From 0dfa0eef596ee677b55976793d632dc9b36928c7 Mon Sep 17 00:00:00 2001 From: Oleksandr Byelkin Date: Sun, 15 Nov 2015 10:44:20 +0100 Subject: [PATCH] MDEV-8957 [PATCH] Useless ssl_ctx_set_tmp_dh call in libmysql Accepted patch of Georg: do not setup Differ-Hellman parameters on client. --- vio/viosslfactories.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 96275b95f68..ca4669f81ba 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -259,14 +259,17 @@ new_VioSSLFd(const char *key_file, const char *cert_file, } /* DH stuff */ - dh=get_dh2048(); - if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh)) + if (!is_client_method) { - *error= SSL_INITERR_DH; - goto err3; - } + dh=get_dh2048(); + if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh)) + { + *error= SSL_INITERR_DH; + goto err3; + } - DH_free(dh); + DH_free(dh); + } DBUG_PRINT("exit", ("OK 1"));