Bug #18384260: MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION

the 5.5 version of the fix. Added a call to X509_verify_cert_error_string() into the client certificate verification code.

Bug #18384260: MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION
the 5.5 version of the fix. Added a call to X509_verify_cert_error_string() into the client certificate verification code.
10956689 · Georgi Kodinov · 832bebcd · 10956689
Commit 10956689 authored Jul 31, 2014 by Georgi Kodinov
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

sql-common/client.c sql-common/client.c +6 -0

No files found.
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1909,6 +1909,12 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
    DBUG_RETURN(1);
  }
+  if (X509_V_OK != SSL_get_verify_result(ssl))
+  {
+    *errptr= "Failed to verify the server certificate";
+    X509_free(server_cert);
+    DBUG_RETURN(1);
+  }
  /*
    We already know that the certificate exchanged was valid; the SSL library
    handled that. Now we need to verify that the contents of the certificate