diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2014-11-19 18:54:02 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2014-11-19 18:54:02 +0100 |
| commit | d851d5e70cf7ce2c1aacdf2119d7ecaacc8835d2 (patch) | |
| tree | 988b9e19ff72ccc8a2342c1228c6b6f7bce27fcd /vio | |
| parent | 8bc5eabea859c7411725ad8e4edc7b5b8464436a (diff) | |
| download | mariadb-git-d851d5e70cf7ce2c1aacdf2119d7ecaacc8835d2.tar.gz | |
MDEV-6975 Implement TLS protocol
followup:
* explicitly disable SSLv2 and SSLv3, keep other protocols enabled
* fix a compiler warning
* rename the test and combinations to avoid confusion
vio/viossl.c:
fix a compiler warning
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viossl.c | 2 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/vio/viossl.c b/vio/viossl.c index fd5dfc51f17..5181f496768 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -144,7 +144,7 @@ int vio_ssl_close(Vio *vio) break; default: /* Shutdown failed */ DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d", - SSL_get_error(ssl, r))); + (int)SSL_get_error(ssl, r))); break; } } diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index c64bba338a4..22645b18b1b 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -200,6 +200,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); } + SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + /* Set the ciphers that can be used NOTE: SSL_CTX_set_cipher_list will return 0 if |