_cert) : NULL; } +RSA* create_rsa(int bits) +{ +#ifdef OPENSSL_1_1 + BIGNUM* bn = BN_new(); + BN_set_word(bn, RSA_F4); + RSA* rsa = RSA_new(); + RSA_generate_key_ex(rsa, bits, NULL, NULL); + BN_free(bn); + return rsa; +#else + return RSA_generate_key(bits, RSA_F4, NULL, NULL); +#endif +} + /** * Initialize the listener's SSL context. This sets up the generated RSA * encryption keys, chooses the listener encryption level and configures the @@ -231,9 +248,11 @@ listener_init_SSL(SSL_LISTENER *ssl_listener) { switch (ssl_listener->ssl_method_type) { +#ifndef OPENSSL_1_1 case SERVICE_TLS10: ssl_listener->method = (SSL_METHOD*)TLSv1_method(); break; +#endif #ifdef OPENSSL_1_0 case SERVICE_TLS11: ssl_listener->method = (SSL_METHOD*)TLSv1_1_method(); @@ -272,29 +291,19 @@ listener_init_SSL(SSL_LISTENER *ssl_listener) SSL_CTX_set_options(ssl_listener->ctx, SSL_OP_NO_SSLv3); /** Generate the 512-bit and 1024-bit RSA keys */ - if (rsa_512 == NULL) + if (rsa_512 == NULL && (rsa_512 = create_rsa(512)) == NULL) { - rsa_512 = RSA_generate_key(512, RSA_F4, NULL, NULL); - if (rsa_512 == NULL) - { - MXS_ERROR("512-bit RSA key generation failed."); - return -1; - } + MXS_ERROR("512-bit RSA key generation failed."); + return -1; } - if (rsa_1024 == NULL) + if (rsa_1024 == NULL && (rsa_1024 = create_rsa(1024)) == NULL) { - rsa_1024 = RSA_generate_key(1024, RSA_F4, NULL, NULL); - if (rsa_1024 == NULL) - { - MXS_ERROR("1024-bit RSA key generation failed."); - return -1; - } + MXS_ERROR("1024-bit RSA key generation failed."); + return -1; } - if (rsa_512 != NULL && rsa_1024 != NULL) - { - SSL_CTX_set_tmp_rsa_callback(ssl_listener->ctx, tmp_rsa_callback); - } + ss_dassert(rsa_512 && rsa_1024); + SSL_CTX_set_tmp_rsa_callback(ssl_listener->ctx, tmp_rsa_callback); if (ssl_listener->ssl_cert && ssl_listener->ssl_key) { @@ -362,7 +371,7 @@ tmp_rsa_callback(SSL *s, int is_export, int keylength) else { /* generate on the fly, should not happen in this example */ - rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); + rsa_tmp = create_rsa(keylength); rsa_512 = rsa_tmp; /* Remember for later reuse */ } break; @@ -446,10 +455,11 @@ static bool create_listener_config(const SERV_LISTENER *listener, const char *fi switch (listener->ssl->ssl_method_type) { +#ifndef OPENSSL_1_1 case SERVICE_TLS10: version = "TLSV10"; break; - +#endif #ifdef OPENSSL_1_0 case SERVICE_TLS11: version = "TLSV11"; diff --git a/server/core/server.c b/server/core/server.c index d84575b5e..c4f92500b 100644 --- a/server/core/server.c +++ b/server/core/server.c @@ -1189,10 +1189,11 @@ static bool create_server_config(const SERVER *server, const char *filename) switch (server->server_ssl->ssl_method_type) { +#ifndef OPENSSL_1_1 case SERVICE_TLS10: version = "TLSV10"; break; - +#endif #ifdef OPENSSL_1_0 case SERVICE_TLS11: version = "TLSV11"; diff --git a/server/core/ssl.c b/server/core/ssl.c index 8f2b843bc..02c1f7385 100644 --- a/server/core/ssl.c +++ b/server/core/ssl.c @@ -196,20 +196,20 @@ const char* ssl_method_type_to_string(ssl_method_type_t method_type) { switch (method_type) { +#ifndef OPENSSL_1_1 case SERVICE_TLS10: - return "TLS10"; + return "TLSV10"; +#endif #ifdef OPENSSL_1_0 case SERVICE_TLS11: - return "TLS11"; + return "TLSV11"; case SERVICE_TLS12: - return "TLS12"; + return "TLSV12"; #endif case SERVICE_SSL_MAX: - return "SSL_MAX"; case SERVICE_TLS_MAX: - return "TLS_MAX"; case SERVICE_SSL_TLS_MAX: - return "SSL_TLS_MAX"; + return "MAX"; default: return "Unknown"; } diff --git a/server/modules/routing/binlogrouter/blr.h b/server/modules/routing/binlogrouter/blr.h index 57f7a3922..68962536d 100644 --- a/server/modules/routing/binlogrouter/blr.h +++ b/server/modules/routing/binlogrouter/blr.h @@ -207,7 +207,7 @@ enum blr_aes_mode #define BLR_MAX_BACKOFF 60 /* max size for error message returned to client */ -#define BINLOG_ERROR_MSG_LEN 385 +#define BINLOG_ERROR_MSG_LEN 700 /* network latency extra wait tme for heartbeat check */ #define BLR_NET_LATENCY_WAIT_TIME 1