FAQ
Pierre,
if you don't like the patch I have committed to openssl to fix the
problem you can revert it, but only if you can provide a better one.

The test case is ext/mysqli/tests/bug51647.phpt

You need to start the MySQL server with the following options :
ssl-ca=/path/to/cacert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

All files you can find here:
http://www.hristov.com/andrey/projects/php_stuff/certs/

The client certificates are already in the SVN repository.

Andrey

Search Discussions

  • Pierre Joye at Apr 23, 2010 at 3:01 pm
    Andrey,

    I'm not sure how and how much time I have to ask that but:

    Please post that in the bug report, with your patch and the reproduce way.

    But committing in the middle of a yet another huge patch for mysql is
    not the way to go. I don't like huge patches changing dozen of things
    at once. Feel free to do it in mysql if you feel like it but simply do
    not do it in openssl (or any other for that matters).This exact commit
    clearly shows the reasons.

    Johannes asked you to revert this commit, and it seems that you don't
    want to. So what should we do now? Fight to death or try to actually
    figure out what you are trying to fix and fix it in a way that we are
    100% (or 99%) that it won't break anything? I vote for the latter and
    I suggest you to do the same, and revert that commit as well as
    requested by Johannes and myself.

    Cheers,
    On Fri, Apr 23, 2010 at 4:53 PM, Andrey Hristov wrote:
    Pierre,
    if you don't like the patch I have committed to openssl to fix the problem
    you can revert it, but only if you can provide a better one.

    The test case is ext/mysqli/tests/bug51647.phpt

    You need to start the MySQL server with the following options :
    ssl-ca=/path/to/cacert.pem
    ssl-cert=/path/to/server-cert.pem
    ssl-key=/path/to/server-key.pem

    All files you can find here:
    http://www.hristov.com/andrey/projects/php_stuff/certs/

    The client certificates are already in the SVN repository.

    Andrey

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php


    --
    Pierre

    @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
  • Andrey Hristov at Apr 23, 2010 at 3:14 pm
    Pierre,
    Pierre Joye wrote:
    Andrey,

    I'm not sure how and how much time I have to ask that but:

    Please post that in the bug report, with your patch and the reproduce way.
    this is the first time you ask how to reproduce the problem in real
    life. The bug report has a description where the bug is, and why -
    because the same file is used for public and private key, however not
    every pem file has private key segment in it. Thus, the code is buggy, I
    can tell you that from just reading the code, a method also known as
    code review.
    But committing in the middle of a yet another huge patch for mysql is
    not the way to go. I don't like huge patches changing dozen of things
    at once. Feel free to do it in mysql if you feel like it but simply do
    not do it in openssl (or any other for that matters).This exact commit
    clearly shows the reasons.
    It was committed in the middle of another patch, which was a mysqlnd
    patch, because mysqlnd got a SSL fix, which needed support from the
    openssl extension, because it is responsible for the SSL streams. I
    don't break patches in parts when they need to be one thing.
    Johannes asked you to revert this commit, and it seems that you don't
    want to. So what should we do now? Fight to death or try to actually
    figure out what you are trying to fix and fix it in a way that we are
    100% (or 99%) that it won't break anything? I vote for the latter and
    I suggest you to do the same, and revert that commit as well as
    requested by Johannes and myself.
    Johannes hasn't asked me to revert the patch. You have already reverted
    the patch, right! For the bug report I have committed a patch, but this
    is completely new patch, which suits both the test case that I broke to
    segfault and mysqlnd. _If_ you have a better patch, then revert my
    latest patch, but only when you have a better patch. Otherwise, even
    possibly imperfect, my patch does the job and passes the relevant tests.
    Cheers,
    On Fri, Apr 23, 2010 at 4:53 PM, Andrey Hristov wrote:
    Pierre,
    if you don't like the patch I have committed to openssl to fix the problem
    you can revert it, but only if you can provide a better one.

    The test case is ext/mysqli/tests/bug51647.phpt

    You need to start the MySQL server with the following options :
    ssl-ca=/path/to/cacert.pem
    ssl-cert=/path/to/server-cert.pem
    ssl-key=/path/to/server-key.pem

    All files you can find here:
    http://www.hristov.com/andrey/projects/php_stuff/certs/

    The client certificates are already in the SVN repository.

    Andrey

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
    Andrey

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedApr 23, '10 at 2:53p
activeApr 23, '10 at 3:14p
posts3
users2
websitephp.net

2 users in discussion

Andrey Hristov: 2 posts Pierre Joye: 1 post

People

Translate

site design / logo © 2022 Grokbase