Commit c3babee8 authored by unknown's avatar unknown
Browse files

Fix up patch 


sql-common/client.c:
  Remove the ssl_verify_server_cert will be added in separate patch
vio/viossl.c:
  Fix coding standard
vio/viosslfactories.c:
  Remove comment
parent 6af90061

sql-common/client.c

+1 −67
Original line number Diff line number Diff line
@@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods= 
#endif

};



int ssl_verify_server_cert(Vio *vio, const char* server_host)

{

  SSL *ssl;

  X509 *server_cert;

  char *cp1, *cp2;

  char buf[256];

  DBUG_ENTER("ssl_verify_server_cert");

  DBUG_PRINT("enter", ("server_host: %s", server_host));



  if (!(ssl= (SSL*)vio->ssl_arg))

  {

    DBUG_PRINT("error", ("No SSL pointer found"));

    return 1;

  }



  if (!server_host)

  {

    DBUG_PRINT("error", ("No server hostname supplied"));

    return 1;

  }



  if (!(server_cert= SSL_get_peer_certificate(ssl)))

  {

    DBUG_PRINT("error", ("Could not get server certificate"));

    return 1;

  }



  /*

    We already know that the certificate exchanged was valid; the SSL library

    handled that. Now we need to verify that the contents of the certificate

    are what we expect.

  */



  X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));

  X509_free (server_cert);



//  X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing



  DBUG_PRINT("info", ("hostname in cert: %s", buf));

  cp1 = strstr(buf, "/CN=");

  if (cp1)

  {

    cp1 += 4; // Skip the "/CN=" that we found

    cp2 = strchr(cp1, '/');

    if (cp2)

      *cp2 = '\0';

    DBUG_PRINT("info", ("Server hostname in cert: ", cp1));

    if (!strcmp(cp1, server_host))

    {

      /* Success */

      DBUG_RETURN(0);

    }

  }

  DBUG_PRINT("error", ("SSL certificate validation failure"));

  DBUG_RETURN(1);

}





MYSQL *

CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,

		       const char *passwd, const char *db,
@@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user, 
    }

    DBUG_PRINT("info", ("IO layer change done!"));



#if 0

    /* Verify server cert */

    if (mysql->options.ssl_verify_cert &&

        ssl_verify_server_cert(mysql->net.vio, mysql->host))

    {

      set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);

      goto error;

    }

#endif

    /* TODO Verify server cert */

  }

#endif /* HAVE_OPENSSL */

vio/viosslfactories.c

+0 −1
Original line number Diff line number Diff line
@@ -209,7 +209,6 @@ static void check_ssl_init() 
  }



#ifdef __NETWARE__

  /* MASV, should it be done everytime? */

  netware_ssl_init();

#endif

vio/viossl.c

+12 −12

File changed.

Contains only whitespace changes.