Commit 1e0c22ef authored by unknown's avatar unknown

Fix bug: Crash server when grant ssl options are used and ssl handshake is not set

parent de0dd584
...@@ -542,19 +542,19 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ...@@ -542,19 +542,19 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
break; break;
case SSL_TYPE_X509: /* Client should have any valid certificate. */ case SSL_TYPE_X509: /* Client should have any valid certificate. */
/* /*
Connections with non-valid certificates are dropped already We need to check for absence of SSL because without SSL
in sslaccept() anyway, so we do not check validity here. we should reject connection.
*/ */
if (SSL_get_peer_certificate(vio->ssl_)) if (vio_type(vio) == VIO_TYPE_SSL && SSL_get_peer_certificate(vio->ssl_))
user_access=acl_user->access; user_access=acl_user->access;
break; break;
case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */ case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
/* /*
We do not check for absence of SSL because without SSL it does We need to check for absence of SSL because without SSL
not pass all checks here anyway. we should reject connection.
If cipher name is specified, we compare it to actual cipher in
use.
*/ */
if (vio_type(vio) == VIO_TYPE_SSL)
{
if (acl_user->ssl_cipher) if (acl_user->ssl_cipher)
{ {
DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'", DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
...@@ -615,6 +615,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user, ...@@ -615,6 +615,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
} }
break; break;
} }
}
#else /* HAVE_OPENSSL */ #else /* HAVE_OPENSSL */
user_access=acl_user->access; user_access=acl_user->access;
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment