Skip to content

M
MariaDB
Commit d66ac949 authored by msvensson@neptunus.(none)'s avatar msvensson@neptunus.(none)
Browse files
Options

Fix up patch

parent e5712d84
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 80 deletions
sql-common/client.c
View file @ d66ac949
...@@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods= ...@@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods=
#endif #endif
}; };
int ssl_verify_server_cert(Vio *vio, const char* server_host)
{
SSL *ssl;
X509 *server_cert;
char *cp1, *cp2;
char buf[256];
DBUG_ENTER("ssl_verify_server_cert");
DBUG_PRINT("enter", ("server_host: %s", server_host));
if (!(ssl= (SSL*)vio->ssl_arg))
{
DBUG_PRINT("error", ("No SSL pointer found"));
return 1;
}
if (!server_host)
{
DBUG_PRINT("error", ("No server hostname supplied"));
return 1;
}
if (!(server_cert= SSL_get_peer_certificate(ssl)))
{
DBUG_PRINT("error", ("Could not get server certificate"));
return 1;
}
/*
We already know that the certificate exchanged was valid; the SSL library
handled that. Now we need to verify that the contents of the certificate
are what we expect.
*/
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
X509_free (server_cert);
// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing
DBUG_PRINT("info", ("hostname in cert: %s", buf));
cp1 = strstr(buf, "/CN=");
if (cp1)
{
cp1 += 4; // Skip the "/CN=" that we found
cp2 = strchr(cp1, '/');
if (cp2)
*cp2 = '\0';
DBUG_PRINT("info", ("Server hostname in cert: ", cp1));
if (!strcmp(cp1, server_host))
{
/* Success */
DBUG_RETURN(0);
}
}
DBUG_PRINT("error", ("SSL certificate validation failure"));
DBUG_RETURN(1);
}
MYSQL * MYSQL *
CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
const char *passwd, const char *db, const char *passwd, const char *db,
...@@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
} }
DBUG_PRINT("info", ("IO layer change done!")); DBUG_PRINT("info", ("IO layer change done!"));
#if 0 /* TODO Verify server cert */
/* Verify server cert */
if (mysql->options.ssl_verify_cert &&
ssl_verify_server_cert(mysql->net.vio, mysql->host))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
goto error;
}
#endif
} }
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
......
vio/viossl.c
View file @ d66ac949
...@@ -54,12 +54,12 @@ static void ...@@ -54,12 +54,12 @@ static void
report_errors() report_errors()
{ {
unsigned long l; unsigned long l;
const char* file; const char *file;
const char* data; const char *data;
int line,flags; int line,flags;
DBUG_ENTER("report_errors"); DBUG_ENTER("report_errors");
while ((l=ERR_get_error_line_data(&file,&line,&data,&flags))) while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
{ {
char buf[512]; char buf[512];
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf), DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
...@@ -70,7 +70,7 @@ report_errors() ...@@ -70,7 +70,7 @@ report_errors()
} }
int vio_ssl_read(Vio * vio, gptr buf, int size) int vio_ssl_read(Vio *vio, gptr buf, int size)
{ {
int r; int r;
DBUG_ENTER("vio_ssl_read"); DBUG_ENTER("vio_ssl_read");
...@@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size) ...@@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
} }
int vio_ssl_write(Vio * vio, const gptr buf, int size) int vio_ssl_write(Vio *vio, const gptr buf, int size)
{ {
int r; int r;
DBUG_ENTER("vio_ssl_write"); DBUG_ENTER("vio_ssl_write");
...@@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size) ...@@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
} }
int vio_ssl_close(Vio * vio) int vio_ssl_close(Vio *vio)
{ {
int r= 0; int r= 0;
SSL* ssl= (SSL*)vio->ssl_arg; SSL *ssl= (SSL*)vio->ssl_arg;
DBUG_ENTER("vio_ssl_close"); DBUG_ENTER("vio_ssl_close");
if (ssl) if (ssl)
...@@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio) ...@@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio)
} }
int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout) int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{ {
SSL *ssl; SSL *ssl;
X509* client_cert; X509 *client_cert;
my_bool unused; my_bool unused;
my_bool net_blocking; my_bool net_blocking;
enum enum_vio_type old_type; enum enum_vio_type old_type;
...@@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout) ...@@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
} }
int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout) int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{ {
SSL *ssl; SSL *ssl;
X509 *server_cert; X509 *server_cert;
...@@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout) ...@@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
} }
int vio_ssl_blocking(Vio * vio __attribute__((unused)), int vio_ssl_blocking(Vio *vio __attribute__((unused)),
my_bool set_blocking_mode, my_bool set_blocking_mode,
my_bool *old_mode) my_bool *old_mode)
{ {
......
vio/viosslfactories.c
View file @ d66ac949
...@@ -209,7 +209,6 @@ static void check_ssl_init() ...@@ -209,7 +209,6 @@ static void check_ssl_init()
} }
#ifdef __NETWARE__ #ifdef __NETWARE__
/* MASV, should it be done everytime? */
netware_ssl_init(); netware_ssl_init();
#endif #endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7