From fcb033053d72502366f890c4652603c6cbc4fadb Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Tue, 15 May 2012 13:12:22 +0300 Subject: Bug #11761822: yassl rejects valid certificate which openssl accepts Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this particular certificate. Added a test case with the certificate itself. --- vio/viosslfactories.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'vio') diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 3c0c2f3a7ec..945e288a799 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -201,7 +201,7 @@ static void check_ssl_init() static struct st_VioSSLFd * new_VioSSLFd(const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, - const char *cipher, SSL_METHOD *method, + const char *cipher, my_bool is_client_method, enum enum_ssl_init_error* error) { DH *dh; @@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file, my_malloc(sizeof(struct st_VioSSLFd),MYF(0))))) DBUG_RETURN(0); - if (!(ssl_fd->ssl_context= SSL_CTX_new(method))) + if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ? + TLSv1_client_method() : + TLSv1_server_method()))) { *error= SSL_INITERR_MEMFAIL; DBUG_PRINT("error", ("%s", sslGetErrString(*error))); @@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, verify= SSL_VERIFY_NONE; if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, - ca_path, cipher, TLSv1_client_method(), &dummy))) + ca_path, cipher, TRUE, &dummy))) { return 0; } @@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, struct st_VioSSLFd *ssl_fd; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, - ca_path, cipher, TLSv1_server_method(), error))) + ca_path, cipher, FALSE, error))) { return 0; } -- cgit v1.2.1