MDEV-7859 SSL hostname verification fails for long subject names

Don't use a fixed buffer for X509_NAME_oneline() in the client. Do as the server does - allocate it dynamically. For a test - regenerate certificates to have the server cert with a long subject.

MDEV-7859 SSL hostname verification fails for long subject names
Don't use a fixed buffer for X509_NAME_oneline() in the client. Do as the server does - allocate it dynamically. For a test - regenerate certificates to have the server cert with a long subject.
18215dd9 · Sergei Golubchik · 9fd65db3 · 18215dd9 · 18215dd9 · 18215dd9
Commit 18215dd9 authored Apr 25, 2015 by Sergei Golubchik
11 changed files
--- a/mysql-test/lib/generate-ssl-certs.sh
+++ b/mysql-test/lib/generate-ssl-certs.sh
@@ -10,22 +10,21 @@ touch demoCA/index.txt
 echo 01 > demoCA/serial

 # CA certificate, self-signed
-openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB' -text
+openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' -text

-# server certificate signing request and private key
-openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/O=MySQL AB/CN=localhost'
+# server certificate signing request and private key. Note the very long subject (for MDEV-7859)
+openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/CN=localhost/C=FI/ST=state or province within country, in other certificates in this file it is the same as L/L=location, usually an address but often ambiguously used/OU=organizational unit name, a division name within an organization/O=organization name, typically a company name'
 # convert the key to yassl compatible format
 openssl rsa -in server-key.pem -out server-key.pem
 # sign the server certificate with CA certificate
 openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem

-openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/O=MySQL AB/CN=server'
+openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/CN=server8k/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
 openssl rsa -in server8k-key.pem -out server8k-key.pem
 openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem

-openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/O=MySQL AB'
+openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/CN=client/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
 openssl rsa -in client-key.pem -out client-key.pem
-# if the folloing will require a common name - that's defined in /etc/ssl/openssl.cnf, under policy_anything
 openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem

 rm -rf demoCA
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -3,8 +3,8 @@ create table t1(f1 int);
 insert into t1 values (5);
 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;
 connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET);

--- a/mysql-test/std_data/cacert.pem
+++ b/mysql-test/std_data/cacert.pem
 Certificate:
    Data:
        Version: 3 (0x2)
-        Serial Number: 16263805969935345171 (0xe1b4a55c3ddfa613)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=SE, ST=Stockholm, L=Stockholm, O=Oracle, OU=MySQL, CN=CA
+        Serial Number: 11580370790696127632 (0xa0b5bde0f2c08c90)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
        Validity
-            Not Before: Dec  5 04:48:11 2014 GMT
-            Not After : Dec  1 04:48:11 2030 GMT
-        Subject: C=SE, ST=Stockholm, L=Stockholm, O=Oracle, OU=MySQL, CN=CA
+            Not Before: Apr 25 14:55:05 2015 GMT
+            Not After : Apr 20 14:55:05 2035 GMT
+        Subject: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
-                    00:b4:95:bd:24:92:73:06:22:01:13:28:0e:09:a3:
-                    94:05:96:54:9d:dc:8f:83:39:f3:64:7a:31:70:f6:
-                    d9:c4:14:19:75:87:a6:b1:ea:52:ed:40:54:5a:f6:
-                    9c:13:8e:d8:76:8f:5a:65:a5:20:19:19:bd:51:9d:
-                    ba:35:ce:9a:a9:58:0a:fc:11:6e:1d:cb:a8:f1:92:
-                    79:ee:aa:fc:e3:32:5e:aa:0d:0b:23:34:95:e9:d3:
-                    8e:3f:72:93:90:bc:2c:b0:04:75:4f:a4:4a:a0:32:
-                    db:ac:89:ac:34:9b:d0:07:e3:81:e9:ca:5b:26:f0:
-                    f5:de:fe:d5:5e:a0:54:26:dd:ec:58:07:6e:b9:e5:
-                    97:f6:20:6d:d8:4a:c0:50:cc:81:e6:d2:3f:c7:47:
-                    70:8b:15:89:65:71:2e:47:c3:42:76:b5:ee:16:0e:
-                    26:97:6a:a3:1c:ad:90:53:50:b0:b1:6d:1d:b0:b8:
-                    6d:df:3c:ee:bd:3b:87:e8:db:4d:3a:72:78:dd:db:
-                    40:3d:c9:20:46:b8:4e:33:bb:76:b7:4f:b2:79:da:
-                    03:cc:f9:75:c0:1d:4c:51:0a:b9:9b:25:34:50:11:
-                    97:df:82:46:02:a9:bc:98:51:3e:c3:df:57:ad:b7:
-                    28:be:de:65:ce:2b:f3:2c:22:f5:af:31:28:1c:ef:
-                    10:09
+                    00:c0:1f:90:7c:2b:c2:ea:01:93:ce:e0:c5:72:e8:
+                    1c:06:bd:63:4e:b6:d2:c6:00:32:13:27:42:9e:c9:
+                    3c:91:33:4d:15:90:67:7d:9d:d8:be:9b:12:e2:f6:
+                    1b:46:81:4a:8b:10:c5:b8:14:53:ab:6a:2c:c3:7f:
+                    66:87:6c:0e:18:51:4e:9c:93:7a:6d:a1:d4:06:47:
+                    58:61:a6:04:21:2c:bd:74:7a:e4:68:45:fe:91:fe:
+                    fb:a6:29:47:ec:c5:c3:88:c8:c9:e7:d7:c6:1a:0d:
+                    b8:f5:c5:02:57:25:01:cc:d5:8c:37:46:58:c6:71:
+                    30:ee:63:38:99:84:5e:9e:3c:af:40:d4:f0:f2:12:
+                    44:6e:2f:4d:cd:f9:da:4d:0e:1f:a6:fe:35:c3:9d:
+                    40:08:82:5e:6f:7d:4d:09:16:7d:a1:78:d6:9f:9f:
+                    44:d6:b1:ad:e7:50:25:1a:f3:4e:16:92:4a:17:5e:
+                    0b:e1:c8:9f:62:22:c4:e2:01:96:63:ed:37:a2:e5:
+                    70:b9:dc:c8:8e:c4:fe:00:21:f5:b9:48:c0:43:55:
+                    4a:d8:0c:9d:ce:d6:60:30:bb:81:31:c8:e9:0e:aa:
+                    1c:18:3d:e4:10:47:42:17:c0:4d:fb:f5:d9:c2:e4:
+                    07:33:f7:15:94:63:6d:11:ad:4f:d4:1d:11:41:c1:
+                    e2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                94:65:A1:A3:87:CF:BF:C1:74:BB:D8:84:97:B6:6B:EE:B2:90:73:B2
+                C7:2C:01:95:1A:F5:3E:CD:04:A6:24:35:35:04:D9:A7:16:01:2A:79
            X509v3 Authority Key Identifier: 
-                keyid:94:65:A1:A3:87:CF:BF:C1:74:BB:D8:84:97:B6:6B:EE:B2:90:73:B2
+                keyid:C7:2C:01:95:1A:F5:3E:CD:04:A6:24:35:35:04:D9:A7:16:01:2A:79

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         32:97:4c:af:bf:ca:e0:10:66:b7:cc:8b:0d:05:d1:d2:ca:b8:
-         0c:c2:78:57:1f:f6:55:9c:74:fc:bd:31:58:05:18:bc:6d:b5:
-         79:9a:22:8c:1f:da:33:ea:ef:db:e3:cb:46:bc:36:91:8b:d8:
-         36:8d:06:40:c2:e9:fe:79:1b:4a:c5:70:74:6d:9d:92:2c:90:
-         be:3c:a7:88:03:e4:b7:ef:f4:b0:00:34:ec:8f:d1:c3:23:2b:
-         ef:bc:ff:ab:a2:0e:bc:ba:11:a5:8e:44:80:fa:d6:f4:26:66:
-         84:64:2c:e3:23:62:0c:e2:ba:01:ab:5f:24:d6:9d:7e:9c:7b:
-         f4:5d:0e:ba:64:35:6e:a5:fa:98:0c:57:f3:72:e8:3e:2e:ce:
-         b3:f9:e3:fa:ee:aa:79:f9:06:01:19:b2:b3:28:ff:f4:d6:bb:
-         17:bb:a6:a0:e0:45:23:f3:61:40:31:5c:a3:ee:88:1c:00:31:
-         54:96:f9:71:37:b5:7f:66:6a:af:04:94:09:39:99:b3:88:86:
-         9e:bb:d6:36:24:24:f4:37:2c:a6:6c:0b:35:2e:bb:40:af:a7:
-         64:8a:7f:f2:74:e3:94:0c:32:bd:31:3d:d9:79:68:0f:1e:4b:
-         17:c0:4e:df:85:3c:f0:84:df:58:f1:d2:4d:2f:ad:ff:1b:d7:
-         c8:9b:fe:dc
+    Signature Algorithm: sha1WithRSAEncryption
+         40:6f:6a:54:f3:29:30:48:46:bd:da:46:71:64:52:14:a7:c2:
+         34:b7:5e:1e:42:3d:e7:47:92:cd:87:e7:9d:5d:1a:82:77:82:
+         62:32:d4:9d:b6:44:11:dc:88:78:38:a5:d3:1f:1e:be:c2:d6:
+         14:b0:58:35:cd:66:22:43:97:ba:bb:e3:44:4f:9d:75:14:9f:
+         6f:37:d3:50:07:09:36:bc:58:92:e8:fe:c0:a8:ba:29:55:65:
+         e2:6f:8f:ab:a5:1d:4f:56:37:de:c7:b4:39:20:4c:a8:4c:db:
+         56:51:12:7e:e7:7f:83:9d:c4:c7:72:8f:6f:83:f0:af:e3:37:
+         1c:40:fe:5e:38:26:2f:05:46:a7:0c:a5:81:79:d6:9c:9c:d7:
+         56:eb:96:fe:c7:ae:8e:4f:5e:4a:6c:3a:fa:68:be:65:60:a2:
+         d3:3f:07:76:45:b3:95:3e:11:ef:3a:0e:6f:73:47:4c:90:dd:
+         0b:36:b4:22:df:62:8d:58:d2:a6:34:5b:f0:06:5d:cd:bf:52:
+         fa:ee:9b:4f:e8:79:18:6e:1c:6e:5f:96:10:6d:2f:02:1b:dd:
+         bf:14:c9:32:3c:83:a5:6e:56:56:78:9d:ce:84:50:a4:df:cc:
+         b5:a9:b1:ec:09:07:74:02:27:7a:9d:d2:96:a9:80:95:9a:f2:
+         8c:e9:ef:99
 -----BEGIN CERTIFICATE-----
-MIIDmTCCAoGgAwIBAgIJAOG0pVw936YTMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEP
-MA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVNeVNRTDELMAkGA1UEAwwCQ0EwHhcN
-MTQxMjA1MDQ0ODExWhcNMzAxMjAxMDQ0ODExWjBjMQswCQYDVQQGEwJTRTESMBAG
-A1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xDzANBgNVBAoMBk9y
-YWNsZTEOMAwGA1UECwwFTXlTUUwxCzAJBgNVBAMMAkNBMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAtJW9JJJzBiIBEygOCaOUBZZUndyPgznzZHoxcPbZ
-xBQZdYemsepS7UBUWvacE47Ydo9aZaUgGRm9UZ26Nc6aqVgK/BFuHcuo8ZJ57qr8
-4zJeqg0LIzSV6dOOP3KTkLwssAR1T6RKoDLbrImsNJvQB+OB6cpbJvD13v7VXqBU
-Jt3sWAduueWX9iBt2ErAUMyB5tI/x0dwixWJZXEuR8NCdrXuFg4ml2qjHK2QU1Cw
-sW0dsLht3zzuvTuH6NtNOnJ43dtAPckgRrhOM7t2t0+yedoDzPl1wB1MUQq5myU0
-UBGX34JGAqm8mFE+w99Xrbcovt5lzivzLCL1rzEoHO8QCQIDAQABo1AwTjAdBgNV
-HQ4EFgQUlGWho4fPv8F0u9iEl7Zr7rKQc7IwHwYDVR0jBBgwFoAUlGWho4fPv8F0
-u9iEl7Zr7rKQc7IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAMpdM
-r7/K4BBmt8yLDQXR0sq4DMJ4Vx/2VZx0/L0xWAUYvG21eZoijB/aM+rv2+PLRrw2
-kYvYNo0GQMLp/nkbSsVwdG2dkiyQvjyniAPkt+/0sAA07I/RwyMr77z/q6IOvLoR
-pY5EgPrW9CZmhGQs4yNiDOK6AatfJNadfpx79F0OumQ1bqX6mAxX83LoPi7Os/nj
-+u6qefkGARmysyj/9Na7F7umoOBFI/NhQDFco+6IHAAxVJb5cTe1f2ZqrwSUCTmZ
-s4iGnrvWNiQk9DcspmwLNS67QK+nZIp/8nTjlAwyvTE92XloDx5LF8BO34U88ITf
-WPHSTS+t/xvXyJv+3A==
+MIIDfzCCAmegAwIBAgIJAKC1veDywIyQMA0GCSqGSIb3DQEBBQUAMFYxDzANBgNV
+BAMMBmNhY2VydDELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYD
+VQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjAeFw0xNTA0MjUxNDU1MDVa
+Fw0zNTA0MjAxNDU1MDVaMFYxDzANBgNVBAMMBmNhY2VydDELMAkGA1UEBhMCRkkx
+ETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwH
+TWFyaWFEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAfkHwrwuoB
+k87gxXLoHAa9Y0620sYAMhMnQp7JPJEzTRWQZ32d2L6bEuL2G0aBSosQxbgUU6tq
+LMN/ZodsDhhRTpyTem2h1AZHWGGmBCEsvXR65GhF/pH++6YpR+zFw4jIyefXxhoN
+uPXFAlclAczVjDdGWMZxMO5jOJmEXp48r0DU8PISRG4vTc352k0OH6b+NcOdQAiC
+Xm99TQkWfaF41p+fRNaxredQJRrzThaSShdeC+HIn2IixOIBlmPtN6LlcLncyI7E
+/gAh9blIwENVStgMnc7WYDC7gTHI6Q6qHBg95BBHQhfATfv12cLkBzP3FZRjbRGt
+T9QdEUHB4t0CAwEAAaNQME4wHQYDVR0OBBYEFMcsAZUa9T7NBKYkNTUE2acWASp5
+MB8GA1UdIwQYMBaAFMcsAZUa9T7NBKYkNTUE2acWASp5MAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAEBvalTzKTBIRr3aRnFkUhSnwjS3Xh5CPedHks2H
+551dGoJ3gmIy1J22RBHciHg4pdMfHr7C1hSwWDXNZiJDl7q740RPnXUUn28301AH
+CTa8WJLo/sCouilVZeJvj6ulHU9WN97HtDkgTKhM21ZREn7nf4OdxMdyj2+D8K/j
+NxxA/l44Ji8FRqcMpYF51pyc11brlv7Hro5PXkpsOvpovmVgotM/B3ZFs5U+Ee86
+Dm9zR0yQ3Qs2tCLfYo1Y0qY0W/AGXc2/Uvrum0/oeRhuHG5flhBtLwIb3b8UyTI8
+g6VuVlZ4nc6EUKTfzLWpsewJB3QCJ3qd0papgJWa8ozp75k=
 -----END CERTIFICATE-----
--- a/mysql-test/std_data/client-cert.pem
+++ b/mysql-test/std_data/client-cert.pem
 Certificate:
    Data:
        Version: 3 (0x2)
-        Serial Number: 16263805969935345173 (0xe1b4a55c3ddfa615)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=SE, ST=Stockholm, L=Stockholm, O=Oracle, OU=MySQL, CN=CA
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
        Validity
-            Not Before: Dec  5 04:49:23 2014 GMT
-            Not After : Dec  1 04:49:23 2029 GMT
-        Subject: C=SE, ST=Stockholm, L=Stockholm, O=Oracle, OU=MySQL, CN=Client
+            Not Before: Apr 25 14:55:16 2015 GMT
+            Not After : Apr 20 14:55:16 2035 GMT
+        Subject: C=FI, ST=Helsinki, L=Helsinki, O=MariaDB, CN=client
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
+                Public-Key: (1024 bit)
                Modulus:
-                    00:c8:d1:a1:fe:a4:8c:f3:1b:17:71:1b:74:35:11:
-                    e0:0e:6c:40:0a:fb:c0:f7:f0:eb:bb:c9:1d:a1:c7:
-                    d7:b0:8a:f6:f1:cf:fa:6b:d0:79:64:eb:bb:69:a5:
-                    0d:80:06:df:52:14:d2:85:32:cf:bf:ce:2a:47:28:
-                    5b:cd:0b:28:ab:bb:07:33:d5:8b:d3:b4:72:c4:a6:
-                    b5:cc:37:b9:03:a8:78:56:25:58:1f:17:30:7c:d1:
-                    0a:bb:ec:3c:a3:03:90:97:99:92:49:ae:b3:57:96:
-                    5c:1a:e9:e8:02:23:ae:c8:c9:05:50:63:e5:77:a1:
-                    9a:73:06:74:0e:46:50:28:d8:c9:4f:c4:1c:37:b8:
-                    52:18:0b:af:19:2b:d4:e5:66:74:a4:f3:f0:da:09:
-                    30:f7:bc:0c:c9:9b:ce:57:06:04:27:e5:a1:2f:2b:
-                    a0:ba:b7:99:69:9d:46:fc:21:b6:45:81:9d:b2:3d:
-                    2f:76:15:78:b5:33:62:ac:1e:6b:66:dd:27:61:0a:
-                    47:02:20:2b:57:bb:32:20:dd:06:4c:76:a4:9b:72:
-                    42:4c:9c:2c:76:72:12:1f:4b:df:1e:11:1f:a9:06:
-                    54:dc:88:12:b0:49:d5:40:83:ef:7e:48:43:86:7a:
-                    37:a6:c1:d7:9b:fe:08:34:98:e0:54:3c:30:4f:79:
-                    15:29
+                    00:ce:a0:3d:3c:a4:bb:4f:a1:4f:91:0d:05:ac:5b:
+                    8a:15:7f:d7:aa:0c:a3:a7:9f:b2:c7:26:9d:65:28:
+                    b1:84:d3:a0:ef:9e:b1:45:0f:33:df:98:6e:71:ff:
+                    2b:66:9c:9c:c1:25:13:27:42:b6:20:46:e7:e7:47:
+                    a1:88:47:c2:9e:e2:45:25:99:9f:f9:28:1a:9a:13:
+                    67:5d:3e:b3:b8:fe:40:25:ac:26:49:46:2c:03:43:
+                    83:67:d8:0f:41:ae:2e:f4:d8:71:60:3c:8e:e7:91:
+                    d0:bb:2c:ca:12:da:71:1a:7b:e3:fa:8c:8f:c3:bb:
+                    62:55:89:b3:bf:85:45:01:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
@@ -37,46 +28,42 @@ Certificate:
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
-                26:0C:90:BC:97:12:9E:43:BB:5E:FE:EB:A9:66:B3:C3:EE:B2:18:CB
+                5A:73:74:8E:14:29:C3:FB:B4:19:0F:97:8F:AA:6F:E1:E1:A8:F7:5B
            X509v3 Authority Key Identifier: 
-                keyid:94:65:A1:A3:87:CF:BF:C1:74:BB:D8:84:97:B6:6B:EE:B2:90:73:B2
+                keyid:C7:2C:01:95:1A:F5:3E:CD:04:A6:24:35:35:04:D9:A7:16:01:2A:79

-    Signature Algorithm: sha256WithRSAEncryption
-         3e:3c:1f:6c:5b:83:d1:71:15:f5:45:52:fc:7f:67:bc:af:c5:
-         92:f5:74:78:13:43:3c:fe:b5:61:bf:00:47:43:45:a0:b9:dd:
-         a1:10:0c:29:69:2a:6f:7d:67:3d:1e:09:b5:15:74:bf:73:11:
-         e6:e9:09:b6:6b:b5:cc:1e:06:fd:bd:3a:11:d3:44:bd:ca:7a:
-         a1:f1:09:43:fc:bf:83:89:3a:b1:18:40:f3:cf:6d:12:ef:6e:
-         0c:b7:a4:99:03:8a:4f:0c:3c:2c:23:78:35:2a:99:ea:de:9c:
-         1b:e8:8d:19:fb:44:80:13:89:81:c5:05:4b:a7:66:6b:c0:31:
-         41:f0:6c:60:aa:ec:d3:4c:ff:c1:3b:d5:bb:0d:42:7d:37:5e:
-         80:e7:9c:7e:60:90:0f:a4:4e:70:20:9c:b1:e4:1b:70:65:b0:
-         ef:bb:41:16:ed:ad:46:ce:34:d3:02:3d:dd:e2:50:fa:3c:5d:
-         f0:e2:71:f8:9a:ef:a3:32:25:c5:8e:64:f4:46:e1:f4:c0:69:
-         d2:34:56:8d:d9:c2:6e:b6:55:3b:6a:4d:b6:d2:84:ab:85:7b:
-         cb:fd:b4:73:40:ba:5d:49:e2:0d:39:77:17:01:49:bb:72:8b:
-         3a:c9:b1:e2:cd:13:d2:9c:ce:7d:6c:a8:f0:32:c9:a4:af:56:
-         6f:8a:e6:88
+    Signature Algorithm: sha1WithRSAEncryption
+         32:42:4b:36:44:a5:6c:fb:70:d8:08:2b:cb:16:34:15:db:39:
+         60:7b:7e:b4:4a:bc:fb:e5:16:04:97:0d:eb:f5:68:95:da:2f:
+         23:57:4c:c9:29:2b:d1:1b:1b:9f:bd:f4:79:75:df:62:7f:63:
+         b4:84:7a:95:5c:c4:ee:f3:77:16:e4:0b:8a:5e:c9:64:bd:7c:
+         04:50:ac:ff:9a:41:6b:b1:6a:9f:cd:45:10:72:83:10:8a:26:
+         1d:7f:6c:84:34:5a:41:79:72:91:ee:87:5d:1d:3a:55:ff:91:
+         7e:52:85:ff:42:41:eb:76:56:23:e5:bc:bc:79:b1:aa:4e:4c:
+         bf:7b:df:63:8b:1a:3c:4b:01:72:89:35:bb:0d:92:97:16:6e:
+         ae:50:cb:89:ee:c6:7a:d0:d3:32:22:0f:19:33:1e:ee:ff:41:
+         a5:a1:25:c5:4c:ce:8f:98:4c:b5:2c:1f:ec:cc:f1:21:e2:3a:
+         ff:7d:6a:87:fe:89:fd:2c:20:3e:fb:9b:b8:c0:f9:09:99:ce:
+         45:63:82:09:1c:bb:79:d8:a8:40:21:46:c7:ae:3e:dd:89:9d:
+         56:46:4a:f4:ed:7d:5b:a6:1e:a6:1b:26:f9:ec:26:b4:51:3a:
+         87:b6:50:13:84:33:22:1a:8a:20:c5:44:64:b8:bb:de:32:ec:
+         6b:58:db:17
 -----BEGIN CERTIFICATE-----
-MIIDyDCCArCgAwIBAgIJAOG0pVw936YVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEP
-MA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVNeVNRTDELMAkGA1UEAwwCQ0EwHhcN
-MTQxMjA1MDQ0OTIzWhcNMjkxMjAxMDQ0OTIzWjBnMQswCQYDVQQGEwJTRTESMBAG
-A1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xDzANBgNVBAoMBk9y
-YWNsZTEOMAwGA1UECwwFTXlTUUwxDzANBgNVBAMMBkNsaWVudDCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMjRof6kjPMbF3EbdDUR4A5sQAr7wPfw67vJ
-HaHH17CK9vHP+mvQeWTru2mlDYAG31IU0oUyz7/OKkcoW80LKKu7BzPVi9O0csSm
-tcw3uQOoeFYlWB8XMHzRCrvsPKMDkJeZkkmus1eWXBrp6AIjrsjJBVBj5XehmnMG
-dA5GUCjYyU/EHDe4UhgLrxkr1OVmdKTz8NoJMPe8DMmbzlcGBCfloS8roLq3mWmd
-RvwhtkWBnbI9L3YVeLUzYqwea2bdJ2EKRwIgK1e7MiDdBkx2pJtyQkycLHZyEh9L
-3x4RH6kGVNyIErBJ1UCD735IQ4Z6N6bB15v+CDSY4FQ8ME95FSkCAwEAAaN7MHkw
-CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
-dGlmaWNhdGUwHQYDVR0OBBYEFCYMkLyXEp5Du17+66lms8PushjLMB8GA1UdIwQY
-MBaAFJRloaOHz7/BdLvYhJe2a+6ykHOyMA0GCSqGSIb3DQEBCwUAA4IBAQA+PB9s
-W4PRcRX1RVL8f2e8r8WS9XR4E0M8/rVhvwBHQ0Wgud2hEAwpaSpvfWc9Hgm1FXS/
-cxHm6Qm2a7XMHgb9vToR00S9ynqh8QlD/L+DiTqxGEDzz20S724Mt6SZA4pPDDws
-I3g1Kpnq3pwb6I0Z+0SAE4mBxQVLp2ZrwDFB8GxgquzTTP/BO9W7DUJ9N16A55x+
-YJAPpE5wIJyx5BtwZbDvu0EW7a1GzjTTAj3d4lD6PF3w4nH4mu+jMiXFjmT0RuH0
-wGnSNFaN2cJutlU7ak220oSrhXvL/bRzQLpdSeINOXcXAUm7cos6ybHizRPSnM59
-bKjwMsmkr1ZviuaI
+MIIDHjCCAgagAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQ8wDQYDVQQDDAZjYWNl
+cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs
+c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMTUwNDI1MTQ1NTE2WhcNMzUwNDIw
+MTQ1NTE2WjBWMQswCQYDVQQGEwJGSTERMA8GA1UECAwISGVsc2lua2kxETAPBgNV
+BAcMCEhlbHNpbmtpMRAwDgYDVQQKDAdNYXJpYURCMQ8wDQYDVQQDDAZjbGllbnQw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM6gPTyku0+hT5ENBaxbihV/16oM
+o6efsscmnWUosYTToO+esUUPM9+YbnH/K2acnMElEydCtiBG5+dHoYhHwp7iRSWZ
+n/koGpoTZ10+s7j+QCWsJklGLANDg2fYD0GuLvTYcWA8jueR0LssyhLacRp74/qM
+j8O7YlWJs7+FRQFhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W
+HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRac3SOFCnD
+7QZD5ePqm/h4aj3WzAfBgNVHSMEGDAWgBTHLAGVGvU+zQSmJDU1BNmnFgEqeTAN
+BgkqhkiG9w0BAQUFAAOCAQEAMkJLNkSlbPtw2AgryxY0Fds5YHt+tEq8++UWBJcN
+6/VoldovI1dMySkr0Rsbn730eXXfYn9jtIR6lVzE7vN3FuQLil7JZL18BFCs/5pB
+a7Fqn81FEHKDEIomHX9shDRaQXlyke6HXR06Vf+RflKF/0JB63ZWI+W8vHmxqk5M
+v3vfY4saPEsBcok1uw2SlxZurlDLie7GetDTMiIPGTMe7v9BpaElxUzOj5hMtSwf
+7MzxIeI6/31qh/6J/SwgPvubuMD5CZnORWOCCRy7edioQCFGx64+3YmdVkZK9O19
+W6Yephsm+ewmtFE6h7ZQE4QzIhqKIMVEZLi73jLsa1jbFw==
 -----END CERTIFICATE-----
--- a/mysql-test/std_data/client-key.pem
+++ b/mysql-test/std_data/client-key.pem
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAyNGh/qSM8xsXcRt0NRHgDmxACvvA9/Dru8kdocfXsIr28c/6
-a9B5ZOu7aaUNgAbfUhTShTLPv84qRyhbzQsoq7sHM9WL07RyxKa1zDe5A6h4ViVY
-HxcwfNEKu+w8owOQl5mSSa6zV5ZcGunoAiOuyMkFUGPld6GacwZ0DkZQKNjJT8Qc
-N7hSGAuvGSvU5WZ0pPPw2gkw97wMyZvOVwYEJ+WhLyugureZaZ1G/CG2RYGdsj0v
-dhV4tTNirB5rZt0nYQpHAiArV7syIN0GTHakm3JCTJwsdnISH0vfHhEfqQZU3IgS
-sEnVQIPvfkhDhno3psHXm/4INJjgVDwwT3kVKQIDAQABAoIBAFrliE2abbIcMSAh
-LRhYXvIoTVSrX0za39i/z4nKyvY98EjDurXSRyBHEy1eaB3q/mpIwoFH3oES8FAF
-FIha5K3Wmgv8PK42nzwjuWYWUsg1GULk5F4uQOQ+On2VEF0439m+yVhQmxyqEkac
-WUeenx6C3sTkcpkTrLUj1qQfb2kM6JmeGsXfJNFLP/U36x8Q6kp2089DxBFgVcFu
-W3ge24W08umDBKuZWIF5B9GX8JFzmbAwPT2KATppGeroX0+bo4KAts4F1dBKmbrm
-3815kqYnz+VqyWbw6AHUA7aw2TY6QIT1oHrm+EdfnOQZaf8d/2CHWlIZPmxB46Lz
-6zQTVgECgYEA/L9awju31alISm0WYOPZBBndIHsOve4iKcMmy85GTKSvV+cAvgAZ
-uQwabZi4ZYHYaa4LPF0hbTb5IdV6krQzGYXpAjlwaarW0Zx4VoQIErWyji79OnFD
-QpbzIPGQiUAc0D7Gk7kJpwNmpgjyYcSkjEibF4cFEhDpTVlccbgxboUCgYEAy2c0
-tIfKiu1hwo/8UdcO4LQ6LWJdbIDdNU45HCk/IhIe4FrB0pXnk1yIBBn0ezY7Mgzy
-USYlfPTjFmnQOFF/6bHyGmeB4YTYamlTDuHlUUdH76brCZ3ywUlqpToiAPJFjx36
-nTNjo8JLF7eyjMOy4uN6eJzzS7OP9GwsHllux1UCgYBeFLCo+me8va2uHpsk58th
-TmtUatoa8uh+mSj41kiuwOKQGunYz9rDWfEAeMey6TlwZRvDlXsa10q3QGrG7xLS
-XllUvaLNgo1CKzdUJQOIS2AysuUJ+x0pTV0lFyZRIK9ZCPUMCeXA6HAuP8hRgkwp
-9+DbSiQmDGt7olbZ8dFcrQKBgQCOFzzUWH//aTD/z8H+EfQMuRpjFfIZmDPvxwNS
-TuYRkQMMy5nW2G17ngpOgyss34eewTiNw84waoow4B5bGWP4Bx0PoPs0Za8hNw6U
-uO2PR/JS0hIjF7m7mOPtJJ0YeCZrgg/OvVV/0nzOxr7uYs+WfD7T/yBe48NOhjqT
-wPoIOQKBgGRLd3G8b0AbPTv4NVwzIl3xKHCKYd1EcBbfyPWjAZ8+BagEPK8mJfOt
-MXkMrSKOq6ShEfzRsdJna7eI0te3zNXXFu/G3IHQZUdC0RtksW5T9tXvASRN3wnX
-+aaoIM1q/KUgfH0TF/1pQPHFSUfFrGyLDiCDUu1sJ2ijULr5rZES
+MIICXAIBAAKBgQDOoD08pLtPoU+RDQWsW4oVf9eqDKOnn7LHJp1lKLGE06DvnrFF
+DzPfmG5x/ytmnJzBJRMnQrYgRufnR6GIR8Ke4kUlmZ/5KBqaE2ddPrO4/kAlrCZJ
+RiwDQ4Nn2A9Bri702HFgPI7nkdC7LMoS2nEae+P6jI/Du2JVibO/hUUBYQIDAQAB
+AoGAa/FgLFcul3oA9BjmdtVXfMXNp8N0l3QhVFLC9P7eRjK8p5GysA4yHkQmpp0U
+UkXMykYRDHiYZqJEMhnEtEowzBmodi7go+gpwAR2eUKwESmJoBhPvqDJAbS/fL5D
+H2Wk6FGsdKoPhEpigWefu6ZqlX5GCGa601eMYLMR9i+6bbUCQQDspD4j2q8oihTU
+RQt/XpF1l+5ZRHjQOokwRekuHdq0powtNxZ+X3V8Qy8JbDRNCM2YtfKMX4gXAfZp
+JWs7HoPvAkEA34doY3AKxZSpXD84m4dnJ0/Ubfk3+tcC1EPYyDJ1DHpfz7fy6aoX
+z8TWCQXtSBGaEa9Dgbz+EFXuctLbUR8/rwJACDjIo+xEK69oe9uOQ7WgbiqCMH3N
+iMaP36p+KIkHAUHMGwIP+QIODewzpSsqQgbtRcIElFX5X3tE+XBAYoRz5wJAKH3/
+CwRg7ynfBDbvqjz9EsIDWWisG2SXvpwLyThau8fvU1GfT3Tgm2Ks4zWPpl6J6mo1
+cGssGwl2CJbp4+glQQJBAJAwvKufpB+M6OjvKh89GGsCEaV1ENJ41FPcQwJ2pjed
+Fcq28ZP59v7bfBH2IkNu3pfEzmvQnmRlTEtXGjNn+i8=
 -----END RSA PRIVATE KEY-----
--- a/mysql-test/std_data/server-cert.pem
+++ b/mysql-test/std_data/server-cert.pem
 Certificate:
    Data:
        Version: 3 (0x2)
-        Serial Number: 16263805969935345172 (0xe1b4a55c3ddfa614)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=SE, ST=Stockholm, L=Stockholm, O=Oracle, OU=MySQL, CN=CA
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
        Validity
-            Not Before: Dec  5 04:48:40 2014 GMT
-            Not After : Dec  1 04:48:40 2029 GMT
-        Subject: C=SE, ST=Stockholm, L=Stockholm, O=Oracle, OU=MySQL, CN=localhost
+            Not Before: Apr 25 14:55:05 2015 GMT
+            Not After : Apr 20 14:55:05 2035 GMT
+        Subject: C=FI, ST=state or province within country, in other certificates in this file it is the same as L, L=location, usually an address but often ambiguously used, O=organization name, typically a company name, OU=organizational unit name, a division name within an organization, CN=localhost
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
+                Public-Key: (1024 bit)
                Modulus:
-                    00:e9:20:e7:05:51:07:3a:48:b9:e2:62:a2:24:45:
-                    1f:f1:54:34:22:5c:62:86:9b:01:e8:c2:45:90:00:
-                    8d:4e:e4:a2:ea:e9:d7:b5:95:25:ce:18:ac:1a:4f:
-                    b3:e6:30:46:af:20:13:40:84:df:21:dc:df:09:e5:
-                    a0:7f:81:12:6e:1e:84:58:5c:a1:11:db:aa:b6:04:
-                    e0:fc:1e:0c:11:2e:f3:30:62:1a:f9:ee:df:fe:a3:
-                    d3:d6:83:6e:ad:e8:8d:98:89:b1:69:63:b8:72:f4:
-                    5a:e6:22:5e:73:64:95:ef:56:92:92:0b:e1:93:a5:
-                    d7:4c:41:47:e7:31:ed:09:68:b3:c5:6e:c1:1b:01:
-                    39:bb:f1:8f:bf:ba:f4:02:e2:e5:e5:9e:b7:d6:9a:
-                    b2:94:76:9b:48:d8:27:18:0e:9f:30:98:f5:9a:3e:
-                    23:e6:3b:4a:48:ee:a5:26:e8:80:94:37:e4:4a:ba:
-                    ff:9f:42:b9:32:dd:7a:9d:63:11:a8:25:99:b1:1f:
-                    86:e5:7c:b1:31:e3:12:11:0c:eb:f6:1d:02:4b:1d:
-                    34:cb:74:1d:7f:2f:40:c0:81:e2:04:d4:8e:ea:96:
-                    f8:22:35:8e:ab:b6:99:33:36:ef:b5:83:11:88:6d:
-                    06:0f:76:4d:bf:db:a8:df:6c:3c:91:e2:ba:73:a0:
-                    73:45
+                    00:aa:e6:54:bd:dd:52:1e:16:f7:24:52:37:58:2b:
+                    a7:af:49:e1:cd:75:2a:18:52:e1:48:f0:59:82:c0:
+                    7a:d9:66:b3:97:04:b3:77:f4:39:fd:d1:c0:1a:c5:
+                    a6:ab:44:84:d2:17:39:53:25:63:9b:c3:24:78:51:
+                    5c:77:6b:df:b4:82:1d:e4:43:f4:67:0a:5d:89:a2:
+                    fe:b0:ea:64:3a:1d:9d:49:78:c8:7f:79:a5:cd:45:
+                    4b:0c:ad:ae:4f:e2:d4:5d:ec:e8:73:06:ed:98:92:
+                    85:49:b2:9c:31:3b:44:38:5f:bb:5a:f1:68:84:a9:
+                    c3:5b:31:39:d4:47:98:38:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
@@ -37,46 +28,47 @@ Certificate:
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
-                E4:31:D8:D5:06:EA:C6:B3:A2:F6:01:39:8F:58:08:36:2C:7B:3F:DB
+                E5:72:8F:57:72:D6:75:63:28:7F:E2:BF:00:B7:1D:B8:AA:FE:94:59
            X509v3 Authority Key Identifier: 
-                keyid:94:65:A1:A3:87:CF:BF:C1:74:BB:D8:84:97:B6:6B:EE:B2:90:73:B2
+                keyid:C7:2C:01:95:1A:F5:3E:CD:04:A6:24:35:35:04:D9:A7:16:01:2A:79

-    Signature Algorithm: sha256WithRSAEncryption
-         46:ef:cd:bf:c1:ef:36:a9:cb:99:b5:be:e2:a7:ba:69:0d:f5:
-         9b:63:39:78:32:35:01:a8:b9:f1:70:0e:b5:d1:8f:94:2e:7a:
-         cb:65:d4:d0:b4:ad:52:b8:51:5f:64:2e:a8:08:a5:71:fe:c2:
-         35:8a:0d:28:26:e5:be:ca:d7:f4:79:54:e1:27:8f:87:92:d3:
-         04:72:1b:cc:c4:7f:8b:26:09:92:2d:c8:6f:27:da:97:31:80:
-         0f:83:84:9c:e0:a4:88:c9:e3:8f:35:e7:de:bd:31:e2:fa:52:
-         83:de:ee:5c:60:6e:8f:a5:8d:5e:53:41:18:42:f3:03:0b:05:
-         0b:59:09:42:2e:1b:0b:29:b3:fe:11:3b:d5:ad:3f:4d:24:e8:
-         c0:da:4c:0d:93:94:ec:cd:18:0f:66:cd:03:d3:ee:a0:b2:7f:
-         64:d7:39:66:19:72:9f:64:43:38:b4:b6:b3:ea:6f:39:e7:09:
-         98:90:9f:6c:f5:e8:b3:2e:09:8d:7b:76:65:30:f4:c4:9b:8e:
-         10:4e:9b:8c:93:63:44:9d:2b:8a:f3:f0:cf:f8:7b:65:95:38:
-         fb:b4:92:e8:6c:11:03:a2:a2:2f:ea:e0:22:b7:cd:cf:0d:a5:
-         91:23:14:47:0c:34:8f:f1:11:cc:e8:1e:37:53:ec:a1:01:81:
-         20:c0:2c:f5
+    Signature Algorithm: sha1WithRSAEncryption
+         88:44:46:fa:7d:16:ae:9d:16:5b:95:26:03:3c:71:f4:29:3d:
+         df:cb:f4:14:20:9f:87:24:b4:29:17:2d:7a:12:48:76:ac:00:
+         44:26:ba:93:83:ad:58:7e:b7:77:e4:b0:32:0d:e5:dd:fb:cc:
+         0e:9b:88:e0:24:82:e4:41:43:47:5a:4e:d3:b4:5b:47:4b:57:
+         eb:67:02:63:bb:dd:05:12:f5:95:01:0b:89:81:ca:c2:91:14:
+         21:9a:9e:c9:84:91:46:35:0e:26:44:1e:91:88:74:4f:fe:d3:
+         19:9e:65:fa:46:e2:46:04:ad:91:79:4c:70:1b:68:b2:49:e9:
+         6c:f4:58:44:3b:43:15:85:56:64:1b:84:74:49:95:9f:cd:93:
+         9d:8e:69:ab:ca:46:97:b6:74:e9:2a:83:85:62:cd:e5:be:c3:
+         52:bd:cf:90:cc:60:27:76:ee:1b:3c:da:69:73:e2:11:68:14:
+         dc:7d:9f:b8:6f:20:a2:0c:b7:8e:33:40:89:d1:a3:89:e2:60:
+         6a:ec:b5:9f:e8:c5:55:10:40:b2:95:5e:54:8a:10:8e:d5:90:
+         d9:98:86:d8:f9:b6:01:41:8c:d7:0d:0e:86:0e:50:6d:a2:64:
+         00:2a:91:5e:35:64:15:e3:86:34:3a:39:eb:0f:4f:56:c7:15:
+         4c:74:2e:91
 -----BEGIN CERTIFICATE-----
-MIIDyzCCArOgAwIBAgIJAOG0pVw936YUMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEP
-MA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVNeVNRTDELMAkGA1UEAwwCQ0EwHhcN
-MTQxMjA1MDQ0ODQwWhcNMjkxMjAxMDQ0ODQwWjBqMQswCQYDVQQGEwJTRTESMBAG
-A1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xDzANBgNVBAoMBk9y
-YWNsZTEOMAwGA1UECwwFTXlTUUwxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkg5wVRBzpIueJioiRFH/FUNCJcYoab
-AejCRZAAjU7kourp17WVJc4YrBpPs+YwRq8gE0CE3yHc3wnloH+BEm4ehFhcoRHb
-qrYE4PweDBEu8zBiGvnu3/6j09aDbq3ojZiJsWljuHL0WuYiXnNkle9WkpIL4ZOl
-10xBR+cx7Qlos8VuwRsBObvxj7+69ALi5eWet9aaspR2m0jYJxgOnzCY9Zo+I+Y7
-SkjupSbogJQ35Eq6/59CuTLdep1jEaglmbEfhuV8sTHjEhEM6/YdAksdNMt0HX8v
-QMCB4gTUjuqW+CI1jqu2mTM277WDEYhtBg92Tb/bqN9sPJHiunOgc0UCAwEAAaN7
-MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
-Q2VydGlmaWNhdGUwHQYDVR0OBBYEFOQx2NUG6sazovYBOY9YCDYsez/bMB8GA1Ud
-IwQYMBaAFJRloaOHz7/BdLvYhJe2a+6ykHOyMA0GCSqGSIb3DQEBCwUAA4IBAQBG
-782/we82qcuZtb7ip7ppDfWbYzl4MjUBqLnxcA610Y+ULnrLZdTQtK1SuFFfZC6o
-CKVx/sI1ig0oJuW+ytf0eVThJ4+HktMEchvMxH+LJgmSLchvJ9qXMYAPg4Sc4KSI
-yeOPNefevTHi+lKD3u5cYG6PpY1eU0EYQvMDCwULWQlCLhsLKbP+ETvVrT9NJOjA
-2kwNk5TszRgPZs0D0+6gsn9k1zlmGXKfZEM4tLaz6m855wmYkJ9s9eizLgmNe3Zl
-MPTEm44QTpuMk2NEnSuK8/DP+HtllTj7tJLobBEDoqIv6uAit83PDaWRIxRHDDSP
-8RHM6B43U+yhAYEgwCz1
+MIIEETCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQ8wDQYDVQQDDAZjYWNl
+cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs
+c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMTUwNDI1MTQ1NTA1WhcNMzUwNDIw
+MTQ1NTA1WjCCAUcxCzAJBgNVBAYTAkZJMWEwXwYDVQQIDFhzdGF0ZSBvciBwcm92
+aW5jZSB3aXRoaW4gY291bnRyeSwgaW4gb3RoZXIgY2VydGlmaWNhdGVzIGluIHRo
+aXMgZmlsZSBpdCBpcyB0aGUgc2FtZSBhcyBMMUAwPgYDVQQHDDdsb2NhdGlvbiwg
+dXN1YWxseSBhbiBhZGRyZXNzIGJ1dCBvZnRlbiBhbWJpZ3VvdXNseSB1c2VkMTQw
+MgYDVQQKDCtvcmdhbml6YXRpb24gbmFtZSwgdHlwaWNhbGx5IGEgY29tcGFueSBu
+YW1lMUkwRwYDVQQLDEBvcmdhbml6YXRpb25hbCB1bml0IG5hbWUsIGEgZGl2aXNp
+b24gbmFtZSB3aXRoaW4gYW4gb3JnYW5pemF0aW9uMRIwEAYDVQQDDAlsb2NhbGhv
+c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrmVL3dUh4W9yRSN1grp69J
+4c11KhhS4UjwWYLAetlms5cEs3f0Of3RwBrFpqtEhNIXOVMlY5vDJHhRXHdr37SC
+HeRD9GcKXYmi/rDqZDodnUl4yH95pc1FSwytrk/i1F3s6HMG7ZiShUmynDE7RDhf
+u1rxaISpw1sxOdRHmDhVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN
+BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTlco9X
+ctZ1Yyh/4r8Atx24qv6UWTAfBgNVHSMEGDAWgBTHLAGVGvU+zQSmJDU1BNmnFgEq
+eTANBgkqhkiG9w0BAQUFAAOCAQEAiERG+n0Wrp0WW5UmAzxx9Ck938v0FCCfhyS0
+KRctehJIdqwARCa6k4OtWH63d+SwMg3l3fvMDpuI4CSC5EFDR1pO07RbR0tX62cC
+Y7vdBRL1lQELiYHKwpEUIZqeyYSRRjUOJkQekYh0T/7TGZ5l+kbiRgStkXlMcBto
+sknpbPRYRDtDFYVWZBuEdEmVn82TnY5pq8pGl7Z06SqDhWLN5b7DUr3PkMxgJ3bu
+GzzaaXPiEWgU3H2fuG8gogy3jjNAidGjieJgauy1n+jFVRBAspVeVIoQjtWQ2ZiG
+2Pm2AUGM1w0Ohg5QbaJkACqRXjVkFeOGNDo56w9PVscVTHQukQ==
 -----END CERTIFICATE-----
--- a/mysql-test/std_data/server-key.pem
+++ b/mysql-test/std_data/server-key.pem
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6SDnBVEHOki54mKiJEUf8VQ0IlxihpsB6MJFkACNTuSi6unX
-tZUlzhisGk+z5jBGryATQITfIdzfCeWgf4ESbh6EWFyhEduqtgTg/B4MES7zMGIa
-+e7f/qPT1oNureiNmImxaWO4cvRa5iJec2SV71aSkgvhk6XXTEFH5zHtCWizxW7B
-GwE5u/GPv7r0AuLl5Z631pqylHabSNgnGA6fMJj1mj4j5jtKSO6lJuiAlDfkSrr/
-n0K5Mt16nWMRqCWZsR+G5XyxMeMSEQzr9h0CSx00y3Qdfy9AwIHiBNSO6pb4IjWO
-q7aZMzbvtYMRiG0GD3ZNv9uo32w8keK6c6BzRQIDAQABAoIBAQDUbdzVJV6Wp4pq
-VUI2Fp7iwr22ycQlr71voQbODxK0XvZtZKPgnIWUZTr9xr7A9CCUl3+zfN/t9Vtv
-o0Q6qxxmJ3ylH9LNeQL3VT7FvYN1bPjAj8TRFfAaEqKHh8AkzBGqe12kEPAUH8Fs
-jsjOEUvmiVaJqjXk2mty2tFwRDggJwCrN5bXkhkzwhDcMfH2Wgc4c4XkyUrciJQU
-ua4d0L354B3UmRYtrzwPr6WHLXCGPGhyWvXYpDjjdUGMVf2YcBSQdABF+mhCEb2b
-NP4dYUqKHjKn6p4B1/qfJtf0c9Lz229nz0WTzanmpXaNxQVce0sTbktp5A3itT+m
-NlQfDNoBAoGBAPvqSK7NqCrvFYEo+Cvl6fOhq9li2zAeaYO7D+AKiWSJzG9KK/Ts
-F+28nnWkBEdzAnmgWZ7UZlUwHqF6DNIGn+RLHDJ2MVRrZug2irCR8g2mxcHk2dss
-DcmUtsatjCbjLqVCcyuuQylP2GWK60JmRbdKEOfpHLntzGStpOhn5FPBAoGBAOzo
-okk2FWZlymJTkN2HYTqvUCYINDciTDm/ms7YGC6YKdDJ8PUVq6qJ2GO/M+zGPQtV
-A+qFWqx1kk3K5uLPnZLCPLORXPIm0X1ZGreG+rHsrJTnP6uh9OxrTyLNkvt6xcm7
-yA51QOWTuRbYhPwy05IqT3Z88HkHByMKr4xafPCFAoGADff1w8ufkZHkTV8qM7Tx
-/hJu5wT2RnrJOwa6YJ/08mA5t8oTGeelhAc7eiZ4HkYgUwIzNf1tFzgt2qJb56F6
-aDxJ+fpXzeiOsj2j/xp4o40l1hSMh/yvXwgiAm5JITbjtUI0BK4LB1VoGGlVlj75
-iqpOua1RbHXlKYf/Zuur24ECgYEAqXDFSWmGKsOY2XR9QwQltUxYHat2dQxxykfR
-GCmUOhcYqT0VuqSyL/oBK25AXBN465b1gxG3xWsdpcf+FLB7OdD0i1XnTUYYRPeq
-1SKUQRdOY/11G3Ntcn5ZjkHL41NvDRbiQfz42noqQj2/94T+rybVyKAZeeZd42Es
-J0082OUCgYEAnguGJxhfSryD3a2kAQ/6s+L303rgXkRt+/luoopdm7vu2AcnaP7L
-aK4dCDusp/DZyGn8/ebDCGNIaVEMJVHAPLFbhJA9E9HCjfC33RdklCO/aGDtXsiq
-kzg3mqPHTCPCpmpr5YAtuLONczP1qgB04/vqb2S5eANC+5k6mEifu2U=
+MIICXAIBAAKBgQCq5lS93VIeFvckUjdYK6evSeHNdSoYUuFI8FmCwHrZZrOXBLN3
+9Dn90cAaxaarRITSFzlTJWObwyR4UVx3a9+0gh3kQ/RnCl2Jov6w6mQ6HZ1JeMh/
+eaXNRUsMra5P4tRd7OhzBu2YkoVJspwxO0Q4X7ta8WiEqcNbMTnUR5g4VQIDAQAB
+AoGAblQWXyBzdBN1Z5BgRF6ieYpj6OT70QoogJMR5lRmutUPma4iQo17pr3znBT/
+nU+1w3/UtTXNEXCwqbA01q/gkbP2PaW/sbHLVow1B7u/o42WW6I3Btnl3ClnCNjD
+Mo7/Gj027hhp7mC61r81JeJVh8fJUgxdNqoH7AkDnA+FJAECQQDjIl3k6W2P+bHb
+bp+8eyY7ITQbppZh+3hFJKRL7DZKFYL5J6gejiBURnG9DKnhoSP2nqzqdrRhWZhB
+ZHr+ciEBAkEAwJ5rMpFoIwRzgPD4Q4iSqHcBbFcJE7dK1XLq6MYUVNQGfDU8pBvI
+EocXphpsJ8CbR35dGDY19rmO2LjG3RBDVQJAetRN9Inrjw2YCjNzvKjYTuew1zcq
+YghszO94zfoKjdu+PWEdwJBZmVmTDoo3oGXVHfxHRHA3MeISvWJKRSmRAQJAHL9H
+9msXJKrEZkkQdFvMr5HbR4UR2LxxUbvt7UGqxSJDuYPkggWXbZR15hdpbuFjC1+D
+m1pz4Ve+RwAExfdoZQJBANfmuWtlLU+SMpDG4zOyC7u4dz+TtnEOfDUECFNZtqvU
+MWz98MIXAjiBDYU1Z0BrA7b0/FVsPR3t6JZFQWWI2y8=
 -----END RSA PRIVATE KEY-----
--- a/mysql-test/std_data/server8k-cert.pem
+++ b/mysql-test/std_data/server8k-cert.pem
--- a/mysql-test/std_data/server8k-key.pem
+++ b/mysql-test/std_data/server8k-key.pem
--- a/mysql-test/t/openssl_1.test
+++ b/mysql-test/t/openssl_1.test
@@ -15,8 +15,8 @@ insert into t1 values (5);

 grant select on test.* to ssl_user1@localhost require SSL;
 grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
-grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client";
-grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client" ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
+grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client";
+grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB";
 grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
 flush privileges;


--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1885,7 +1885,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
  SSL *ssl;
  X509 *server_cert;
  char *cp1, *cp2;
-  char buf[256];
+  char *buf;
  DBUG_ENTER("ssl_verify_server_cert");
  DBUG_PRINT("enter", ("server_hostname: %s", server_hostname));

@@ -1919,9 +1919,15 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
    are what we expect.
  */

-  X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
+  buf= X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0);
  X509_free (server_cert);

+  if (!buf)
+  {
+    *errptr= "Out of memory";
+    DBUG_RETURN(1);
+  }
+
  DBUG_PRINT("info", ("hostname in cert: %s", buf));
  cp1= strstr(buf, "/CN=");
  if (cp1)
@@ -1934,11 +1940,13 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
    DBUG_PRINT("info", ("Server hostname in cert: %s", cp1));
    if (!strcmp(cp1, server_hostname))
    {
+      free(buf);
      /* Success */
      DBUG_RETURN(0);
    }
  }
  *errptr= "SSL certificate validation failure";
+  free(buf);
  DBUG_RETURN(1);
 }