这是MySQL的bugs!具体请看官方链接:http://bugs.mysql.com/bug.php?id=68999
[18 Apr 15:06] Remi Collet
[18 Apr 15:07] Remi Collet
mysql-openssl.patch Attachment: mysql-openssl.patch (text/x-patch), 405 bytes.打补丁包! 进到源代码目录, patch -p1 < mysql-openssl.patch 即可
[26 Apr 10:49] Umesh Umesh
http://bugs.mysql.com/bug.php?id=69080 marked as duplicate of this one.
[24 May 10:58] Umesh Umesh
Hello Remi, Thank you for the report. Verified as described. // How to repeat [root@cluster1 mysqlcom-5.5.31]# openssl version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 [root@cluster1 mysqlcom-5.5.31]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.8 (Tikanga) [root@cluster1 mysqlcom-5.5.31]# uname -a Linux cluster1 2.6.32-100.26.2.el5 #1 SMP Tue Jan 18 20:11:49 EST 2011 x86_64 x86_64 x86_64 GNU/Linux [root@cluster1 mysqlcom-5.5.31]# cmake -DCMAKE_INSTALL_PREFIX=/root/server/mysqlcom-5.5.31 -DWITH_SSL=system [root@cluster1 mysqlcom-5.5.31]# make .. ... Scanning dependencies of target vio [ 63%] Building C object vio/CMakeFiles/vio.dir/vio.c.o [ 63%] Building C object vio/CMakeFiles/vio.dir/viosocket.c.o [ 63%] Building C object vio/CMakeFiles/vio.dir/viossl.c.o /root/setup/mysqlcom-5.5.31/vio/viossl.c: In function âssl_doâ: /root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: âSSL_OP_NO_COMPRESSIONâ undeclared (first use in this function) /root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: (Each undeclared identifier is reported only once /root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: for each function it appears in.) make[2]: *** [vio/CMakeFiles/vio.dir/viossl.c.o] Error 1 make[1]: *** [vio/CMakeFiles/vio.dir/all] Error 2 make: *** [all] Error 2
[24 May 11:50] Erlend Dahl
Bug #69080 mysql-5.5.31 not compatible with openssl-1.0.0 and lower was marked as a duplicate.
[8 Jun 0:07] Noel Butler
5.5.32 also suffers same fate, i'm amazed oracle had ignored this and the simple included patch that fixes this.
[13 Jun 10:40] Georgi Kodinov
This openssl version is rather old. openssl recommends that you should consider upgrading to a later one. Is there any obstacle with you upgrading to a recent version ? Alternatively you can just download the binaries from http://dev.mysql.com/downloads.
[13 Jun 10:44] Remi Collet
> Is there any obstacle with you upgrading to a recent version ? Enterprise Linux distribution provides backport for security fix. I don't think upgrade to a more recent version is even thinkable on RHEL, Oracle Linux or other clones.
[13 Jun 10:57] Georgi Kodinov
It's a bit unfortunate that there's no compile time way to check for the presence of that fix. Thanks for the explanations. It's a valid bug and needs to be fixed.
[28 Jun 14:39] Georgi Kodinov
I would really love if you can provide a way for us to recognize at compile time that this particular openssl version has been patched to include the fix (so I can safely #ifdef the fix that we did on our side). Any chance that you would consider adding a define specific to your backport of the fix in this version that we can use ? E.g. adding something like this : #define OPENSSL_RHEL_COMPRESSION_FIX 1 to openssl.h would work great.
[29 Jun 14:04] Remi Collet
@Georgi Kodinov sorry, I really don't understand the need. Feel free to open a request for change on RHEL, but... Why do you think you need this and don't simply #ifdef SSL_OP_NO_COMPRESSION
[29 Jun 15:33] Hartmut Holzgraefe
I don't understand why this can't be fixed by a simple #ifdef (as in the originally attached patch) either ...
[1 Jul 11:51] Georgi Kodinov
Remi, IMHO we need to be able to distinguish between an un-patched openssl 0.9.8e (that doesn't contain the fixes that you've backported to it) and your patched variant of the same library. Otherwise there will not be enough information to determine whether to do the fix for this ssl bug in the mysql code or not.
[29 Aug 14:21] Georgi Kodinov
Moving to "need feedback" based on the above question
[30 Sep 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
553
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
