diff options
| author | Georgi Kodinov <joro@sun.com> | 2009-10-27 15:20:34 +0200 |
|---|---|---|
| committer | Georgi Kodinov <joro@sun.com> | 2009-10-27 15:20:34 +0200 |
| commit | b9553d83ea32070ed757e5c3b945a907268d2bc0 (patch) | |
| tree | ceed54ca9979d6927ea25c80cba6d612eac0d215 /vio/viosslfactories.c | |
| parent | 87adf6ffc586fcb427590e310cd60e65872b0059 (diff) | |
| parent | 95dce2b0331180ad146684f7f9b266cfcc442609 (diff) | |
| download | mariadb-git-b9553d83ea32070ed757e5c3b945a907268d2bc0.tar.gz | |
merge
Diffstat (limited to 'vio/viosslfactories.c')
| -rw-r--r-- | vio/viosslfactories.c | 61 |
1 files changed, 2 insertions, 59 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 6a6e08818c6..51d049b18b9 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -144,55 +144,6 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file, } -static int -vio_verify_callback(int ok, X509_STORE_CTX *ctx) -{ - char buf[256]; - X509 *err_cert; - - DBUG_ENTER("vio_verify_callback"); - DBUG_PRINT("enter", ("ok: %d ctx: 0x%lx", ok, (long) ctx)); - - err_cert= X509_STORE_CTX_get_current_cert(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); - DBUG_PRINT("info", ("cert: %s", buf)); - if (!ok) - { - int err, depth; - err= X509_STORE_CTX_get_error(ctx); - depth= X509_STORE_CTX_get_error_depth(ctx); - - DBUG_PRINT("error",("verify error: %d '%s'",err, - X509_verify_cert_error_string(err))); - /* - Approve cert if depth is greater then "verify_depth", currently - verify_depth is always 0 and there is no way to increase it. - */ - if (verify_depth >= depth) - ok= 1; - } - switch (ctx->error) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); - DBUG_PRINT("info",("issuer= %s\n", buf)); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - DBUG_PRINT("error", ("notBefore")); - /*ASN1_TIME_print_fp(stderr,X509_get_notBefore(ctx->current_cert));*/ - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - DBUG_PRINT("error", ("notAfter error")); - /*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/ - break; - } - DBUG_PRINT("exit", ("%d", ok)); - DBUG_RETURN(ok); -} - - #ifdef __NETWARE__ /* NetWare SSL cleanup */ @@ -354,11 +305,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, /* Init the VioSSLFd as a "connector" ie. the client side */ - /* - The verify_callback function is used to control the behaviour - when the SSL_VERIFY_PEER flag is set. - */ - SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback); + SSL_CTX_set_verify(ssl_fd->ssl_context, verify, NULL); return ssl_fd; } @@ -382,11 +329,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, /* Set max number of cached sessions, returns the previous size */ SSL_CTX_sess_set_cache_size(ssl_fd->ssl_context, 128); - /* - The verify_callback function is used to control the behaviour - when the SSL_VERIFY_PEER flag is set. - */ - SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback); + SSL_CTX_set_verify(ssl_fd->ssl_context, verify, NULL); /* Set session_id - an identifier for this server session |