Commit c7431de4 authored by cmiller@zippy.cornsilk.net's avatar cmiller@zippy.cornsilk.net

Merge zippy.cornsilk.net:/home/cmiller/work/mysql/release/mysql-5.0-release_mergable

into  zippy.cornsilk.net:/home/cmiller/work/mysql/release/mysql-5.0-release
parents df28e14b 89d759b9
...@@ -165,7 +165,6 @@ struct st_mysql_options { ...@@ -165,7 +165,6 @@ struct st_mysql_options {
char *ssl_ca; /* PEM CA file */ char *ssl_ca; /* PEM CA file */
char *ssl_capath; /* PEM directory of CA-s? */ char *ssl_capath; /* PEM directory of CA-s? */
char *ssl_cipher; /* cipher to use */ char *ssl_cipher; /* cipher to use */
my_bool ssl_verify_server_cert; /* if to verify server cert */
char *shared_memory_base_name; char *shared_memory_base_name;
unsigned long max_allowed_packet; unsigned long max_allowed_packet;
my_bool use_ssl; /* if to use SSL or not */ my_bool use_ssl; /* if to use SSL or not */
......
...@@ -134,8 +134,10 @@ enum enum_server_command ...@@ -134,8 +134,10 @@ enum enum_server_command
#define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */ #define CLIENT_TRANSACTIONS 8192 /* Client knows about transactions */
#define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */ #define CLIENT_RESERVED 16384 /* Old flag for 4.1 protocol */
#define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */ #define CLIENT_SECURE_CONNECTION 32768 /* New 4.1 authentication */
#define CLIENT_MULTI_STATEMENTS 65536 /* Enable/disable multi-stmt support */ #define CLIENT_MULTI_STATEMENTS (((ulong) 1) << 16) /* Enable/disable multi-stmt support */
#define CLIENT_MULTI_RESULTS 131072 /* Enable/disable multi-results */ #define CLIENT_MULTI_RESULTS (((ulong) 1) << 17) /* Enable/disable multi-results */
#define CLIENT_SSL_VERIFY_SERVER_CERT (((ulong) 1) << 30)
#define CLIENT_REMEMBER_OPTIONS (((ulong) 1) << 31) #define CLIENT_REMEMBER_OPTIONS (((ulong) 1) << 31)
#define SERVER_STATUS_IN_TRANS 1 /* Transaction has started */ #define SERVER_STATUS_IN_TRANS 1 /* Transaction has started */
......
...@@ -1502,7 +1502,6 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) , ...@@ -1502,7 +1502,6 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
mysql->options.ssl_ca= strdup_if_not_null(ca); mysql->options.ssl_ca= strdup_if_not_null(ca);
mysql->options.ssl_capath= strdup_if_not_null(capath); mysql->options.ssl_capath= strdup_if_not_null(capath);
mysql->options.ssl_cipher= strdup_if_not_null(cipher); mysql->options.ssl_cipher= strdup_if_not_null(cipher);
mysql->options.ssl_verify_server_cert= FALSE; /* Off by default */
#endif /* HAVE_OPENSSL */ #endif /* HAVE_OPENSSL */
DBUG_RETURN(0); DBUG_RETURN(0);
} }
...@@ -2162,7 +2161,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, ...@@ -2162,7 +2161,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
DBUG_PRINT("info", ("IO layer change done!")); DBUG_PRINT("info", ("IO layer change done!"));
/* Verify server cert */ /* Verify server cert */
if (mysql->options.ssl_verify_server_cert && if ((client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
ssl_verify_server_cert(mysql->net.vio, mysql->host)) ssl_verify_server_cert(mysql->net.vio, mysql->host))
{ {
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate); set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
...@@ -2909,7 +2908,10 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg) ...@@ -2909,7 +2908,10 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg)
mysql->reconnect= *(my_bool *) arg; mysql->reconnect= *(my_bool *) arg;
break; break;
case MYSQL_OPT_SSL_VERIFY_SERVER_CERT: case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
mysql->options.ssl_verify_server_cert= *(my_bool *) arg; if (!arg || test(*(uint*) arg))
mysql->options.client_flag|= CLIENT_SSL_VERIFY_SERVER_CERT;
else
mysql->options.client_flag&= ~CLIENT_SSL_VERIFY_SERVER_CERT;
break; break;
default: default:
DBUG_RETURN(1); DBUG_RETURN(1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment