diff options
| author | Venkata Sidagam <venkata.sidagam@oracle.com> | 2012-08-11 15:43:04 +0530 |
|---|---|---|
| committer | Venkata Sidagam <venkata.sidagam@oracle.com> | 2012-08-11 15:43:04 +0530 |
| commit | 18087b049eeadfc07f49b65fc227a6ebd5d12e10 (patch) | |
| tree | b8db84cd22c36854f251319b5e14f589288a04b5 /extra/yassl | |
| parent | 2f30b34095e286877cda7156ae9622a4154147bd (diff) | |
| download | mariadb-git-18087b049eeadfc07f49b65fc227a6ebd5d12e10.tar.gz | |
Bug #13115401: -SSL-KEY VALUE IS NOT VALIDATED AND IT ALLOWS INSECURE
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
Diffstat (limited to 'extra/yassl')
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 00a3b885f88..3b1fc43bc94 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -747,7 +747,7 @@ void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback vc) int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, const char* path) { - int ret = SSL_SUCCESS; + int ret = SSL_FAILURE; const int HALF_PATH = 128; if (file) ret = read_file(ctx, file, SSL_FILETYPE_PEM, CA); |