Remove CLIENT_SSL_VERIFY_SERVER_CERT

Since TLS server certificate verification is a client
only option, this flag is removed in both client (C/C)
and MariaDB server capability flags.

This patch reverts commit 89d759b9
(MySQL Bug #21543) and stores the server certificate validation
option in mysql->options.extensions.

include/mysql_com.h

@@ -275,7 +275,7 @@ enum enum_indicator_type
 #define CLIENT_DEPRECATE_EOF (1ULL << 24)
 
 #define CLIENT_PROGRESS_OBSOLETE  (1ULL << 29)
-#define CLIENT_SSL_VERIFY_SERVER_CERT (1ULL << 30)
+#define CLIENT_SSL_VERIFY_SERVER_CERT_OBSOLETE (1ULL << 30)
 /*
   It used to be that if mysql_real_connect() failed, it would delete any
   options set by the client, unless the CLIENT_REMEMBER_OPTIONS flag was
@@ -326,7 +326,6 @@ enum enum_indicator_type
                            CLIENT_MULTI_STATEMENTS | \
                            CLIENT_MULTI_RESULTS | \
                            CLIENT_PS_MULTI_RESULTS | \
-                           CLIENT_SSL_VERIFY_SERVER_CERT | \
                            CLIENT_REMEMBER_OPTIONS | \
                            MARIADB_CLIENT_PROGRESS | \
                            CLIENT_PLUGIN_AUTH | \
@@ -343,9 +342,8 @@ enum enum_indicator_type
   If any of the optional flags is supported by the build it will be switched
   on before sending to the client during the connection handshake.
 */
-#define CLIENT_BASIC_FLAGS (((CLIENT_ALL_FLAGS & ~CLIENT_SSL) \
-                                               & ~CLIENT_COMPRESS) \
-                                               & ~CLIENT_SSL_VERIFY_SERVER_CERT)
+#define CLIENT_BASIC_FLAGS ((CLIENT_ALL_FLAGS & ~CLIENT_SSL) \
+                                               & ~CLIENT_COMPRESS)
 
 /**
   Is raised when a multi-statement transaction

include/sql_common.h

@@ -44,6 +44,7 @@ struct st_mysql_options_extention {
   struct mysql_async_context *async_context;
   HASH connection_attributes;
   size_t connection_attributes_length;
+  my_bool tls_verify_server_cert;
 };
 
 typedef struct st_mysql_methods

sql-common/client.c

@@ -2093,7 +2093,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
      If the server does not support ssl, we abort the connection.
   */
   if (mysql->options.use_ssl &&
-      (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
+      (mysql->options.extension && mysql->options.extension->tls_verify_server_cert) &&
       !(mysql->server_capabilities & CLIENT_SSL))
   {
     set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
@@ -2163,7 +2163,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
     DBUG_PRINT("info", ("IO layer change done!"));
 
     /* Verify server cert */
-    if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
+    if ((mysql->options.extension && mysql->options.extension->tls_verify_server_cert) &&
         ssl_verify_server_cert(net->vio, mysql->host, &cert_error))
     {
       set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate,
@@ -3847,10 +3847,12 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const void *arg)
     mysql->options.use_thread_specific_memory= *(my_bool *) arg;
     break;
   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-    if (*(my_bool*) arg)
-      mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
-    else
-      mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
+    if (!mysql->options.extension)
+      mysql->options.extension= (struct st_mysql_options_extention *)
+        my_malloc(sizeof(struct st_mysql_options_extention),
+                  MYF(MY_WME | MY_ZEROFILL));
+    if (mysql->options.extension)
+      mysql->options.extension->tls_verify_server_cert= *(my_bool*) arg;
     break;
   case MYSQL_PLUGIN_DIR:
     EXTENSION_SET_STRING(&mysql->options, plugin_dir, arg);

sql/sql_acl.cc

@@ -12759,7 +12759,6 @@ static bool send_server_handshake_packet(MPVIO_EXT *mpvio,
   if (ssl_acceptor_fd)
   {
     thd->client_capabilities |= CLIENT_SSL;
-    thd->client_capabilities |= CLIENT_SSL_VERIFY_SERVER_CERT;
   }
 
   if (data_len)