mirror of
https://github.com/MariaDB/server.git
synced 2025-01-26 08:44:33 +01:00
6cbf0f55e1
The patch "mysql-chain-certs.patch" needs to be adapted to code changes in "vio/viosslfactories.c" which were done in MySQL 5.5. Then, the patch can be re-enabled in the spec file.
45 lines
1.8 KiB
Diff
45 lines
1.8 KiB
Diff
Fix things so that chains of certificates work in the server and client
|
|
certificate files.
|
|
|
|
This only really works for OpenSSL-based builds, as yassl is unable to read
|
|
multiple certificates from a file. The patch below to yassl/src/ssl.cpp
|
|
doesn't fix that, but just arranges that the viosslfactories.c patch won't
|
|
have any ill effects in a yassl build. Since we don't use yassl in Red Hat/
|
|
Fedora builds, I'm not feeling motivated to try to fix yassl for this.
|
|
|
|
See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158
|
|
|
|
===
|
|
|
|
Joerg Bruehe, MySQL Build Team at Oracle: First patch adapted to code changes in MySQL 5.5
|
|
|
|
|
|
diff -Naur mysql-5.5.29.orig/vio/viosslfactories.c mysql-5.5.29/vio/viosslfactories.c
|
|
--- mysql-5.5.29.orig/vio/viosslfactories.c 2010-05-06 11:28:07.000000000 -0400
|
|
+++ mysql-5.5.29/vio/viosslfactories.c 2010-05-26 23:23:46.000000000 -0400
|
|
@@ -106,7 +106,7 @@
|
|
key_file= cert_file;
|
|
|
|
if (cert_file &&
|
|
- SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
|
|
+ SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
|
|
{
|
|
*error= SSL_INITERR_CERT;
|
|
DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
|
|
diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp
|
|
--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp 2010-05-06 11:24:26.000000000 -0400
|
|
+++ mysql-5.1.47/extra/yassl/src/ssl.cpp 2010-05-26 23:29:13.000000000 -0400
|
|
@@ -1606,10 +1606,10 @@
|
|
}
|
|
|
|
|
|
- int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
|
|
+ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
|
|
{
|
|
- // TDOD:
|
|
- return SSL_SUCCESS;
|
|
+ // For the moment, treat like use_certificate_file
|
|
+ return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
|
|
}
|
|
|
|
|