diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2014-11-19 18:54:02 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2014-11-19 18:54:02 +0100 |
| commit | d851d5e70cf7ce2c1aacdf2119d7ecaacc8835d2 (patch) | |
| tree | 988b9e19ff72ccc8a2342c1228c6b6f7bce27fcd | |
| parent | 8bc5eabea859c7411725ad8e4edc7b5b8464436a (diff) | |
| download | mariadb-git-d851d5e70cf7ce2c1aacdf2119d7ecaacc8835d2.tar.gz | |
MDEV-6975 Implement TLS protocol
followup:
* explicitly disable SSLv2 and SSLv3, keep other protocols enabled
* fix a compiler warning
* rename the test and combinations to avoid confusion
vio/viossl.c:
fix a compiler warning
| -rw-r--r-- | mysql-test/r/openssl_6975,tlsv10.result (renamed from mysql-test/r/openssl-poodle_6975,sslv3.result) | 0 | ||||
| -rw-r--r-- | mysql-test/r/openssl_6975,tlsv12.result (renamed from mysql-test/r/openssl-poodle_6975,tlsv12.result) | 0 | ||||
| -rw-r--r-- | mysql-test/t/openssl_6975.combinations (renamed from mysql-test/t/openssl-poodle_6975.combinations) | 2 | ||||
| -rw-r--r-- | mysql-test/t/openssl_6975.test (renamed from mysql-test/t/openssl-poodle_6975.test) | 0 | ||||
| -rw-r--r-- | vio/viossl.c | 2 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 2 |
6 files changed, 4 insertions, 2 deletions
diff --git a/mysql-test/r/openssl-poodle_6975,sslv3.result b/mysql-test/r/openssl_6975,tlsv10.result index 52d5978749e..52d5978749e 100644 --- a/mysql-test/r/openssl-poodle_6975,sslv3.result +++ b/mysql-test/r/openssl_6975,tlsv10.result diff --git a/mysql-test/r/openssl-poodle_6975,tlsv12.result b/mysql-test/r/openssl_6975,tlsv12.result index 033220427be..033220427be 100644 --- a/mysql-test/r/openssl-poodle_6975,tlsv12.result +++ b/mysql-test/r/openssl_6975,tlsv12.result diff --git a/mysql-test/t/openssl-poodle_6975.combinations b/mysql-test/t/openssl_6975.combinations index 3147de1cb63..17517b7d552 100644 --- a/mysql-test/t/openssl-poodle_6975.combinations +++ b/mysql-test/t/openssl_6975.combinations @@ -1,6 +1,6 @@ [tlsv12] loose-ssl-cipher=TLSv1.2 -[sslv3] +[tlsv10] loose-ssl-cipher=SSLv3 diff --git a/mysql-test/t/openssl-poodle_6975.test b/mysql-test/t/openssl_6975.test index bc6397c5c28..bc6397c5c28 100644 --- a/mysql-test/t/openssl-poodle_6975.test +++ b/mysql-test/t/openssl_6975.test diff --git a/vio/viossl.c b/vio/viossl.c index fd5dfc51f17..5181f496768 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -144,7 +144,7 @@ int vio_ssl_close(Vio *vio) break; default: /* Shutdown failed */ DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d", - SSL_get_error(ssl, r))); + (int)SSL_get_error(ssl, r))); break; } } diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index c64bba338a4..22645b18b1b 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -200,6 +200,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } + SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + /* Set the ciphers that can be used NOTE: SSL_CTX_set_cipher_list will return 0 if |