Load CA certs before setting local certs.

static void

report_errors()

report_errors(SSL* ssl)

{

  unsigned long	l;

  const char *file;

  const char *data;

  int line,flags;

  char buf[512];

  DBUG_ENTER("report_errors");

  while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))

  {

    char buf[512];

    DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),

			 file,line,(flags&ERR_TXT_STRING)?data:"")) ;

  }

#ifdef HAVE_YASSL

  /*

    The above calls to ERR_* doesn't return any messages when we

    are using yaSSL since error is stored in the SSL object we used.

  */

  if (ssl)

    DBUG_PRINT("error", ("yaSSL: %s", ERR_error_string(SSL_get_error(ssl, l), buf)));

#endif

  DBUG_PRINT("info", ("errno: %d", socket_errno));

  DBUG_VOID_RETURN;

}

  {

    int err= SSL_get_error((SSL*) vio->ssl_arg, r);

    DBUG_PRINT("error",("SSL_read(): %d  SSL_get_error(): %d", r, err));

    report_errors();

    report_errors((SSL*) vio->ssl_arg);

  }

  DBUG_PRINT("exit", ("%d", r));

  DBUG_RETURN(r);

  DBUG_PRINT("enter", ("sd: %d, buf: 0x%p, size: %d", vio->sd, buf, size));

  if ((r= SSL_write((SSL*) vio->ssl_arg, buf, size)) < 0)

    report_errors();

    report_errors((SSL*) vio->ssl_arg);

  DBUG_PRINT("exit", ("%d", r));

  DBUG_RETURN(r);

}

  if (!(ssl= SSL_new(ptr->ssl_context)))

  {

    DBUG_PRINT("error", ("SSL_new failure"));

    report_errors();

    report_errors(ssl);

    vio_reset(vio, old_type,vio->sd,0,FALSE);

    vio_blocking(vio, net_blocking, &unused);

    DBUG_RETURN(1);

  if (SSL_do_handshake(ssl) < 1)

  {

    DBUG_PRINT("error", ("SSL_do_handshake failure"));

    report_errors();

    report_errors(ssl);

    SSL_free(ssl);

    vio->ssl_arg= 0;

    vio_reset(vio, old_type,vio->sd,0,FALSE);

  if (!(ssl= SSL_new(ptr->ssl_context)))

  {

    DBUG_PRINT("error", ("SSL_new failure"));

    report_errors();

    report_errors(ssl);

    vio_reset(vio, old_type, vio->sd, 0, FALSE);

    vio_blocking(vio, net_blocking, &unused);

    DBUG_RETURN(1);

  if (SSL_do_handshake(ssl) < 1)

  {

    DBUG_PRINT("error", ("SSL_do_handshake failure"));

    report_errors();

    report_errors(ssl);

    SSL_free(ssl);

    vio->ssl_arg= 0;

    vio_reset(vio, old_type, vio->sd, 0, FALSE);

      /* FIX stderr */

      fprintf(stderr,"Error when connection to server using SSL:");

      ERR_print_errors_fp(stderr);

      fprintf(stderr,"Unable to get private key from '%s'\n", cert_file);

      fprintf(stderr,"Unable to get private key from '%s'\n", key_file);

      fflush(stderr);

      DBUG_RETURN(1);

    }

    DBUG_RETURN(0);

  }

  if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file))

  {

    DBUG_PRINT("error", ("vio_set_cert_stuff failed"));

    report_errors();

    my_free((void*)ssl_fd,MYF(0));

    DBUG_RETURN(0);

  }

  /* Load certs from the trusted ca */

  if (SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path) == 0)

  {

    DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));

    }

  }

  if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file))

  {

    DBUG_PRINT("error", ("vio_set_cert_stuff failed"));

    report_errors();

    my_free((void*)ssl_fd,MYF(0));

    DBUG_RETURN(0);

  }

  /* DH stuff */

  dh=get_dh512();

  SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);

    return 0;

  }

  /* Init the the VioSSLFd as a "connector" ie. the client side */

  /* Init the VioSSLFd as a "connector" ie. the client side */

  /*

    The verify_callback function is used to control the behaviour