MDEV-18531 : Use WolfSSL instead of YaSSL as "bundled" SSL/encryption library

- Add new submodule for WolfSSL - Build and use wolfssl and wolfcrypt instead of yassl/taocrypt - Use HAVE_WOLFSSL instead of HAVE_YASSL - Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc (sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)
author: Vladislav Vaintroub <wlad@mariadb.com> 2019-02-13 09:08:06 +0100
committer: Vladislav Vaintroub <wlad@mariadb.com> 2019-05-22 13:48:25 +0200
commit: 5e4b657dd44dce601c91bc77a41f6e382bc32000 (patch)
tree: e0c7442136ceb243768ed108db56051fd37a5762 /sql-common/client.c
parent: 31fe70290c54c44231aed881f5138924f32e47c5 (diff)
download: mariadb-git-5e4b657dd44dce601c91bc77a41f6e382bc32000.tar.gz
1 files changed, 9 insertions, 3 deletions
diff --git a/sql-common/client.c b/sql-common/client.c
index 8596d1cafee..00d3464167a 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1576,9 +1576,15 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
 
 #ifdef HAVE_X509_check_host
   ret_validation=
-   (X509_check_host(server_cert, server_hostname,
-       strlen(server_hostname), 0, 0) != 1) &&
-   (X509_check_ip_asc(server_cert, server_hostname, 0) != 1);
+    X509_check_host(server_cert, server_hostname,
+       strlen(server_hostname), 0, 0) != 1;
+#ifndef HAVE_WOLFSSL
+   if (ret_validation)
+   {
+     ret_validation=
+         X509_check_ip_asc(server_cert, server_hostname, 0) != 1;
+   }
+#endif
 #else
   subject= X509_get_subject_name(server_cert);
   cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
author	Vladislav Vaintroub <wlad@mariadb.com>	2019-02-13 09:08:06 +0100
committer	Vladislav Vaintroub <wlad@mariadb.com>	2019-05-22 13:48:25 +0200
commit	5e4b657dd44dce601c91bc77a41f6e382bc32000 (patch)
tree	e0c7442136ceb243768ed108db56051fd37a5762 /sql-common/client.c
parent	31fe70290c54c44231aed881f5138924f32e47c5 (diff)
download	mariadb-git-5e4b657dd44dce601c91bc77a41f6e382bc32000.tar.gz