mirror of
https://github.com/MariaDB/server.git
synced 2025-01-29 02:05:57 +01:00
Fix up patch
sql-common/client.c: Remove the ssl_verify_server_cert will be added in separate patch vio/viossl.c: Fix coding standard vio/viosslfactories.c: Remove comment
This commit is contained in:
unknown
parent
6af90061f4
commit
c3babee88a
3 changed files with 13 additions and 80 deletions
|
|
@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods=
|
|||
#endif
|
||||
};
|
||||
|
||||
int ssl_verify_server_cert(Vio *vio, const char* server_host)
|
||||
{
|
||||
SSL *ssl;
|
||||
X509 *server_cert;
|
||||
char *cp1, *cp2;
|
||||
char buf[256];
|
||||
DBUG_ENTER("ssl_verify_server_cert");
|
||||
DBUG_PRINT("enter", ("server_host: %s", server_host));
|
||||
|
||||
if (!(ssl= (SSL*)vio->ssl_arg))
|
||||
{
|
||||
DBUG_PRINT("error", ("No SSL pointer found"));
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!server_host)
|
||||
{
|
||||
DBUG_PRINT("error", ("No server hostname supplied"));
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!(server_cert= SSL_get_peer_certificate(ssl)))
|
||||
{
|
||||
DBUG_PRINT("error", ("Could not get server certificate"));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
We already know that the certificate exchanged was valid; the SSL library
|
||||
handled that. Now we need to verify that the contents of the certificate
|
||||
are what we expect.
|
||||
*/
|
||||
|
||||
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
|
||||
X509_free (server_cert);
|
||||
|
||||
// X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing
|
||||
|
||||
DBUG_PRINT("info", ("hostname in cert: %s", buf));
|
||||
cp1 = strstr(buf, "/CN=");
|
||||
if (cp1)
|
||||
{
|
||||
cp1 += 4; // Skip the "/CN=" that we found
|
||||
cp2 = strchr(cp1, '/');
|
||||
if (cp2)
|
||||
*cp2 = '\0';
|
||||
DBUG_PRINT("info", ("Server hostname in cert: ", cp1));
|
||||
if (!strcmp(cp1, server_host))
|
||||
{
|
||||
/* Success */
|
||||
DBUG_RETURN(0);
|
||||
}
|
||||
}
|
||||
DBUG_PRINT("error", ("SSL certificate validation failure"));
|
||||
DBUG_RETURN(1);
|
||||
}
|
||||
|
||||
|
||||
MYSQL *
|
||||
CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
|
||||
const char *passwd, const char *db,
|
||||
|
|
@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
|
|||
}
|
||||
DBUG_PRINT("info", ("IO layer change done!"));
|
||||
|
||||
#if 0
|
||||
/* Verify server cert */
|
||||
if (mysql->options.ssl_verify_cert &&
|
||||
ssl_verify_server_cert(mysql->net.vio, mysql->host))
|
||||
{
|
||||
set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
|
||||
goto error;
|
||||
}
|
||||
#endif
|
||||
/* TODO Verify server cert */
|
||||
}
|
||||
#endif /* HAVE_OPENSSL */
|
||||
|
||||
|
|
|
|||
24
vio/viossl.c
24
vio/viossl.c
|
|
@ -54,12 +54,12 @@ static void
|
|||
report_errors()
|
||||
{
|
||||
unsigned long l;
|
||||
const char* file;
|
||||
const char* data;
|
||||
int line,flags;
|
||||
const char *file;
|
||||
const char *data;
|
||||
int line,flags;
|
||||
DBUG_ENTER("report_errors");
|
||||
|
||||
while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)))
|
||||
while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
|
||||
{
|
||||
char buf[512];
|
||||
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
|
||||
|
|
@ -70,7 +70,7 @@ report_errors()
|
|||
}
|
||||
|
||||
|
||||
int vio_ssl_read(Vio * vio, gptr buf, int size)
|
||||
int vio_ssl_read(Vio *vio, gptr buf, int size)
|
||||
{
|
||||
int r;
|
||||
DBUG_ENTER("vio_ssl_read");
|
||||
|
|
@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
|
|||
}
|
||||
|
||||
|
||||
int vio_ssl_write(Vio * vio, const gptr buf, int size)
|
||||
int vio_ssl_write(Vio *vio, const gptr buf, int size)
|
||||
{
|
||||
int r;
|
||||
DBUG_ENTER("vio_ssl_write");
|
||||
|
|
@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
|
|||
}
|
||||
|
||||
|
||||
int vio_ssl_close(Vio * vio)
|
||||
int vio_ssl_close(Vio *vio)
|
||||
{
|
||||
int r= 0;
|
||||
SSL* ssl= (SSL*)vio->ssl_arg;
|
||||
SSL *ssl= (SSL*)vio->ssl_arg;
|
||||
DBUG_ENTER("vio_ssl_close");
|
||||
|
||||
if (ssl)
|
||||
|
|
@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio)
|
|||
}
|
||||
|
||||
|
||||
int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
|
||||
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
|
||||
{
|
||||
SSL *ssl;
|
||||
X509* client_cert;
|
||||
X509 *client_cert;
|
||||
my_bool unused;
|
||||
my_bool net_blocking;
|
||||
enum enum_vio_type old_type;
|
||||
|
|
@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
|
|||
}
|
||||
|
||||
|
||||
int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
|
||||
int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
|
||||
{
|
||||
SSL *ssl;
|
||||
X509 *server_cert;
|
||||
|
|
@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
|
|||
}
|
||||
|
||||
|
||||
int vio_ssl_blocking(Vio * vio __attribute__((unused)),
|
||||
int vio_ssl_blocking(Vio *vio __attribute__((unused)),
|
||||
my_bool set_blocking_mode,
|
||||
my_bool *old_mode)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -209,7 +209,6 @@ static void check_ssl_init()
|
|||
}
|
||||
|
||||
#ifdef __NETWARE__
|
||||
/* MASV, should it be done everytime? */
|
||||
netware_ssl_init();
|
||||
#endif
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue