summaryrefslogtreecommitdiff
path: root/sql-common
diff options
context:
space:
mode:
authorNirbhay Choubey <nirbhay@mariadb.com>2015-06-21 21:50:43 -0400
committerNirbhay Choubey <nirbhay@mariadb.com>2015-06-21 21:50:43 -0400
commit327409443fa5631b98e65b0c1cce1cfb6e05f723 (patch)
tree1994e8151d071ee1228852544e67f38e14c8b16a /sql-common
parentfc716dc5a5abd6997310256a1f846e39ea5bf312 (diff)
parent5a44e1a4024f1760021e5c6fd65773584d60513a (diff)
downloadmariadb-git-327409443fa5631b98e65b0c1cce1cfb6e05f723.tar.gz
Merge tag 'mariadb-5.5.44' into 5.5-galera
Diffstat (limited to 'sql-common')
-rw-r--r--sql-common/client.c23
1 files changed, 19 insertions, 4 deletions
diff --git a/sql-common/client.c b/sql-common/client.c
index ac372a437ba..01f73974f61 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1801,6 +1801,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
mysql->options.ssl_ca= strdup_if_not_null(ca);
mysql->options.ssl_capath= strdup_if_not_null(capath);
mysql->options.ssl_cipher= strdup_if_not_null(cipher);
+ mysql->options.use_ssl= TRUE;
#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
DBUG_RETURN(0);
}
@@ -2491,13 +2492,10 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
mysql->client_flag|= CLIENT_MULTI_RESULTS;
#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
- if (mysql->options.ssl_key || mysql->options.ssl_cert ||
- mysql->options.ssl_ca || mysql->options.ssl_capath ||
- mysql->options.ssl_cipher)
- mysql->options.use_ssl= 1;
if (mysql->options.use_ssl)
mysql->client_flag|= CLIENT_SSL;
#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY*/
+
if (mpvio->db)
mysql->client_flag|= CLIENT_CONNECT_WITH_DB;
@@ -2526,6 +2524,23 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
end= buff+5;
}
#ifdef HAVE_OPENSSL
+
+ /*
+ If client uses ssl and client also has to verify the server
+ certificate, a ssl connection is required.
+ If the server does not support ssl, we abort the connection.
+ */
+ if (mysql->options.use_ssl &&
+ (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
+ !(mysql->server_capabilities & CLIENT_SSL))
+ {
+ set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
+ ER(CR_SSL_CONNECTION_ERROR),
+ "SSL is required, but the server does not "
+ "support it");
+ goto error;
+ }
+
if (mysql->client_flag & CLIENT_SSL)
{
/* Do the SSL layering. */