Bug #273 | The x509 cert issuer seems not to be checked against the CA | ||
---|---|---|---|
Submitted: | 11 Apr 2003 9:39 | Modified: | 16 Apr 2003 5:24 |
Reporter: | Lenz Grimmer | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S3 (Non-critical) |
Version: | 4.0 | OS: | Linux (Linux) |
Assigned to: | Sergei Glukhov | CPU Architecture: | Any |
[11 Apr 2003 9:39]
Lenz Grimmer
[16 Apr 2003 5:24]
Sergei Glukhov
Thank you for your bug report. This issue has been fixed in the latest development tree for that product. You can find more information about accessing our development trees at http://www.mysql.com/doc/en/Installing_source_tree.html This is the fix: ===== vio/viossl.c 1.17 vs edited ===== *** /tmp/viossl.c-1.17-4415 Tue Nov 5 12:05:55 2002 --- edited/vio/viossl.c Wed Apr 16 16:54:04 2003 *************** *** 281,287 **** SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd(vio->ssl_,vio->sd); SSL_set_accept_state(vio->ssl_); ! if (SSL_do_handshake(vio->ssl_) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); --- 281,288 ---- SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd(vio->ssl_,vio->sd); SSL_set_accept_state(vio->ssl_); ! if (SSL_do_handshake(vio->ssl_) < 1 || ! SSL_get_verify_result(vio->ssl_) != X509_V_OK) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); *************** *** 354,360 **** SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd (vio->ssl_, vio->sd); SSL_set_connect_state(vio->ssl_); ! if (SSL_do_handshake(vio->ssl_) < 1) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors(); --- 355,362 ---- SSL_SESSION_set_timeout(SSL_get_session(vio->ssl_), timeout); SSL_set_fd (vio->ssl_, vio->sd); SSL_set_connect_state(vio->ssl_); ! if (SSL_do_handshake(vio->ssl_) < 1 || ! SSL_get_verify_result(vio->ssl_) != X509_V_OK) { DBUG_PRINT("error", ("SSL_do_handshake failure")); report_errors();