Merge branch 'mysql-5.7-cluster-7.5' into mysql-5.7-cluster-7.6

Change-Id: I7f2274ed00eaa72a3a08262c0c6118073dc01ab2

Author: zmur

cmake/ssl.cmake

@@ -92,6 +92,62 @@ MACRO(RESET_SSL_VARIABLES)
  UNSET(HAVE_SHA512_DIGEST_LENGTH CACHE)
 ENDMACRO()
 
+# Fetch OpenSSL version number.
+# OpenSSL < 3:
+# #define OPENSSL_VERSION_NUMBER 0x1000103fL
+# Encoded as MNNFFPPS: major minor fix patch status
+#
+# OpenSSL 3:
+# #define OPENSSL_VERSION_NUMBER
+# ( (OPENSSL_VERSION_MAJOR<<28)
+# |(OPENSSL_VERSION_MINOR<<20)
+# |(OPENSSL_VERSION_PATCH<<4)
+# |_OPENSSL_VERSION_PRE_RELEASE )
+MACRO(FIND_OPENSSL_VERSION)
+ FOREACH(version_part
+ OPENSSL_VERSION_MAJOR
+ OPENSSL_VERSION_MINOR
+ OPENSSL_VERSION_PATCH
+ )
+ FILE(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" ${version_part}
+ REGEX "^#[\t ]*define[\t ]+${version_part}[\t ]+([0-9]+).*")
+ STRING(REGEX REPLACE
+ "^.*${version_part}[\t ]+([0-9]+).*" "\\1"
+ ${version_part} "${${version_part}}")
+ ENDFOREACH()
+ IF(OPENSSL_VERSION_MAJOR VERSION_EQUAL 3)
+ # OpenSSL 3
+ SET(OPENSSL_MAJOR_VERSION "${OPENSSL_VERSION_MAJOR}")
+ SET(OPENSSL_MINOR_VERSION "${OPENSSL_VERSION_MINOR}")
+ SET(OPENSSL_FIX_VERSION "${OPENSSL_VERSION_PATCH}")
+ ELSE()
+ # Verify version number. Version information looks like:
+ # #define OPENSSL_VERSION_NUMBER 0x1000103fL
+ # Encoded as MNNFFPPS: major minor fix patch status
+ FILE(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h"
+ OPENSSL_VERSION_NUMBER
+ REGEX "^#[ ]*define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x[0-9].*"
+ )
+ STRING(REGEX REPLACE
+ "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9]).*$" "\\1"
+ OPENSSL_MAJOR_VERSION "${OPENSSL_VERSION_NUMBER}"
+ )
+ STRING(REGEX REPLACE
+ "^.*OPENSSL_VERSION_NUMBER[\t ]+0x[0-9]([0-9][0-9]).*$" "\\1"
+ OPENSSL_MINOR_VERSION "${OPENSSL_VERSION_NUMBER}"
+ )
+ STRING(REGEX REPLACE
+ "^.*OPENSSL_VERSION_NUMBER[\t ]+0x[0-9][0-9][0-9]([0-9][0-9]).*$" "\\1"
+ OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
+ )
+ ENDIF()
+ SET(OPENSSL_VERSION
+ "${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}"
+ )
+ SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "")
+ MESSAGE(STATUS "OPENSSL_VERSION (${WITH_SSL}) is ${OPENSSL_VERSION}")
+ENDMACRO(FIND_OPENSSL_VERSION)
+
 # MYSQL_CHECK_SSL
 #
 # Provides the following configure options:
@@ -194,30 +250,8 @@ MACRO (MYSQL_CHECK_SSL)
  ENDIF()
 
  IF(OPENSSL_INCLUDE_DIR)
- # Verify version number. Version information looks like:
- # #define OPENSSL_VERSION_NUMBER 0x1000103fL
- # Encoded as MNNFFPPS: major minor fix patch status
- FILE(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h"
- OPENSSL_VERSION_NUMBER
- REGEX "^#[ ]*define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x[0-9].*"
- )
- STRING(REGEX REPLACE
- "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9]).*$" "\\1"
- OPENSSL_MAJOR_VERSION "${OPENSSL_VERSION_NUMBER}"
- )
- STRING(REGEX REPLACE
- "^.*OPENSSL_VERSION_NUMBER[\t ]+0x[0-9]([0-9][0-9]).*$" "\\1"
- OPENSSL_MINOR_VERSION "${OPENSSL_VERSION_NUMBER}"
- )
- STRING(REGEX REPLACE
- "^.*OPENSSL_VERSION_NUMBER[\t ]+0x[0-9][0-9][0-9]([0-9][0-9]).*$" "\\1"
- OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
- )
+ FIND_OPENSSL_VERSION()
  ENDIF()
- SET(OPENSSL_VERSION
- "${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}"
- )
- SET(OPENSSL_VERSION ${OPENSSL_VERSION} CACHE INTERNAL "")
 
  IF("${OPENSSL_VERSION}" VERSION_GREATER "1.1.0")
  ADD_DEFINITIONS(-DHAVE_TLSv13)
@@ -229,7 +263,8 @@ MACRO (MYSQL_CHECK_SSL)
  IF(OPENSSL_INCLUDE_DIR AND
  OPENSSL_LIBRARY AND
  CRYPTO_LIBRARY AND
- OPENSSL_MAJOR_VERSION STREQUAL "1"
+ (OPENSSL_MAJOR_VERSION STREQUAL "1" OR
+ OPENSSL_MAJOR_VERSION STREQUAL "3")
  )
  SET(OPENSSL_FOUND TRUE)
  ELSE()
@@ -312,3 +347,16 @@ MACRO (MYSQL_CHECK_SSL)
  "Wrong option or path for WITH_SSL=${WITH_SSL}.")
  ENDIF()
 ENDMACRO()
+
+# Downgrade OpenSSL 3 deprecation warnings.
+MACRO(DOWNGRADE_OPENSSL3_DEPRECATION_WARNINGS)
+ IF(OPENSSL_MAJOR_VERSION VERSION_EQUAL 3)
+ IF(MY_COMPILER_IS_GNU_OR_CLANG)
+ ADD_COMPILE_FLAGS(${ARGV}
+ COMPILE_FLAGS "-Wno-error=deprecated-declarations")
+ ELSEIF(WIN32)
+ ADD_COMPILE_FLAGS(${ARGV}
+ COMPILE_FLAGS "/wd4996")
+ ENDIF()
+ ENDIF()
+ENDMACRO()

libmysql/CMakeLists.txt

@@ -197,6 +197,9 @@ SET(CLIENT_SOURCES
  ../sql/auth/sha2_password_common.cc
 )
 
+DOWNGRADE_OPENSSL3_DEPRECATION_WARNINGS(
+ ../sql-common/client_authentication.cc)
+
 IF (WIN32 AND OPENSSL_APPLINK_C)
  SET_SOURCE_FILES_PROPERTIES(
  ../sql-common/client_authentication.cc

mysql-test/include/openssl3_legacy_tls.cnf

@@ -0,0 +1,11 @@
+# Allow ciphers by default treated as unsecure in OpenSSL 3.0 to allow use of
+# legacy TLSv1.0 and TLSv1.1.
+# Configuration file should also work for OpenSSL 1.1.1 but will not work with
+# for example OpenSSL 1.0.
+openssl_conf = openssl_sect
+[ openssl_sect ]
+ssl_conf = ssl_sect
+[ssl_sect]
+system_default = system_default_sect
+[system_default_sect]
+CipherString = DEFAULT:@SECLEVEL=0

mysql-test/mysql-test-run.pl

@@ -3007,6 +3007,18 @@ sub environment_setup {
  my $pathsep= ":";
  $pathsep= ";" if IS_WINDOWS && ! IS_CYGWIN;
  $ENV{'PATH'}= "$ENV{'PATH'}".$pathsep.$perldir;
+
+ # ----------------------------------------------------
+ # openssl3 helper
+ # ----------------------------------------------------
+ # Provide path to openssl configuration file allowing old TLSv1.0 and TLSv1.1.
+ # In tests that need it add to test cnf-file:
+ #
+ # [ENV]
+ # OPENSSL_CONF=@env.OPENSSL3_LEGACY_TLS_CNF
+ #
+ $ENV{'OPENSSL3_LEGACY_TLS_CNF'}=
+ native_path(${glob_mysql_test_dir}."/include/openssl3_legacy_tls.cnf");
 }
 
 

mysql-test/suite/auth_sec/t/tls.cnf

@@ -0,0 +1,3 @@
+!include include/default_my.cnf
+[ENV]
+OPENSSL_CONF=@env.OPENSSL3_LEGACY_TLS_CNF

mysql-test/suite/auth_sec/t/tls12_tls1.cnf

@@ -0,0 +1,3 @@
+!include include/default_my.cnf
+[ENV]
+OPENSSL_CONF=@env.OPENSSL3_LEGACY_TLS_CNF

mysql-test/suite/rpl/t/rpl_ssl1.cnf

@@ -0,0 +1,3 @@
+!include ../my.cnf
+[ENV]
+OPENSSL_CONF=@env.OPENSSL3_LEGACY_TLS_CNF

mysql-test/t/ssl_deprecated_tls_versions.cnf

@@ -0,0 +1,3 @@
+!include include/default_my.cnf
+[ENV]
+OPENSSL_CONF=@env.OPENSSL3_LEGACY_TLS_CNF

mysys_ssl/CMakeLists.txt

@@ -31,6 +31,11 @@ IF(SSL_DEFINES)
 ADD_DEFINITIONS(${SSL_DEFINES})
 ENDIF()
 
+DOWNGRADE_OPENSSL3_DEPRECATION_WARNINGS(
+ crypt_genhash_impl.cc
+ my_md5.cc
+ my_sha1.cc)
+
 SET(MYSYS_AES_IMPLEMENTATION my_aes_openssl.cc)
 
 SET(MYSYS_SSL_SOURCES

rapid/plugin/group_replication/CMakeLists.txt

@@ -165,6 +165,8 @@ ADD_DEFINITIONS(${SSL_DEFINES})
 # add the definition to build XCom with SSL support
 ADD_DEFINITIONS(-DXCOM_HAVE_OPENSSL)
 
+DOWNGRADE_OPENSSL3_DEPRECATION_WARNINGS(
+ libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c)
 
 IF(WITH_UNIT_TESTS)
  ADD_CONVENIENCE_LIBRARY(gr_unit_test_resource