Fix bug: Crash server when grant ssl options are used and ssl handshake is not set

3cb207ec · unknown · 35459cb7 · 3cb207ec
Commit 3cb207ec authored Apr 16, 2003 by unknown
Show whitespace changes
Inline Side-by-side

Showing with 58 additions and 57 deletions

sql/sql_acl.cc sql/sql_acl.cc +58 -57

No files found.
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -542,19 +542,19 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	    break;
 	  case SSL_TYPE_X509: /* Client should have any valid certificate. */
 	    /*
-	      Connections with non-valid certificates are dropped already 
-	      in sslaccept() anyway, so we do not check validity here. 
+	      We need to check for absence of SSL because without SSL
+              we should reject connection.
 	    */
-	    if (SSL_get_peer_certificate(vio->ssl_))
+	    if (vio_type(vio) == VIO_TYPE_SSL && SSL_get_peer_certificate(vio->ssl_))
 	      user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
 	    /*
-	      We do not check for absence of SSL because without SSL it does
-	      not pass all checks here anyway.
-	      If cipher name is specified, we compare it to actual cipher in
-	      use.
+	      We need to check for absence of SSL because without SSL
+	      we should reject connection.
 	    */
+	    if (vio_type(vio) == VIO_TYPE_SSL)
+	    {
 	      if (acl_user->ssl_cipher)
 	      {
 		DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
@@ -615,6 +615,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	      }
 	      break;
 	    }
+	  }
 #else  /* HAVE_OPENSSL */
 	  user_access=acl_user->access;
 #endif /* HAVE_OPENSSL */