Fix up patch

parent e5712d84
......@@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods=
#endif
};
int ssl_verify_server_cert(Vio *vio, const char* server_host)
{
SSL *ssl;
X509 *server_cert;
char *cp1, *cp2;
char buf[256];
DBUG_ENTER("ssl_verify_server_cert");
DBUG_PRINT("enter", ("server_host: %s", server_host));
if (!(ssl= (SSL*)vio->ssl_arg))
{
DBUG_PRINT("error", ("No SSL pointer found"));
return 1;
}
if (!server_host)
{
DBUG_PRINT("error", ("No server hostname supplied"));
return 1;
}
if (!(server_cert= SSL_get_peer_certificate(ssl)))
{
DBUG_PRINT("error", ("Could not get server certificate"));
return 1;
}
/*
We already know that the certificate exchanged was valid; the SSL library
handled that. Now we need to verify that the contents of the certificate
are what we expect.
*/
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
X509_free (server_cert);
// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing
DBUG_PRINT("info", ("hostname in cert: %s", buf));
cp1 = strstr(buf, "/CN=");
if (cp1)
{
cp1 += 4; // Skip the "/CN=" that we found
cp2 = strchr(cp1, '/');
if (cp2)
*cp2 = '\0';
DBUG_PRINT("info", ("Server hostname in cert: ", cp1));
if (!strcmp(cp1, server_host))
{
/* Success */
DBUG_RETURN(0);
}
}
DBUG_PRINT("error", ("SSL certificate validation failure"));
DBUG_RETURN(1);
}
MYSQL *
CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db,
......@@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
}
DBUG_PRINT("info", ("IO layer change done!"));
#if 0
/* Verify server cert */
if (mysql->options.ssl_verify_cert &&
ssl_verify_server_cert(mysql->net.vio, mysql->host))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
goto error;
}
#endif
/* TODO Verify server cert */
}
#endif /* HAVE_OPENSSL */
......
......@@ -54,12 +54,12 @@ static void
report_errors()
{
unsigned long l;
const char* file;
const char* data;
int line,flags;
const char *file;
const char *data;
int line,flags;
DBUG_ENTER("report_errors");
while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)))
while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
{
char buf[512];
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
......@@ -70,7 +70,7 @@ report_errors()
}
int vio_ssl_read(Vio * vio, gptr buf, int size)
int vio_ssl_read(Vio *vio, gptr buf, int size)
{
int r;
DBUG_ENTER("vio_ssl_read");
......@@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
}
int vio_ssl_write(Vio * vio, const gptr buf, int size)
int vio_ssl_write(Vio *vio, const gptr buf, int size)
{
int r;
DBUG_ENTER("vio_ssl_write");
......@@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
}
int vio_ssl_close(Vio * vio)
int vio_ssl_close(Vio *vio)
{
int r= 0;
SSL* ssl= (SSL*)vio->ssl_arg;
SSL *ssl= (SSL*)vio->ssl_arg;
DBUG_ENTER("vio_ssl_close");
if (ssl)
......@@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio)
}
int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL *ssl;
X509* client_cert;
X509 *client_cert;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
......@@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
}
int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL *ssl;
X509 *server_cert;
......@@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
}
int vio_ssl_blocking(Vio * vio __attribute__((unused)),
int vio_ssl_blocking(Vio *vio __attribute__((unused)),
my_bool set_blocking_mode,
my_bool *old_mode)
{
......
......@@ -209,7 +209,6 @@ static void check_ssl_init()
}
#ifdef __NETWARE__
/* MASV, should it be done everytime? */
netware_ssl_init();
#endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment