1st commit on SSL client side

.gitignore

@@ -113,6 +113,8 @@ deps/pcre/pcre/
 deps/curl/curl/
 deps/curl/curl-7.57.0/
 
+deps/libev/libev-4.24/
+
 #protobuf
 deps/protobuf/protobuf-2.6.1/
 

lib/MySQL_Session.cpp

@@ -3141,7 +3141,11 @@ void MySQL_Session::handler___status_CONNECTING_CLIENT___STATE_SERVER_HANDSHAKE(
 			//(default_hostgroup>=0 && session_type == PROXYSQL_SESSION_MYSQL)
 			(default_hostgroup>=0 && ( session_type == PROXYSQL_SESSION_MYSQL || session_type == PROXYSQL_SESSION_SQLITE ) )
 			||
-			strncmp(client_myds->myconn->userinfo->username,mysql_thread___monitor_username,strlen(mysql_thread___monitor_username))==0 
+			(
+				client_myds->encrypted==false
+				&&
+				strncmp(client_myds->myconn->userinfo->username,mysql_thread___monitor_username,strlen(mysql_thread___monitor_username))==0
+			)
 		) // Do not delete this line. See bug #492
 	)	{
 		if (session_type == PROXYSQL_SESSION_ADMIN) {
@@ -3304,12 +3308,14 @@ void MySQL_Session::handler___status_CONNECTING_CLIENT___STATE_SERVER_HANDSHAKE(
 		} else {
 			client_addr = strdup((char *)"");
 		}
+		if (client_myds->encrypted == false) {
 		char *_s=(char *)malloc(strlen(client_myds->myconn->userinfo->username)+100+strlen(client_addr));
 		sprintf(_s,"ProxySQL Error: Access denied for user '%s'@'%s' (using password: %s)", client_myds->myconn->userinfo->username, client_addr, (client_myds->myconn->userinfo->password ? "YES" : "NO"));
 		client_myds->myprot.generate_pkt_ERR(true,NULL,NULL,2,1045,(char *)"28000", _s);
 		__sync_add_and_fetch(&MyHGM->status.client_connections_aborted,1);
 		free(_s);
 		client_myds->DSS=STATE_SLEEP;
+		}
 	}
 }
 

lib/MySQL_Thread.cpp

@@ -1752,10 +1752,12 @@ bool MySQL_Threads_Handler::set_variable(char *name, char *value) {	// this is t
 		int intv=atoi(value);
 		if (intv > 10 && intv <= 65535) {
 			variables.server_capabilities=intv;
-			if (variables.server_capabilities & CLIENT_SSL) {
+//			if (variables.server_capabilities & CLIENT_SSL) {
 				// for now disable CLIENT_SSL
-				variables.server_capabilities &= ~CLIENT_SSL;
-			}
+//				variables.server_capabilities &= ~CLIENT_SSL;
+//			}
+			variables.server_capabilities |= CLIENT_SSL;
+			
 			return true;
 		} else {
 			return false;

src/main.cpp

@@ -17,11 +17,14 @@
 #include <libdaemon/dexec.h>
 #include "ev.h"
 
+
 // MariaDB client library redefines dlerror(), see https://mariadb.atlassian.net/browse/CONC-101
 #ifdef dlerror
 #undef dlerror
 #endif
 
+static pthread_mutex_t *lockarray;
+#include <openssl/crypto.h>
 
 
 // this fuction will be called as a deatached thread
@@ -106,7 +109,33 @@ struct cpu_timer
 	unsigned long long begin;
 };
 
-/*
+
+static void lock_callback(int mode, int type, const char *file, int line) { 
+	(void)file;
+	(void)line;
+	if(mode & CRYPTO_LOCK) {
+		pthread_mutex_lock(&(lockarray[type]));
+	} else {
+		pthread_mutex_unlock(&(lockarray[type]));
+	}
+}
+
+static unsigned long thread_id(void) {
+	unsigned long ret;
+	ret = (unsigned long)pthread_self();
+	return ret;
+}
+
+static void init_locks(void) {
+	int i;
+	lockarray = (pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+	for(i = 0; i<CRYPTO_num_locks(); i++) {
+		pthread_mutex_init(&(lockarray[i]), NULL);
+	}
+	CRYPTO_set_id_callback((unsigned long (*)())thread_id);
+	CRYPTO_set_locking_callback((void (*)(int, int, const char *, int))lock_callback);
+}
+
 void ProxySQL_Main_init_SSL_module() {
 	SSL_library_init();
 	SSL_METHOD *ssl_method;
@@ -131,8 +160,9 @@ void ProxySQL_Main_init_SSL_module() {
 		fprintf(stderr, "Private key does not match the public certificate\n");
 		abort();
 	}
+	init_locks();
 }
-*/
+
 
 /*
 void example_listern() {
@@ -937,6 +967,13 @@ int main(int argc, const char * argv[]) {
 		std::cerr << "Main init global variables completed in ";
 #endif
 	}
+	{
+		cpu_timer t;
+		ProxySQL_Main_init_SSL_module();
+#ifdef DEBUG
+		std::cerr << "Main SSL init variables completed in ";
+#endif
+	}
 
 	if (GloVars.global.foreground==false) {
 		{