Backport patch from 8.0 to improve ssl errors.

commit 0548790b7b83837993f3e6f5c512006d1c4c9c0f
Author: Georgi Kodinov <georgi.kodinov@oracle.com>
Date:   Tue Aug 14 17:23:17 2018 +0200

    Bug #27855668: CONTRIBUTION BY FACEBOOK: FIX OPENSSL ERROR CODES

    A slightly modified version of the facebook contribution that still
    fixes the issue reported, but also does not remove the posibility to
    print the additional errors in the stack if DBUG is on.

diff --git a/mysql.spec b/mysql.spec
index 8d6c188b3c8a04c7aad4ad3504baa517a70d6e42..384ee637e9f7beb3255f1532a7bd323a1fd44a46 100644 (file)
--- a/mysql.spec
+++ b/mysql.spec
@@ -62,7 +62,7 @@ Source12:     %{name}-ndb-cpc.sysconfig
 Source13:      %{name}-client.conf
 Source14:      my.cnf
 Patch0:                %{name}-opt.patch
-
+Patch1:                ssl-errors.patch
 Patch2:                %{name}-protobuf.patch
 Patch3:                %{name}-5.7-sphinx.patch
 Patch4:                %{name}-sphinx.patch
@@ -467,7 +467,7 @@ Ten pakiet zawiera standardowego demona MySQL NDB CPC.
 %setup -q %{?with_sphinx:-a100} %{!?with_system_boost:-a101}
 
 %patch0 -p1
-
+%patch1 -p1
 %patch2 -p1
 %if %{with sphinx}
 # http://www.sphinxsearch.com/docs/manual-0.9.9.html#sphinxse-mysql51

diff --git a/ssl-errors.patch b/ssl-errors.patch
new file mode 100644 (file)
index 0000000..5034b82
--- /dev/null
+++ b/ssl-errors.patch
@@ -0,0 +1,45 @@
+diff -urp mysql-5.7.36.org/vio/viossl.c mysql-5.7.36/vio/viossl.c
+--- mysql-5.7.36.org/vio/viossl.c      2021-09-07 07:26:47.000000000 +0200
++++ mysql-5.7.36/vio/viossl.c  2021-11-29 10:34:20.106597290 +0100
+@@ -137,7 +137,7 @@ static my_bool ssl_should_retry(Vio *vio
+                                 enum enum_vio_io_event *event,
+                                 unsigned long *ssl_errno_holder)
+ {
+-  int ssl_error;
++  int ssl_error, err_error;
+   SSL *ssl= vio->ssl_arg;
+   my_bool should_retry= TRUE;
+ 
+@@ -148,12 +148,23 @@ static my_bool ssl_should_retry(Vio *vio
+   switch (ssl_error)
+   {
+   case SSL_ERROR_WANT_READ:
++    err_error = ssl_error;  // for backward compatibility.
+     *event= VIO_IO_EVENT_READ;
+     break;
+   case SSL_ERROR_WANT_WRITE:
++    err_error = ssl_error;  // for backward compatibility.
+     *event= VIO_IO_EVENT_WRITE;
+     break;
+   default:
++    /* first save the top ERR error */
++#ifdef HAVE_WOLFSSL
++    /* TODO: when wolfSSL issue 4240 is fixed (see bug 27855668) remove the
++     * "if" branch */
++    err_error = ssl_error;
++#else
++    err_error = ERR_get_error();
++#endif
++    /* now report all remaining errors on and/or clear the error stack */
+ #ifndef NDEBUG  /* Debug build */
+     /* Note: the OpenSSL error queue gets cleared in report_errors(). */
+     report_errors(ssl);
+@@ -166,7 +177,7 @@ static my_bool ssl_should_retry(Vio *vio
+     break;
+   }
+ 
+-  *ssl_errno_holder= ssl_error;
++  *ssl_errno_holder= err_error;
+ 
+   return should_retry;
+ }