diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2022-10-26 10:40:33 +0200 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2022-10-26 14:55:47 +0200 |
| commit | 29633dc0c0c49f27ad3c9a405f4730fbfef4bbb0 (patch) | |
| tree | c8dcf1fde1123e9f431ab13718d2bede75c68a86 /vio | |
| parent | 5f296f3a181eb63b6112153c6d4f9186180e6c50 (diff) | |
| parent | 278fbe61d847337712c0f802cc8e0db85bf58bd7 (diff) | |
| download | mariadb-git-29633dc0c0c49f27ad3c9a405f4730fbfef4bbb0.tar.gz | |
Merge branch '10.3' into 10.4
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viosslfactories.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index af1fc1fe4f9..21c41b3bc01 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -97,7 +97,7 @@ sslGetErrString(enum enum_ssl_init_error e) static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file, - enum enum_ssl_init_error* error) + my_bool is_client, enum enum_ssl_init_error* error) { DBUG_ENTER("vio_set_cert_stuff"); DBUG_PRINT("enter", ("ctx: %p cert_file: %s key_file: %s", @@ -134,10 +134,10 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file, } /* - If we are using DSA, we can copy the parameters from the private key - Now we know that a key and cert have been set against the SSL context + If certificate is used check if private key matches. + Note, that server side has to use certificate. */ - if (cert_file && !SSL_CTX_check_private_key(ctx)) + if ((cert_file != NULL || !is_client) && !SSL_CTX_check_private_key(ctx)) { *error= SSL_INITERR_NOMATCH; DBUG_PRINT("error", ("%s",sslGetErrString(*error))); @@ -352,7 +352,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, #endif } - if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file, error)) + if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file, + is_client_method, error)) { DBUG_PRINT("error", ("vio_set_cert_stuff failed")); goto err2; |