From cf80c6cb642d5f82a53f38a41742c94a2c768dbf Mon Sep 17 00:00:00 2001
From: Tatjana Azundris Nuernberg <tatjana.nuernberg@oracle.com>
Date: Thu, 19 May 2011 10:47:43 +0100
Subject: Bug#11745920/Bug#21287: "SSL connection error" is not helpful!
 (ssl-verify-server-cert=true vs localhos)

SSL errors on client and now more specific to aid end-user
with debugging. Also restructures error handling for
compliance with SSL docs.

include/violite.h:
  new_VioSSLConnectorFd/sslaccept/sslconnect return more elaborate status
libmysql/errmsg.c:
  SSL errors now extended, more specific
mysql-test/r/openssl_1.result:
  SSL errors now extended, more specific
sql-common/client.c:
  Do more detailed error reporting for setup, connect, and
  server cert verifying phases.
sql/sql_acl.cc:
  sslaccept() signature has changed
vio/viossl.c:
  Save the error code and return it to callers of sslaccept
  and sslconnect.
vio/viosslfactories.c:
  new_VioSSLConnectorFd(): return error code to caller
---
 vio/viosslfactories.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'vio/viosslfactories.c')

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 4971dec37fb..4f4dd5758ba 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -165,7 +165,7 @@ static struct st_VioSSLFd *
 new_VioSSLFd(const char *key_file, const char *cert_file,
              const char *ca_file, const char *ca_path,
              const char *cipher, SSL_METHOD *method, 
-             enum enum_ssl_init_error* error)
+             enum enum_ssl_init_error *error)
 {
   DH *dh;
   struct st_VioSSLFd *ssl_fd;
@@ -249,11 +249,10 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
 struct st_VioSSLFd *
 new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
                       const char *ca_file, const char *ca_path,
-                      const char *cipher)
+                      const char *cipher, enum enum_ssl_init_error* error)
 {
   struct st_VioSSLFd *ssl_fd;
   int verify= SSL_VERIFY_PEER;
-  enum enum_ssl_init_error dummy;
 
   /*
     Turn off verification of servers certificate if both
@@ -263,7 +262,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
     verify= SSL_VERIFY_NONE;
 
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
-                             ca_path, cipher, TLSv1_client_method(), &dummy)))
+                             ca_path, cipher, TLSv1_client_method(), error)))
   {
     return 0;
   }
-- 
cgit v1.2.1