• unknown's avatar
    Bug#17208 SSL: client does not verify server certificate · c1d64ccc
    unknown authored
     - Add new function 'ssl_verify_server_cert' which is used if we are 
       connecting to the server with SSL. It will compare the hostname in 
       the server's cert against the hostname that we used when connecting 
       to the server. Will reject the connection if hostname does not match.
     - Add new option "OPT_SSL_VERIFY_SERVER_CERT" to be passed to mysql_options
       which will turn on checking of servers cert.
     - Add new argument "ssl-verify-server-cert" to all mysql* clients which 
       will activate the above option.
     - Generate a new server cert with 1024 bits that has "localhost" as the server name.
    
    
    SSL/server-cert.pem:
      Generate a new server cert that has "localhost" as CN, so that we can test to verify the hostname we connected against with the hostname in the cert
    client/client_priv.h:
      Add OPT_SSL_VERIFY_CERT
    client/mysql.cc:
      Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
    client/mysqladmin.cc:
      Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
    client/mysqldump.c:
      Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
    client/mysqlimport.c:
      Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
    client/mysqlshow.c:
      Pass the variable "opt_ssl_verify_server_cert" to the mysql_options function. It's processed/included by include/sslopt*.h files
    client/mysqltest.c:
      Always set opt_ssl_verify_server_cert on in mysqltest if we are using SSL
    include/mysql.h:
      Add variable ssl_verify_cerver_cert
    include/sslopt-longopts.h:
      Add ssl-verify-server-cert options to all clients.
    include/sslopt-vars.h:
      Add opt_ssl_varify_server_cert to all clients.
    sql-common/client.c:
      Add ssl_vertify_server_cert function which is executed if user has set the option ssl_verify_cerver_cert
    vio/viosslfactories.c:
      Ask the SSL library to verify servers cert by setting the SSL_VERIFY_PEER flag
    c1d64ccc
mysql.h 32.3 KB