Merge sgluhov@bk-internal.mysql.com:/home/bk/mysql-4.0

into gluh.mysql.r18.ru:/home/gluh/mysql-4.0.for_fix


sql/sql_acl.cc:
  Auto merged

1 files changed, 5 insertions, 2 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index c93e082e0ff..f2f969551d1 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -552,7 +552,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      We need to check for absence of SSL because without SSL
 	      we should reject connection.
 	    */
-	    if (vio_type(vio) == VIO_TYPE_SSL && SSL_get_peer_certificate(vio->ssl_))
+	    if (vio_type(vio) == VIO_TYPE_SSL && 
+	        SSL_get_verify_result(vio->ssl_) == X509_V_OK &&
+	        SSL_get_peer_certificate(vio->ssl_))
 	      user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
@@ -560,7 +562,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      We need to check for absence of SSL because without SSL
 	      we should reject connection.
 	    */
-	    if (vio_type(vio) == VIO_TYPE_SSL)
+	    if (vio_type(vio) == VIO_TYPE_SSL && 
+	        SSL_get_verify_result(vio->ssl_) == X509_V_OK)
 	    {
 	      if (acl_user->ssl_cipher)
 	      {