Bug #30593 No cipher list returned for "SHOW STATUS LIKE 'Ssl_cipher_list'"
Submitted: 23 Aug 2007 12:52 Modified: 8 Oct 2007 14:08
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.0.48 OS:Any
Assigned to: Magnus Blåudd CPU Architecture:Any

[23 Aug 2007 12:52] Magnus Blåudd 
Description:
The query "SHOW STATUS LIKE 'Ssl_cipher_list'" should return a list of available ciphers if client is connected via SSL - but it does only return the empty list.

How to repeat:
-- source include/have_ssl.inc
connect (ssl_con,localhost,root,,,,,SSL);

SHOW STATUS LIKE 'Ssl_cipher_list'
Variable_name  Value
Ssl_cipher_list    

Should return something like:
SHOW STATUS LIKE 'Ssl_cipher_list';
Variable_name  Value
Ssl_cipher_list        DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:AES256-RMD:AES128-RMD:DES-CBC3-RMD:DHE-RSA-AES256-RMD:DHE-RSA-AES128-RMD:DHE-RSA-DES-CBC3-RMD:DHE-DSS-AES256-RMD:DHE-DSS-AES128-RMD:DHE-DSS-DES-CBC3-RMD:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA
SHOW STATUS LIKE 'Ssl_cipher';

Suggested fix:
===== sql_show.cc 1.353 vs edited =====
--- 1.353/sql/sql_show.cc       2007-07-28 14:01:43 +02:00
+++ edited/sql_show.cc  2007-08-23 14:51:37 +02:00
@@ -1739,7 +1739,7 @@ static bool show_status_array(THD *thd, 
           if (thd->net.vio->ssl_arg)
           {
             char *to= buff;
-            for (int i=0 ; i++ ;)
+            for (int i= 0; ; i++)
             {
               const char *p= SSL_get_cipher_list((SSL*) thd->net.vio->ssl_arg,i);
               if (p == NULL)

The "i" variable is 0 the first time the loop condition is evaluated and thus the for loop exits immediately.
[23 Aug 2007 13:17] Magnus Blåudd 
The problem does not exist in 5.1 where the functionality to show the cipher list has been moved to 'show_ssl_get_cipher_list'
[23 Aug 2007 18:25] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/32989

ChangeSet@1.2517, 2007-08-23 20:24:48+02:00, msvensson@pilot.(none) +1 -0
  Bug#30593 No cipher list returned for "SHOW STATUS LIKE 'Ssl_cipher_list'"
   - Move increment of "i" to "increment section" of for loop
   - Protect against writing after end of "buff"(backport from 5.1)
[4 Sep 2007 17:11] Bugs System 
Pushed into 5.1.23-beta
[4 Sep 2007 17:13] Bugs System 
Pushed into 5.0.50
[8 Oct 2007 14:08] Jon Stephens 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

Documented in 5.0.50 and 5.1.23 changelogs as:

      
          SHOW STATUS LIKE 'Ssl_cipher_list' from a
          MySQL client connected via SSL returned an empty string rather
          than a list of available ciphers. (Bug #30593)