diff options
| author | gluh@gluh.mysql.r18.ru <> | 2003-06-26 12:47:36 +0500 |
|---|---|---|
| committer | gluh@gluh.mysql.r18.ru <> | 2003-06-26 12:47:36 +0500 |
| commit | 7d43750eb629a942527a9ccd9a05463ba73d4664 (patch) | |
| tree | 1cba43db3b6011169f56cf4992aa49eca9167fdf /vio | |
| parent | 79780cbd9cf079dc767c6beb759191efa1a7ef23 (diff) | |
| download | mariadb-git-7d43750eb629a942527a9ccd9a05463ba73d4664.tar.gz | |
Fix bug #673: MySQL 4.0.13 no SSL connection with mysql client possible
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viossl.c | 6 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 13 |
2 files changed, 12 insertions, 7 deletions
diff --git a/vio/viossl.c b/vio/viossl.c index 834343a77d9..fc95b0755ce 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -287,8 +287,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd(vio->ssl_,vio->sd); SSL_set_accept_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1 || - SSL_get_verify_result(vio->ssl_) != X509_V_OK) + if (SSL_do_handshake(vio->ssl_) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); @@ -361,8 +360,7 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd (vio->ssl_, vio->sd); SSL_set_connect_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1 || - SSL_get_verify_result(vio->ssl_) != X509_V_OK) + if (SSL_do_handshake(vio->ssl_) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 31bc457d1ae..72ac915d14e 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -178,6 +178,11 @@ vio_verify_callback(int ok, X509_STORE_CTX *ctx) /************************ VioSSLConnectorFd **********************************/ +/* + TODO: + Add option --verify to mysql to be able to change verification mode +*/ + struct st_VioSSLConnectorFd * new_VioSSLConnectorFd(const char* key_file, const char* cert_file, @@ -185,7 +190,7 @@ new_VioSSLConnectorFd(const char* key_file, const char* ca_path, const char* cipher) { - int verify = SSL_VERIFY_PEER; + int verify = SSL_VERIFY_NONE; struct st_VioSSLConnectorFd* ptr; int result; DH *dh=NULL; @@ -264,7 +269,10 @@ ctor_failure: /************************ VioSSLAcceptorFd **********************************/ - +/* + TODO: + Add option --verify to mysqld to be able to change verification mode +*/ struct st_VioSSLAcceptorFd* new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, @@ -273,7 +281,6 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cipher) { int verify = (SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE); struct st_VioSSLAcceptorFd* ptr; int result; |