From d851d5e70cf7ce2c1aacdf2119d7ecaacc8835d2 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <sergii@pisem.net>
Date: Wed, 19 Nov 2014 18:54:02 +0100
Subject: MDEV-6975 Implement TLS protocol

followup:
* explicitly disable SSLv2 and SSLv3, keep other protocols enabled
* fix a compiler warning
* rename the test and combinations to avoid confusion

vio/viossl.c:
  fix a compiler warning
---
 vio/viossl.c          | 2 +-
 vio/viosslfactories.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'vio')

diff --git a/vio/viossl.c b/vio/viossl.c
index fd5dfc51f17..5181f496768 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -144,7 +144,7 @@ int vio_ssl_close(Vio *vio)
       break;
     default: /* Shutdown failed */
       DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d",
-                               SSL_get_error(ssl, r)));
+                               (int)SSL_get_error(ssl, r)));
       break;
     }
   }
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index c64bba338a4..22645b18b1b 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -200,6 +200,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     DBUG_RETURN(0);
   }
 
+  SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
   /*
     Set the ciphers that can be used
     NOTE: SSL_CTX_set_cipher_list will return 0 if
-- 
cgit v1.2.1