Bug #11761822: yassl rejects valid certificate which openssl accepts

    
Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this 
particular certificate.
Added a test case with the certificate itself.

1 files changed, 6 insertions, 4 deletions

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 3c0c2f3a7ec..945e288a799 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -201,7 +201,7 @@ static void check_ssl_init()
 static struct st_VioSSLFd *
 new_VioSSLFd(const char *key_file, const char *cert_file,
              const char *ca_file, const char *ca_path,
-             const char *cipher, SSL_METHOD *method, 
+             const char *cipher, my_bool is_client_method, 
              enum enum_ssl_init_error* error)
 {
   DH *dh;
@@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
                  my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
     DBUG_RETURN(0);
 
-  if (!(ssl_fd->ssl_context= SSL_CTX_new(method)))
+  if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ? 
+                                         TLSv1_client_method() :
+                                         TLSv1_server_method())))
   {
     *error= SSL_INITERR_MEMFAIL;
     DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
@@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
     verify= SSL_VERIFY_NONE;
 
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
-                             ca_path, cipher, TLSv1_client_method(), &dummy)))
+                             ca_path, cipher, TRUE, &dummy)))
   {
     return 0;
   }
@@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
   struct st_VioSSLFd *ssl_fd;
   int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
-                             ca_path, cipher, TLSv1_server_method(), error)))
+                             ca_path, cipher, FALSE, error)))
   {
     return 0;
   }