diff options
author | Georgi Kodinov <Georgi.Kodinov@Oracle.com> | 2012-05-15 13:12:22 +0300 |
---|---|---|
committer | Georgi Kodinov <Georgi.Kodinov@Oracle.com> | 2012-05-15 13:12:22 +0300 |
commit | e4e19015692e727be655ce287f8cd6018d7fc6b2 (patch) | |
tree | 6c572203086cf87f3225bdfb9a4c4ecfa39de1b3 /vio | |
parent | e7b735fb4b664fe8fd33d653008898d1e6d7566c (diff) | |
download | mariadb-git-e4e19015692e727be655ce287f8cd6018d7fc6b2.tar.gz |
Bug #11761822: yassl rejects valid certificate which openssl accepts
Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this
particular certificate.
Added a test case with the certificate itself.
Diffstat (limited to 'vio')
-rw-r--r-- | vio/viosslfactories.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 3c0c2f3a7ec..945e288a799 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -201,7 +201,7 @@ static void check_ssl_init() static struct st_VioSSLFd * new_VioSSLFd(const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, - const char *cipher, SSL_METHOD *method, + const char *cipher, my_bool is_client_method, enum enum_ssl_init_error* error) { DH *dh; @@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file, my_malloc(sizeof(struct st_VioSSLFd),MYF(0))))) DBUG_RETURN(0); - if (!(ssl_fd->ssl_context= SSL_CTX_new(method))) + if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ? + TLSv1_client_method() : + TLSv1_server_method()))) { *error= SSL_INITERR_MEMFAIL; DBUG_PRINT("error", ("%s", sslGetErrString(*error))); @@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, verify= SSL_VERIFY_NONE; if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, - ca_path, cipher, TLSv1_client_method(), &dummy))) + ca_path, cipher, TRUE, &dummy))) { return 0; } @@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, struct st_VioSSLFd *ssl_fd; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, - ca_path, cipher, TLSv1_server_method(), error))) + ca_path, cipher, FALSE, error))) { return 0; } |