Fix bug (273):The x509 cert issuer seems not to be checked against the CA

author: unknown <gluh@gluh.mysql.r18.ru> 2003-04-16 17:25:05 +0500
committer: unknown <gluh@gluh.mysql.r18.ru> 2003-04-16 17:25:05 +0500
commit: 797d9de9cd4c3ce933c604c72a3a96ceac975e17 (patch)
tree: 783d0a1c01b6f3fbb614414921f56f69a1cec45f /vio
parent: 3cb207ec4b460f983eb0bb063fd171040ab4e9ec (diff)
download: mariadb-git-797d9de9cd4c3ce933c604c72a3a96ceac975e17.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/vio/viossl.c b/vio/viossl.c
index cf1c98b5382..0f34a45f9aa 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -281,7 +281,8 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout)
   SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
   SSL_set_fd(vio->ssl_,vio->sd);
   SSL_set_accept_state(vio->ssl_);
-  if (SSL_do_handshake(vio->ssl_) < 1)
+  if (SSL_do_handshake(vio->ssl_) < 1 ||
+      SSL_get_verify_result(vio->ssl_) != X509_V_OK)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors();
@@ -354,7 +355,8 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout)
   SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout);
   SSL_set_fd (vio->ssl_, vio->sd);
   SSL_set_connect_state(vio->ssl_);
-  if (SSL_do_handshake(vio->ssl_) < 1)
+  if (SSL_do_handshake(vio->ssl_) < 1 ||
+      SSL_get_verify_result(vio->ssl_) != X509_V_OK)
   {
     DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors();
author	unknown <gluh@gluh.mysql.r18.ru>	2003-04-16 17:25:05 +0500
committer	unknown <gluh@gluh.mysql.r18.ru>	2003-04-16 17:25:05 +0500
commit	797d9de9cd4c3ce933c604c72a3a96ceac975e17 (patch)
tree	783d0a1c01b6f3fbb614414921f56f69a1cec45f /vio
parent	3cb207ec4b460f983eb0bb063fd171040ab4e9ec (diff)
download	mariadb-git-797d9de9cd4c3ce933c604c72a3a96ceac975e17.tar.gz