diff options
| author | monty@mashka.mysql.fi <> | 2003-08-11 22:44:43 +0300 |
|---|---|---|
| committer | monty@mashka.mysql.fi <> | 2003-08-11 22:44:43 +0300 |
| commit | 2263e3e51faba531a0a7055dbf706a6a8719ad70 (patch) | |
| tree | 3c0ddcb446b8be099c3ab2616c459a573ee3cf92 /vio | |
| parent | 1279f9b024614cf97cf447cfb10d6d7d69abb8bc (diff) | |
| parent | 6e7a509d06824447e427dd44d5692489267d9c4b (diff) | |
| download | mariadb-git-2263e3e51faba531a0a7055dbf706a6a8719ad70.tar.gz | |
Merge with 4.0.14
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/Makefile.am | 31 | ||||
| -rw-r--r-- | vio/viosocket.c | 2 | ||||
| -rw-r--r-- | vio/viossl.c | 6 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 15 |
4 files changed, 31 insertions, 23 deletions
diff --git a/vio/Makefile.am b/vio/Makefile.am index 16c70b12454..d5d26dec344 100644 --- a/vio/Makefile.am +++ b/vio/Makefile.am @@ -14,21 +14,24 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -INCLUDES = -I$(top_srcdir)/include $(openssl_includes) -LDADD = @CLIENT_EXTRA_LDFLAGS@ libvio.a $(openssl_libs) -pkglib_LIBRARIES = libvio.a +INCLUDES= -I$(top_srcdir)/include $(openssl_includes) +LDADD= @CLIENT_EXTRA_LDFLAGS@ $(openssl_libs) +pkglib_LIBRARIES= libvio.a noinst_PROGRAMS = test-ssl test-sslserver test-sslclient -noinst_HEADERS = -test_ssl_SOURCES = test-ssl.c -test_ssl_LDADD = @CLIENT_EXTRA_LDFLAGS@ ../dbug/libdbug.a libvio.a ../mysys/libmysys.a \ - ../strings/libmystrings.a libvio.a $(openssl_libs) -test_sslserver_SOURCES = test-sslserver.c -test_sslserver_LDADD = @CLIENT_EXTRA_LDFLAGS@ ../dbug/libdbug.a libvio.a ../mysys/libmysys.a \ - ../strings/libmystrings.a libvio.a $(openssl_libs) -test_sslclient_SOURCES = test-sslclient.c -test_sslclient_LDADD = @CLIENT_EXTRA_LDFLAGS@ ../dbug/libdbug.a libvio.a ../mysys/libmysys.a \ - ../strings/libmystrings.a libvio.a $(openssl_libs) -libvio_a_SOURCES = vio.c viosocket.c viossl.c viosslfactories.c +noinst_HEADERS= +test_ssl_SOURCES= test-ssl.c +test_ssl_LDADD= @CLIENT_EXTRA_LDFLAGS@ ../dbug/libdbug.a libvio.a \ + ../mysys/libmysys.a ../strings/libmystrings.a \ + $(openssl_libs) +test_sslserver_SOURCES= test-sslserver.c +test_sslserver_LDADD= @CLIENT_EXTRA_LDFLAGS@ ../dbug/libdbug.a libvio.a \ + ../mysys/libmysys.a ../strings/libmystrings.a \ + $(openssl_libs) +test_sslclient_SOURCES= test-sslclient.c +test_sslclient_LDADD= @CLIENT_EXTRA_LDFLAGS@ ../dbug/libdbug.a libvio.a \ + ../mysys/libmysys.a ../strings/libmystrings.a \ + $(openssl_libs) +libvio_a_SOURCES= vio.c viosocket.c viossl.c viosslfactories.c # Don't update the files from bitkeeper %::SCCS/s.% diff --git a/vio/viosocket.c b/vio/viosocket.c index 5f7e48f8e8b..ac2f7939a4c 100644 --- a/vio/viosocket.c +++ b/vio/viosocket.c @@ -26,8 +26,8 @@ #include <mysql_com.h> #include <errno.h> -#include <violite.h> #include <my_sys.h> +#include <violite.h> #include <my_net.h> #include <m_string.h> diff --git a/vio/viossl.c b/vio/viossl.c index 834343a77d9..fc95b0755ce 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -287,8 +287,7 @@ int sslaccept(struct st_VioSSLAcceptorFd* ptr, Vio* vio, long timeout) SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd(vio->ssl_,vio->sd); SSL_set_accept_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1 || - SSL_get_verify_result(vio->ssl_) != X509_V_OK) + if (SSL_do_handshake(vio->ssl_) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); @@ -361,8 +360,7 @@ int sslconnect(struct st_VioSSLConnectorFd* ptr, Vio* vio, long timeout) SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd (vio->ssl_, vio->sd); SSL_set_connect_state(vio->ssl_); - if (SSL_do_handshake(vio->ssl_) < 1 || - SSL_get_verify_result(vio->ssl_) != X509_V_OK) + if (SSL_do_handshake(vio->ssl_) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 31bc457d1ae..69d4f3007b8 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -18,8 +18,8 @@ #ifdef HAVE_OPENSSL -#include <my_sys.h> #include <mysql_com.h> +#include <my_sys.h> #include <violite.h> @@ -178,6 +178,11 @@ vio_verify_callback(int ok, X509_STORE_CTX *ctx) /************************ VioSSLConnectorFd **********************************/ +/* + TODO: + Add option --verify to mysql to be able to change verification mode +*/ + struct st_VioSSLConnectorFd * new_VioSSLConnectorFd(const char* key_file, const char* cert_file, @@ -185,7 +190,7 @@ new_VioSSLConnectorFd(const char* key_file, const char* ca_path, const char* cipher) { - int verify = SSL_VERIFY_PEER; + int verify = SSL_VERIFY_NONE; struct st_VioSSLConnectorFd* ptr; int result; DH *dh=NULL; @@ -264,7 +269,10 @@ ctor_failure: /************************ VioSSLAcceptorFd **********************************/ - +/* + TODO: + Add option --verify to mysqld to be able to change verification mode +*/ struct st_VioSSLAcceptorFd* new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, @@ -273,7 +281,6 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cipher) { int verify = (SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE); struct st_VioSSLAcceptorFd* ptr; int result; |