From aec7927c8e688ecb42683714f095deb6e95f1384 Mon Sep 17 00:00:00 2001
From: "msvensson@pilot.blaudden" <>
Date: Wed, 28 Mar 2007 12:23:55 +0200
Subject: Bug#25309 SSL connections without CA certificate broken since MySQL
 5.0.23  - Turn off verification of peer if both ca_path and ca_file is null  
  i.e from only passing --ssl-key=<client_key> and --ssl-cert=<client_cert>   
 to the mysql utility programs.    The server will authenticate the client
 accoring to GRANT tables    but the client won't authenticate the server

---
 vio/viosslfactories.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'vio')

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 55d3792365f..a12a45df648 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -301,6 +301,14 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
 {
   struct st_VioSSLFd *ssl_fd;
   int verify= SSL_VERIFY_PEER;
+
+  /*
+    Turn off verification of servers certificate if both
+    ca_file and ca_path is set to NULL
+  */
+  if (ca_file == 0 && ca_path == 0)
+    verify= SSL_VERIFY_NONE;
+
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
                              ca_path, cipher, TLSv1_client_method())))
   {
-- 
cgit v1.2.1