diff options
| author | msvensson@neptunus.(none) <> | 2006-04-12 14:06:05 +0200 |
|---|---|---|
| committer | msvensson@neptunus.(none) <> | 2006-04-12 14:06:05 +0200 |
| commit | d66ac949113597de32590610eb32a81349779480 (patch) | |
| tree | c4f78e06173af1789c8434f8ca2cf0c00e2b887c /sql-common | |
| parent | e5712d8413d4ef76881f0bc100e2be26f3f83cf9 (diff) | |
| download | mariadb-git-d66ac949113597de32590610eb32a81349779480.tar.gz | |
Fix up patch
Diffstat (limited to 'sql-common')
| -rw-r--r-- | sql-common/client.c | 68 |
1 files changed, 1 insertions, 67 deletions
diff --git a/sql-common/client.c b/sql-common/client.c index da38d022c4d..b24b92014d6 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods= #endif }; -int ssl_verify_server_cert(Vio *vio, const char* server_host) -{ - SSL *ssl; - X509 *server_cert; - char *cp1, *cp2; - char buf[256]; - DBUG_ENTER("ssl_verify_server_cert"); - DBUG_PRINT("enter", ("server_host: %s", server_host)); - - if (!(ssl= (SSL*)vio->ssl_arg)) - { - DBUG_PRINT("error", ("No SSL pointer found")); - return 1; - } - - if (!server_host) - { - DBUG_PRINT("error", ("No server hostname supplied")); - return 1; - } - - if (!(server_cert= SSL_get_peer_certificate(ssl))) - { - DBUG_PRINT("error", ("Could not get server certificate")); - return 1; - } - - /* - We already know that the certificate exchanged was valid; the SSL library - handled that. Now we need to verify that the contents of the certificate - are what we expect. - */ - - X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf)); - X509_free (server_cert); - -// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing - - DBUG_PRINT("info", ("hostname in cert: %s", buf)); - cp1 = strstr(buf, "/CN="); - if (cp1) - { - cp1 += 4; // Skip the "/CN=" that we found - cp2 = strchr(cp1, '/'); - if (cp2) - *cp2 = '\0'; - DBUG_PRINT("info", ("Server hostname in cert: ", cp1)); - if (!strcmp(cp1, server_host)) - { - /* Success */ - DBUG_RETURN(0); - } - } - DBUG_PRINT("error", ("SSL certificate validation failure")); - DBUG_RETURN(1); -} - - MYSQL * CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, const char *passwd, const char *db, @@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, } DBUG_PRINT("info", ("IO layer change done!")); -#if 0 - /* Verify server cert */ - if (mysql->options.ssl_verify_cert && - ssl_verify_server_cert(mysql->net.vio, mysql->host)) - { - set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); - goto error; - } -#endif + /* TODO Verify server cert */ } #endif /* HAVE_OPENSSL */ |