summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorgi Kodinov <Georgi.Kodinov@Oracle.com>2012-05-15 13:12:22 +0300
committerGeorgi Kodinov <Georgi.Kodinov@Oracle.com>2012-05-15 13:12:22 +0300
commitfcb033053d72502366f890c4652603c6cbc4fadb (patch)
tree6c572203086cf87f3225bdfb9a4c4ecfa39de1b3
parente72278fd423d98181d1c4da34e8369e7219b05f8 (diff)
downloadmariadb-git-fcb033053d72502366f890c4652603c6cbc4fadb.tar.gz
Bug #11761822: yassl rejects valid certificate which openssl accepts
Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this particular certificate. Added a test case with the certificate itself.
-rw-r--r--extra/yassl/taocrypt/src/asn.cpp4
-rw-r--r--vio/viosslfactories.c10
2 files changed, 10 insertions, 4 deletions
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index a502666d15b..5ec4cac1c44 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -758,6 +758,10 @@ void CertDecoder::GetName(NameType nt)
while (source_.get_index() < length) {
GetSet();
+ if (source_.GetError().What() == SET_E) {
+ source_.SetError(NO_ERROR_E); // extensions may only have sequence
+ source_.prev();
+ }
GetSequence();
byte b = source_.next();
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 3c0c2f3a7ec..945e288a799 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -201,7 +201,7 @@ static void check_ssl_init()
static struct st_VioSSLFd *
new_VioSSLFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
- const char *cipher, SSL_METHOD *method,
+ const char *cipher, my_bool is_client_method,
enum enum_ssl_init_error* error)
{
DH *dh;
@@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
DBUG_RETURN(0);
- if (!(ssl_fd->ssl_context= SSL_CTX_new(method)))
+ if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ?
+ TLSv1_client_method() :
+ TLSv1_server_method())))
{
*error= SSL_INITERR_MEMFAIL;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
@@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
verify= SSL_VERIFY_NONE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
- ca_path, cipher, TLSv1_client_method(), &dummy)))
+ ca_path, cipher, TRUE, &dummy)))
{
return 0;
}
@@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
- ca_path, cipher, TLSv1_server_method(), error)))
+ ca_path, cipher, FALSE, error)))
{
return 0;
}