Add some SSL information to SHOW SLAVE STATUS

Summary: It's nice to know the actual negotiated cipher as well as the subject and issuer of the other end of replication. Test Plan: mtr Reviewers: santoshb Reviewed By: santoshb
facebook · Jan 5, 2016 · 0e3dfa8 · 0e3dfa8
1 parent 28f6e60
commit 0e3dfa8
Show file tree

Hide file tree

Showing 8 changed files with 47 additions and 6 deletions.
diff --git a/mysql-test/include/check-testcase.test b/mysql-test/include/check-testcase.test
@@ -79,10 +79,13 @@ if ($tmp)
   --echo Retrieved_Gtid_Set	#
   --echo Executed_Gtid_Set	#
   --echo Auto_Position	0
+  --echo Master_SSL_Actual_Cipher	#
+  --echo Master_SSL_Subject	#
+  --echo Master_SSL_Issuer	#
 }
 if (!$tmp) {
   # Note: after WL#5177, fields 13-18 shall not be filtered-out.
-  --replace_column 4 # 5 # 6 # 7 # 8 # 9 # 10 # 13 # 14 # 15 # 16 # 17 # 18 # 22 # 23 # 24 # 25 # 26 # 41 # 42 # 43 # 47 # 53 # 54 #
+  --replace_column 4 # 5 # 6 # 7 # 8 # 9 # 10 # 13 # 14 # 15 # 16 # 17 # 18 # 22 # 23 # 24 # 25 # 26 # 41 # 42 # 43 # 47 # 53 # 54 # 56 # 57 # 58 #
   query_vertical
   SHOW SLAVE STATUS;
 }

diff --git a/mysql-test/r/disabled_replication.result b/mysql-test/r/disabled_replication.result
@@ -1,5 +1,5 @@
 SHOW SLAVE STATUS;
-Slave_IO_State	Master_Host	Master_User	Master_Port	Connect_Retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_Do_DB	Replicate_Ignore_DB	Replicate_Do_Table	Replicate_Ignore_Table	Replicate_Wild_Do_Table	Replicate_Wild_Ignore_Table	Last_Errno	Last_Error	Skip_Counter	Exec_Master_Log_Pos	Relay_Log_Space	Until_Condition	Until_Log_File	Until_Log_Pos	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key	Seconds_Behind_Master	Lag_Peak_Over_Last_Period	Master_SSL_Verify_Server_Cert	Last_IO_Errno	Last_IO_Error	Last_SQL_Errno	Last_SQL_Error	Replicate_Ignore_Server_Ids	Master_Server_Id	Master_UUID	Master_Info_File	SQL_Delay	SQL_Remaining_Delay	Slave_SQL_Running_State	Master_Retry_Count	Master_Bind	Last_IO_Error_Timestamp	Last_SQL_Error_Timestamp	Master_SSL_Crl	Master_SSL_Crlpath	Retrieved_Gtid_Set	Executed_Gtid_Set	Auto_Position
+Slave_IO_State	Master_Host	Master_User	Master_Port	Connect_Retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_Do_DB	Replicate_Ignore_DB	Replicate_Do_Table	Replicate_Ignore_Table	Replicate_Wild_Do_Table	Replicate_Wild_Ignore_Table	Last_Errno	Last_Error	Skip_Counter	Exec_Master_Log_Pos	Relay_Log_Space	Until_Condition	Until_Log_File	Until_Log_Pos	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key	Seconds_Behind_Master	Lag_Peak_Over_Last_Period	Master_SSL_Verify_Server_Cert	Last_IO_Errno	Last_IO_Error	Last_SQL_Errno	Last_SQL_Error	Replicate_Ignore_Server_Ids	Master_Server_Id	Master_UUID	Master_Info_File	SQL_Delay	SQL_Remaining_Delay	Slave_SQL_Running_State	Master_Retry_Count	Master_Bind	Last_IO_Error_Timestamp	Last_SQL_Error_Timestamp	Master_SSL_Crl	Master_SSL_Crlpath	Retrieved_Gtid_Set	Executed_Gtid_Set	Auto_Position	Master_SSL_Actual_Cipher	Master_SSL_Subject	Master_SSL_Issuer
 RESET SLAVE;
 ERROR HY000: Slave is not configured or failed to initialize properly. You must at least set --server-id to enable either a master or a slave. Additional error messages can be found in the MySQL error log.
 SHOW RELAYLOG EVENTS;

diff --git a/mysql-test/suite/rpl/r/rpl_ssl.result b/mysql-test/suite/rpl/r/rpl_ssl.result
@@ -28,6 +28,9 @@ Master_SSL_CA_Path = ''
 Master_SSL_CA_File = 'MYSQL_TEST_DIR/std_data/cacert.pem'
 Master_SSL_Cert = 'MYSQL_TEST_DIR/std_data/client-cert.pem'
 Master_SSL_Key = 'MYSQL_TEST_DIR/std_data/client-key.pem'
+Master_SSL_Actual_Cipher = 'ECDHE-RSA-AES256-GCM-SHA384'
+Master_SSL_Subject = '/C=SE/ST=Uppsala/O=MySQL AB/CN=localhost'
+Master_SSL_Issuer = '/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB'
 include/check_slave_is_running.inc
 STOP SLAVE;
 select * from t1;
@@ -41,6 +44,9 @@ Master_SSL_CA_Path = ''
 Master_SSL_CA_File = 'MYSQL_TEST_DIR/std_data/cacert.pem'
 Master_SSL_Cert = 'MYSQL_TEST_DIR/std_data/client-cert.pem'
 Master_SSL_Key = 'MYSQL_TEST_DIR/std_data/client-key.pem'
+Master_SSL_Actual_Cipher = 'ECDHE-RSA-AES256-GCM-SHA384'
+Master_SSL_Subject = '/C=SE/ST=Uppsala/O=MySQL AB/CN=localhost'
+Master_SSL_Issuer = '/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB'
 include/check_slave_is_running.inc
 drop user replssl@localhost;
 drop table t1;

diff --git a/mysql-test/suite/rpl/t/rpl_ssl.test b/mysql-test/suite/rpl/t/rpl_ssl.test
@@ -31,7 +31,7 @@ select * from t1;
 
 # The slave is synced and waiting/reading from master
 # SHOW SLAVE STATUS will show "Waiting for master to send event"
-let $status_items= Master_SSL_Allowed, Master_SSL_CA_Path, Master_SSL_CA_File, Master_SSL_Cert, Master_SSL_Key;
+let $status_items= Master_SSL_Allowed, Master_SSL_CA_Path, Master_SSL_CA_File, Master_SSL_Cert, Master_SSL_Key, Master_SSL_Actual_Cipher, Master_SSL_Subject, Master_SSL_Issuer;
 source include/show_slave_status.inc;
 source include/check_slave_is_running.inc;
 

diff --git a/sql-common/client.c b/sql-common/client.c
@@ -2194,10 +2194,10 @@ const char * STDCALL
 mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
 {
   DBUG_ENTER("mysql_get_ssl_cipher");
-#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
+#if defined(HAVE_OPENSSL)
   if (mysql->net.vio && mysql->net.vio->ssl_arg)
     DBUG_RETURN(SSL_get_cipher_name((SSL*)mysql->net.vio->ssl_arg));
-#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
+#endif /* HAVE_OPENSSL */
   DBUG_RETURN(NULL);
 }
 
@@ -2250,7 +2250,7 @@ mysql_get_ssl_server_cerfificate_info(MYSQL *mysql __attribute__((unused)),
                                       size_t issuer_buflen __attribute__((unused)))
 {
   DBUG_ENTER("mysql_get_ssl_server_cerfificate_info");
-#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
+#if defined(HAVE_OPENSSL)
   SSL* ssl = (SSL*)mysql->net.vio->ssl_arg;
   X509 *cert = NULL;
 

diff --git a/sql/rpl_mi.cc b/sql/rpl_mi.cc
@@ -132,6 +132,9 @@ Master_info::Master_info(
   start_plugin_auth[0]= 0; start_plugin_dir[0]= 0;
   start_user[0]= 0;
   ignore_server_ids= new Server_ids(sizeof(::server_id));
+  ssl_actual_cipher[0] = 0;
+  ssl_master_issuer[0] = 0;
+  ssl_master_subject[0] = 0;
 }
 
 Master_info::~Master_info()

diff --git a/sql/rpl_mi.h b/sql/rpl_mi.h
@@ -246,6 +246,9 @@ friend class Rpl_info_factory;
   char ssl_cipher[FN_REFLEN], ssl_key[FN_REFLEN];
   char ssl_crl[FN_REFLEN], ssl_crlpath[FN_REFLEN];
   my_bool ssl_verify_server_cert;
+  char ssl_actual_cipher[FN_REFLEN],
+    ssl_master_issuer[FN_REFLEN],
+    ssl_master_subject[FN_REFLEN];
 
   MYSQL* mysql;
   uint32 file_id;				/* for 3.23 load data infile */

diff --git a/sql/rpl_slave.cc b/sql/rpl_slave.cc
@@ -3030,6 +3030,16 @@ bool show_slave_status(THD* thd, Master_info* mi)
   field_list.push_back(new Item_return_int("Auto_Position", sizeof(ulong),
                                            MYSQL_TYPE_LONG));
 
+  field_list.push_back(new Item_empty_string("Master_SSL_Actual_Cipher",
+                                             mi != NULL ?
+                                             sizeof(mi->ssl_actual_cipher) : 0));
+  field_list.push_back(new Item_empty_string("Master_SSL_Subject",
+                                             mi != NULL ?
+                                             sizeof(mi->ssl_master_subject) : 0));
+  field_list.push_back(new Item_empty_string("Master_SSL_Issuer",
+                                             mi != NULL ?
+                                             sizeof(mi->ssl_master_issuer) : 0));
+
   if (protocol->send_result_set_metadata(&field_list,
                             Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF))
   {
@@ -3278,6 +3288,10 @@ bool show_slave_status(THD* thd, Master_info* mi)
     protocol->store(sql_gtid_set_buffer, &my_charset_bin);
     // Auto_Position
     protocol->store(mi->is_auto_position() ? 1 : 0);
+    // ssl xxx
+    protocol->store(mi->ssl_actual_cipher, &my_charset_bin);
+    protocol->store(mi->ssl_master_issuer, &my_charset_bin);
+    protocol->store(mi->ssl_master_subject, &my_charset_bin);
 
     mysql_mutex_unlock(&mi->rli->err_lock);
     mysql_mutex_unlock(&mi->err_lock);
@@ -7636,6 +7650,18 @@ replication resumed in log '%s' at position %s", mi->get_user(),
     thd->set_active_vio(mysql->net.vio);
 #endif
   }
+  if (mysql_get_ssl_cipher(mysql)) {
+    strncpy(mi->ssl_actual_cipher,
+            mysql_get_ssl_cipher(mysql),
+            sizeof(mi->ssl_actual_cipher));
+    mi->ssl_actual_cipher[sizeof(mi->ssl_actual_cipher) - 1] = 0;
+
+    mysql_get_ssl_server_cerfificate_info(
+      mysql,
+      mi->ssl_master_issuer, sizeof(mi->ssl_master_issuer),
+      mi->ssl_master_subject, sizeof(mi->ssl_master_subject));
+  }
+
   mysql->reconnect= 1;
   DBUG_PRINT("exit",("slave_was_killed: %d", slave_was_killed));
   DBUG_RETURN(slave_was_killed);