MDEV-6975 Implement TLS protocol

followup: * explicitly disable SSLv2 and SSLv3, keep other protocols enabled * fix a compiler warning * rename the test and combinations to avoid confusion vio/viossl.c: fix a compiler warning

MDEV-6975 Implement TLS protocol
followup: * explicitly disable SSLv2 and SSLv3, keep other protocols enabled * fix a compiler warning * rename the test and combinations to avoid confusion vio/viossl.c: fix a compiler warning
d851d5e7 · Sergei Golubchik · 8bc5eabe · d851d5e7 · d851d5e7 · d851d5e7
Commit d851d5e7 authored Nov 19, 2014 by Sergei Golubchik
6 changed files
--- a/mysql-test/r/openssl-poodle_6975,sslv3.result
+++ b/mysql-test/r/openssl-poodle_6975,sslv3.result
--- a/mysql-test/r/openssl-poodle_6975,tlsv12.result
+++ b/mysql-test/r/openssl-poodle_6975,tlsv12.result
--- a/mysql-test/t/openssl-poodle_6975.combinations
+++ b/mysql-test/t/openssl-poodle_6975.combinations
 [tlsv12]
 loose-ssl-cipher=TLSv1.2
-[sslv3]
+[tlsv10]
 loose-ssl-cipher=SSLv3
--- a/mysql-test/t/openssl-poodle_6975.test
+++ b/mysql-test/t/openssl-poodle_6975.test
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -144,7 +144,7 @@ int vio_ssl_close(Vio *vio)
      break;
    default: /* Shutdown failed */
      DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d",
-                               SSL_get_error(ssl, r)));
+                               (int)SSL_get_error(ssl, r)));
      break;
    }
  }

--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -200,6 +200,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
    DBUG_RETURN(0);
  }
+  SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
  /*
    Set the ciphers that can be used
    NOTE: SSL_CTX_set_cipher_list will return 0 if