1 |
Fix things so that chains of certificates work in the server and client |
2 |
certificate files. |
3 |
|
4 |
This only really works for OpenSSL-based builds, as yassl is unable to read |
5 |
multiple certificates from a file. The patch below to yassl/src/ssl.cpp |
6 |
doesn't fix that, but just arranges that the viosslfactories.c patch won't |
7 |
have any ill effects in a yassl build. Since we don't use yassl in Red Hat/ |
8 |
Fedora builds, I'm not feeling motivated to try to fix yassl for this. |
9 |
|
10 |
See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158 |
11 |
Filed upstream at https://bugs.launchpad.net/maria/+bug/886378 |
12 |
|
13 |
|
14 |
diff -Naur mysql-5.1.47.orig/vio/viosslfactories.c mysql-5.1.47/vio/viosslfactories.c |
15 |
--- mysql-5.1.47.orig/vio/viosslfactories.c 2010-05-06 11:28:07.000000000 -0400 |
16 |
+++ mysql-5.1.47/vio/viosslfactories.c 2010-05-26 23:23:46.000000000 -0400 |
17 |
@@ -100,7 +100,7 @@ |
18 |
(long) ctx, cert_file, key_file)); |
19 |
if (cert_file) |
20 |
{ |
21 |
- if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) |
22 |
+ if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) |
23 |
{ |
24 |
*error= SSL_INITERR_CERT; |
25 |
DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file)); |
26 |
diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp |
27 |
--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp 2010-05-06 11:24:26.000000000 -0400 |
28 |
+++ mysql-5.1.47/extra/yassl/src/ssl.cpp 2010-05-26 23:29:13.000000000 -0400 |
29 |
@@ -1606,10 +1606,10 @@ |
30 |
} |
31 |
|
32 |
|
33 |
- int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*) |
34 |
+ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file) |
35 |
{ |
36 |
- // TDOD: |
37 |
- return SSL_SUCCESS; |
38 |
+ // For the moment, treat like use_certificate_file |
39 |
+ return read_file(ctx, file, SSL_FILETYPE_PEM, Cert); |
40 |
} |
41 |
|
42 |
|