Fix bug (273):The x509 cert issuer seems not to be checked against the CA

1 files changed, 4 insertions, 2 deletions

diff --git a/vio/viossl.c b/vio/viossl.c
index cf1c98b5382..0f34a45f9aa 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -281,7 +281,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
   SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
   SSL_set_fd(vio->ssl_,vio->sd);
   SSL_set_accept_state(vio->ssl_);
-  if (SSL_do_handshake(vio->ssl_) < 1)
+  if (SSL_do_handshake(vio->ssl_) < 1 ||
+      SSL_get_verify_result(vio->ssl_) != X509_V_OK)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors();
@@ -354,7 +355,8 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
   SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
   SSL_set_fd (vio->ssl_, vio->sd);
   SSL_set_connect_state(vio->ssl_);
-  if (SSL_do_handshake(vio->ssl_) < 1)
+  if (SSL_do_handshake(vio->ssl_) < 1 ||
+      SSL_get_verify_result(vio->ssl_) != X509_V_OK)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors();