summaryrefslogtreecommitdiff
path: root/vio
diff options
context:
space:
mode:
authorGeorgi Kodinov <Georgi.Kodinov@Oracle.com>2012-05-15 13:12:22 +0300
committerGeorgi Kodinov <Georgi.Kodinov@Oracle.com>2012-05-15 13:12:22 +0300
commite4e19015692e727be655ce287f8cd6018d7fc6b2 (patch)
tree6c572203086cf87f3225bdfb9a4c4ecfa39de1b3 /vio
parente7b735fb4b664fe8fd33d653008898d1e6d7566c (diff)
downloadmariadb-git-e4e19015692e727be655ce287f8cd6018d7fc6b2.tar.gz
Bug #11761822: yassl rejects valid certificate which openssl accepts
Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this particular certificate. Added a test case with the certificate itself.
Diffstat (limited to 'vio')
-rw-r--r--vio/viosslfactories.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 3c0c2f3a7ec..945e288a799 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -201,7 +201,7 @@ static void check_ssl_init()
static struct st_VioSSLFd *
new_VioSSLFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path,
- const char *cipher, SSL_METHOD *method,
+ const char *cipher, my_bool is_client_method,
enum enum_ssl_init_error* error)
{
DH *dh;
@@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
DBUG_RETURN(0);
- if (!(ssl_fd->ssl_context= SSL_CTX_new(method)))
+ if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ?
+ TLSv1_client_method() :
+ TLSv1_server_method())))
{
*error= SSL_INITERR_MEMFAIL;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
@@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
verify= SSL_VERIFY_NONE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
- ca_path, cipher, TLSv1_client_method(), &dummy)))
+ ca_path, cipher, TRUE, &dummy)))
{
return 0;
}
@@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
- ca_path, cipher, TLSv1_server_method(), error)))
+ ca_path, cipher, FALSE, error)))
{
return 0;
}