diff options
| author | Georgi Kodinov <georgi.kodinov@oracle.com> | 2014-07-31 12:52:49 +0300 |
|---|---|---|
| committer | Georgi Kodinov <georgi.kodinov@oracle.com> | 2014-07-31 12:52:49 +0300 |
| commit | 10956689cbdf8856c66d8b708ac65099986a5935 (patch) | |
| tree | 93d5244b344665b4fdf269938497784db71f68b5 /sql-common | |
| parent | 832bebcd712837487b80164d22290b8de167954a (diff) | |
| download | mariadb-git-10956689cbdf8856c66d8b708ac65099986a5935.tar.gz | |
Bug #18384260: MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION
the 5.5 version of the fix.
Added a call to X509_verify_cert_error_string() into the client certificate
verification code.
Diffstat (limited to 'sql-common')
| -rw-r--r-- | sql-common/client.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sql-common/client.c b/sql-common/client.c index f2c091261b4..850daa38750 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1909,6 +1909,12 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c DBUG_RETURN(1); } + if (X509_V_OK != SSL_get_verify_result(ssl)) + { + *errptr= "Failed to verify the server certificate"; + X509_free(server_cert); + DBUG_RETURN(1); + } /* We already know that the certificate exchanged was valid; the SSL library handled that. Now we need to verify that the contents of the certificate |