From 4048cca387503462def7b392b964288f882c3e3d Mon Sep 17 00:00:00 2001
From: unknown <gluh@gluh.mysql.r18.ru>
Date: Thu, 26 Jun 2003 12:47:36 +0500
Subject: Fix bug #673: MySQL 4.0.13 no SSL connection with mysql client
 possible

sql/sql_acl.cc:
  Fix bug #673 MySQL 4.0.13 no SSL connection with mysql client possible
vio/viossl.c:
  Fix bug #673 MySQL 4.0.13 no SSL connection with mysql client possible
vio/viosslfactories.c:
  Fix bug #673 MySQL 4.0.13 no SSL connection with mysql client possible
---
 sql/sql_acl.cc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'sql/sql_acl.cc')

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index f01248bb682..72c8d4aaf38 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -546,7 +546,9 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      We need to check for absence of SSL because without SSL
               we should reject connection.
 	    */
-	    if (vio_type(vio) == VIO_TYPE_SSL && SSL_get_peer_certificate(vio->ssl_))
+	    if (vio_type(vio) == VIO_TYPE_SSL && 
+	        SSL_get_verify_result(vio->ssl_) == X509_V_OK &&
+	        SSL_get_peer_certificate(vio->ssl_))
 	      user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
@@ -554,7 +556,8 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      We need to check for absence of SSL because without SSL
 	      we should reject connection.
 	    */
-	    if (vio_type(vio) == VIO_TYPE_SSL)
+	    if (vio_type(vio) == VIO_TYPE_SSL && 
+	        SSL_get_verify_result(vio->ssl_) == X509_V_OK)
 	    {
 	      if (acl_user->ssl_cipher)
 	      {
-- 
cgit v1.2.1