From 49b229c161b67f415e0864ba16d93baed9dff207 Mon Sep 17 00:00:00 2001
From: George Christian <georgechristian123@gmail.com>
Date: Sun, 12 Aug 2018 13:11:38 +0100
Subject: [PATCH] WolfSSL fix

---
 sql-common/client.cc | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/sql-common/client.cc b/sql-common/client.cc
index 092aac2583e..fcd91e2ceed 100644
--- a/sql-common/client.cc
+++ b/sql-common/client.cc
@@ -2633,7 +2633,7 @@ static int ssl_verify_server_cert(Vio *vio, const char *server_hostname,
     /* Use OpenSSL certificate matching functions instead of our own if we
        have OpenSSL. The X509_check_* functions return 1 on success.
     */
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L || defined(HAVE_WOLFSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
   if ((X509_check_host(server_cert, server_hostname, strlen(server_hostname), 0,
                        0) != 1) &&
       (X509_check_ip_asc(server_cert, server_hostname, 0) != 1)) {
@@ -2646,6 +2646,17 @@ static int ssl_verify_server_cert(Vio *vio, const char *server_hostname,
     /* Success */
     ret_validation = 0;
   }
+#elif defined(HAVE_WOLFSSL)
+  // WolfSSL does not support X509_check_ip_asc as of version 3.14.0
+  if ((X509_check_host(server_cert, server_hostname, strlen(server_hostname), 0,
+                       0) != 1)) {
+    *errptr = "Failed to verify the server certificate via X509_check_host";
+    goto error;
+  }
+  else {
+    /* Success */
+    ret_validation = 0;
+  }
 #else  /* OPENSSL_VERSION_NUMBER < 0x10002000L */
   /*
      OpenSSL prior to 1.0.2 do not support X509_check_host() function.