diff options
author | Nirbhay Choubey <nirbhay@mariadb.com> | 2015-06-21 21:50:43 -0400 |
---|---|---|
committer | Nirbhay Choubey <nirbhay@mariadb.com> | 2015-06-21 21:50:43 -0400 |
commit | 327409443fa5631b98e65b0c1cce1cfb6e05f723 (patch) | |
tree | 1994e8151d071ee1228852544e67f38e14c8b16a /sql-common | |
parent | fc716dc5a5abd6997310256a1f846e39ea5bf312 (diff) | |
parent | 5a44e1a4024f1760021e5c6fd65773584d60513a (diff) | |
download | mariadb-git-327409443fa5631b98e65b0c1cce1cfb6e05f723.tar.gz |
Merge tag 'mariadb-5.5.44' into 5.5-galera
Diffstat (limited to 'sql-common')
-rw-r--r-- | sql-common/client.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/sql-common/client.c b/sql-common/client.c index ac372a437ba..01f73974f61 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1801,6 +1801,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) , mysql->options.ssl_ca= strdup_if_not_null(ca); mysql->options.ssl_capath= strdup_if_not_null(capath); mysql->options.ssl_cipher= strdup_if_not_null(cipher); + mysql->options.use_ssl= TRUE; #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */ DBUG_RETURN(0); } @@ -2491,13 +2492,10 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio, mysql->client_flag|= CLIENT_MULTI_RESULTS; #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) - if (mysql->options.ssl_key || mysql->options.ssl_cert || - mysql->options.ssl_ca || mysql->options.ssl_capath || - mysql->options.ssl_cipher) - mysql->options.use_ssl= 1; if (mysql->options.use_ssl) mysql->client_flag|= CLIENT_SSL; #endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY*/ + if (mpvio->db) mysql->client_flag|= CLIENT_CONNECT_WITH_DB; @@ -2526,6 +2524,23 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio, end= buff+5; } #ifdef HAVE_OPENSSL + + /* + If client uses ssl and client also has to verify the server + certificate, a ssl connection is required. + If the server does not support ssl, we abort the connection. + */ + if (mysql->options.use_ssl && + (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) && + !(mysql->server_capabilities & CLIENT_SSL)) + { + set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate, + ER(CR_SSL_CONNECTION_ERROR), + "SSL is required, but the server does not " + "support it"); + goto error; + } + if (mysql->client_flag & CLIENT_SSL) { /* Do the SSL layering. */ |