Date: Thu, 29 Jan 2009 10:27:23 +0100 (CET) From: Dan Lukes <dan@obluda.cz> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/131112: [ PATCH ] Incompatible WITH_OPENSSL in databases/mysql5[01]-server Message-ID: <200901290927.n0T9RNJQ098357@kulesh.obluda.cz> Resent-Message-ID: <200901291010.n0TAA32t050603@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 131112
>Category: ports
>Synopsis: [ PATCH ] Incompatible WITH_OPENSSL in databases/mysql5[01]-server
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 29 10:10:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD 7.1-RELEASE-p2 i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 7.1-RELEASE-p2 i386
databases/mysql51-server/Makefile,v 1.242 2009/01/16 22:41:05 linimon
>Description:
Up to MySQL 5.0.x the know WITH_OPENSSL mean "compile with OpenSSL library".
There has been already bundled YASSL, but our port doesn allow to compile against it.
Starting with MySQL 5.1 server port, the WITH_OPENSSL mean "compile with bundled
YASSL library" and our port doesn't allow compiling against OpenSSL.
Unfortunatelly, the YASSL and OPENSSL SSLs are not interoperable. At least
in MASTER-SLAVE replication, the client compiled with YASSL can never connect to
server compiled with OpenSSL and vice versa.
It's known problem, such problem has been with 5.0 as well but nobody found
the reason for interoperability problem yet. The mixed OpenSSL/YASSL in one MySQL
domain is not recommended.
The change in the port, "only against OpenSSL" to "only against YASSL" create the
problem with interoperability between 50 and 51 port and broke easy upgrade
from 5.0 to 5.1
>How-To-Repeat:
Compile 5.0 and 5.1 server, both with WITH_OPENSSL. Configure 5.0 to be MASTER
and 5.1 to be slave (it's supported configuration - in the fact - it's mandatory step
in the process of replication cluster 5.0->5.1 upgrade). The slave will be unable
to connect. Recompile one of the server against other SSL library and problem disappear with
no change in configuration.
>Fix:
Allow us to compile 5.1 server using OpenSSL again. In the best case
- return the original meaning to WITH_OPENSSL knob and create another for YASSL.
--- databases/mysql51-server/Makefile.orig 2009-01-29 09:55:26.000000000 +0100
+++ databases/mysql51-server/Makefile 2009-01-29 10:08:01.000000000 +0100
@@ -42,8 +42,13 @@
.if defined(WITH_XCHARSET) && ${WITH_XCHARSET} != ""
CONFIGURE_ARGS+=--with-extra-charsets=${WITH_XCHARSET}
.endif
-.if defined(WITH_OPENSSL)
+.if defined(WITH_YASSL) && defined(WITH_OPENSSL)
+.error Cannot define both WITH_OPENSSL and WITH_YASSL simultaneously.
+.elif defined(WITH_YASSL)
CONFIGURE_ARGS+=--with-ssl=bundled
+.elif defined(WITH_OPENSSL)
+USE_OPENSSL= yes
+CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE}
.endif
.if defined(WITH_FAST_MUTEXES)
CONFIGURE_ARGS+=--with-fast-mutexes
@@ -114,7 +119,8 @@
@${ECHO} " WITH_CHARSET=charset Define the primary built-in charset (latin1)."
@${ECHO} " WITH_XCHARSET=list Define other built-in charsets (may be 'all')."
@${ECHO} " WITH_COLLATION=collate Define default collation (latin1_swedish_ci)."
- @${ECHO} " WITH_OPENSSL=yes Enable secure connections."
+ @${ECHO} " WITH_YASSL=yes Enable secure connections using bundled YASSL library"
+ @${ECHO} " WITH_OPENSSL=yes Enable secure connections using OpenSSL library."
@${ECHO} " WITH_LINUXTHREADS=yes Use the linuxthreads pthread library."
@${ECHO} " WITH_PROC_SCOPE_PTH=yes Use process scope threads"
@${ECHO} " (try it if you use libpthread)."
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901290927.n0T9RNJQ098357>