mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-28 17:54:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-33592: Use X509v3 for compatibility with libraries

Browse source 
According to rfc5280, x509v3 was standardised in June 1996.

RusTLS only accepts v3 certificates rejected the v1 default.
(ref:
https://github.com/rustls/webpki/issues/29#issuecomment-1453783741)

It seems reasonable that all client libraries can accept v3.

X509_VERSION_3 has a fixed value of 2, but isn't defined in
OpenSSL-1.1.1.

Thanks Austin Bonander for the suggested patch.
This commit is contained in:
Daniel Black 2024-03-05 14:46:28 +11:00
parent 435a10e4dc
commit 24dd78e583
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
vio/viosslfactories.c
View file

@ -20,10 +20,15 @@
#ifdef HAVE_OPENSSL
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/x509.h>
static my_bool ssl_algorithms_added = FALSE;
static my_bool ssl_error_strings_loaded= FALSE;
#ifndef X509_VERSION_3
#define X509_VERSION_3 2
#endif
/* the function below was generated with "openssl dhparam -2 -C 2048" */
#ifndef HAVE_WOLFSSL
static
@ -125,6 +130,8 @@ static X509 *vio_gencert(EVP_PKEY *pkey)
if (!(x= X509_new()))
goto err;
if (!X509_set_version(x, X509_VERSION_3))
goto err;
if (!(name= X509_get_subject_name(x)))
goto err;
if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,