Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
d66ac949
Commit
d66ac949
authored
Apr 12, 2006
by
msvensson@neptunus.(none)
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix up patch
parent
e5712d84
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
13 additions
and
80 deletions
+13
-80
sql-common/client.c
sql-common/client.c
+1
-67
vio/viossl.c
vio/viossl.c
+12
-12
vio/viosslfactories.c
vio/viosslfactories.c
+0
-1
No files found.
sql-common/client.c
View file @
d66ac949
...
...
@@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods=
#endif
};
int
ssl_verify_server_cert
(
Vio
*
vio
,
const
char
*
server_host
)
{
SSL
*
ssl
;
X509
*
server_cert
;
char
*
cp1
,
*
cp2
;
char
buf
[
256
];
DBUG_ENTER
(
"ssl_verify_server_cert"
);
DBUG_PRINT
(
"enter"
,
(
"server_host: %s"
,
server_host
));
if
(
!
(
ssl
=
(
SSL
*
)
vio
->
ssl_arg
))
{
DBUG_PRINT
(
"error"
,
(
"No SSL pointer found"
));
return
1
;
}
if
(
!
server_host
)
{
DBUG_PRINT
(
"error"
,
(
"No server hostname supplied"
));
return
1
;
}
if
(
!
(
server_cert
=
SSL_get_peer_certificate
(
ssl
)))
{
DBUG_PRINT
(
"error"
,
(
"Could not get server certificate"
));
return
1
;
}
/*
We already know that the certificate exchanged was valid; the SSL library
handled that. Now we need to verify that the contents of the certificate
are what we expect.
*/
X509_NAME_oneline
(
X509_get_subject_name
(
server_cert
),
buf
,
sizeof
(
buf
));
X509_free
(
server_cert
);
// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing
DBUG_PRINT
(
"info"
,
(
"hostname in cert: %s"
,
buf
));
cp1
=
strstr
(
buf
,
"/CN="
);
if
(
cp1
)
{
cp1
+=
4
;
// Skip the "/CN=" that we found
cp2
=
strchr
(
cp1
,
'/'
);
if
(
cp2
)
*
cp2
=
'\0'
;
DBUG_PRINT
(
"info"
,
(
"Server hostname in cert: "
,
cp1
));
if
(
!
strcmp
(
cp1
,
server_host
))
{
/* Success */
DBUG_RETURN
(
0
);
}
}
DBUG_PRINT
(
"error"
,
(
"SSL certificate validation failure"
));
DBUG_RETURN
(
1
);
}
MYSQL
*
CLI_MYSQL_REAL_CONNECT
(
MYSQL
*
mysql
,
const
char
*
host
,
const
char
*
user
,
const
char
*
passwd
,
const
char
*
db
,
...
...
@@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
}
DBUG_PRINT
(
"info"
,
(
"IO layer change done!"
));
#if 0
/* Verify server cert */
if (mysql->options.ssl_verify_cert &&
ssl_verify_server_cert(mysql->net.vio, mysql->host))
{
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
goto error;
}
#endif
/* TODO Verify server cert */
}
#endif
/* HAVE_OPENSSL */
...
...
vio/viossl.c
View file @
d66ac949
...
...
@@ -54,12 +54,12 @@ static void
report_errors
()
{
unsigned
long
l
;
const
char
*
file
;
const
char
*
data
;
int
line
,
flags
;
const
char
*
file
;
const
char
*
data
;
int
line
,
flags
;
DBUG_ENTER
(
"report_errors"
);
while
((
l
=
ERR_get_error_line_data
(
&
file
,
&
line
,
&
data
,
&
flags
)))
while
((
l
=
ERR_get_error_line_data
(
&
file
,
&
line
,
&
data
,
&
flags
)))
{
char
buf
[
512
];
DBUG_PRINT
(
"error"
,
(
"OpenSSL: %s:%s:%d:%s
\n
"
,
ERR_error_string
(
l
,
buf
),
...
...
@@ -70,7 +70,7 @@ report_errors()
}
int
vio_ssl_read
(
Vio
*
vio
,
gptr
buf
,
int
size
)
int
vio_ssl_read
(
Vio
*
vio
,
gptr
buf
,
int
size
)
{
int
r
;
DBUG_ENTER
(
"vio_ssl_read"
);
...
...
@@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
}
int
vio_ssl_write
(
Vio
*
vio
,
const
gptr
buf
,
int
size
)
int
vio_ssl_write
(
Vio
*
vio
,
const
gptr
buf
,
int
size
)
{
int
r
;
DBUG_ENTER
(
"vio_ssl_write"
);
...
...
@@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
}
int
vio_ssl_close
(
Vio
*
vio
)
int
vio_ssl_close
(
Vio
*
vio
)
{
int
r
=
0
;
SSL
*
ssl
=
(
SSL
*
)
vio
->
ssl_arg
;
SSL
*
ssl
=
(
SSL
*
)
vio
->
ssl_arg
;
DBUG_ENTER
(
"vio_ssl_close"
);
if
(
ssl
)
...
...
@@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio)
}
int
sslaccept
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
int
sslaccept
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
{
SSL
*
ssl
;
X509
*
client_cert
;
X509
*
client_cert
;
my_bool
unused
;
my_bool
net_blocking
;
enum
enum_vio_type
old_type
;
...
...
@@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
}
int
sslconnect
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
int
sslconnect
(
struct
st_VioSSLFd
*
ptr
,
Vio
*
vio
,
long
timeout
)
{
SSL
*
ssl
;
X509
*
server_cert
;
...
...
@@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
}
int
vio_ssl_blocking
(
Vio
*
vio
__attribute__
((
unused
)),
int
vio_ssl_blocking
(
Vio
*
vio
__attribute__
((
unused
)),
my_bool
set_blocking_mode
,
my_bool
*
old_mode
)
{
...
...
vio/viosslfactories.c
View file @
d66ac949
...
...
@@ -209,7 +209,6 @@ static void check_ssl_init()
}
#ifdef __NETWARE__
/* MASV, should it be done everytime? */
netware_ssl_init
();
#endif
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment