mirror of
https://github.com/MariaDB/server.git
synced 2025-01-31 02:51:44 +01:00
c7e68606c0
FOUND Description:- Failure during the validation of CA certificate path which is provided as an option for 'ssl-ca' returns two different errors for YaSSL and OPENSSL. Analysis:- 'ssl-ca', option used for specifying the ssl ca certificate path. Failing to validate this certificate with OPENSSL returns an error, "ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed". While YASSL returns "ERROR 2026 (HY000): SSL connection error: ASN: bad other signature confirmation". Error returned by the OPENSSL is correct since "SSL_CTX_load_verify_locations()" returns 0 (in case of OPENSSL) for the failure and sets error as "SSL_INITERR_BAD_PATHS". In case of YASSL, "SSL_CTX_load_verify_locations()" returns an error number which is less than or equal to 0 in case of error. Error numbers for YASSL is mentioned in the file, 'extra/yassl/include/openssl/ssl.h'(line no : 292). Also 'ssl-ca' does not accept tilde home directory path substitution. Fix:- The condition which checks for the error in the "SSL_CTX_load_verify_locations()" is changed in order to accommodate YASSL as well. A logic is written in "mysql_ssl_set()" in order accept the tilde home directory path substitution for all ssl options. |
||
|---|---|---|
| .. | ||
| docs | ||
| CMakeLists.txt | ||
| test-ssl.c | ||
| test-sslclient.c | ||
| test-sslserver.c | ||
| vio.c | ||
| vio_priv.h | ||
| viosocket.c | ||
| viossl.c | ||
| viosslfactories.c | ||
| viotest-ssl.c | ||
| viotest-sslconnect.cc | ||
| viotest.cc | ||