diff options
| author | Marko Mäkelä <marko.makela@mariadb.com> | 2022-01-04 09:26:38 +0200 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@mariadb.com> | 2022-01-04 09:26:38 +0200 |
| commit | 3f5726768f17342fd6dfec1be1e4d71814bc8564 (patch) | |
| tree | cc85210cf84b11f0543d9a20bcb78f40cb32c140 /vio | |
| parent | c410f7aaea400eb98f13552725b685a2513aafcb (diff) | |
| parent | 4c3ad24413f234599eda27f4958dd3ff21df3203 (diff) | |
| download | mariadb-git-3f5726768f17342fd6dfec1be1e4d71814bc8564.tar.gz | |
Merge 10.5 into 10.6
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viosslfactories.c | 78 |
1 files changed, 70 insertions, 8 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index fbf75729cc6..82bc7d6d6c1 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -233,10 +233,29 @@ new_VioSSLFd(const char *key_file, const char *cert_file, long ssl_ctx_options; DBUG_ENTER("new_VioSSLFd"); - if (ca_file && ! ca_file[0]) ca_file = NULL; - if (ca_path && ! ca_path[0]) ca_path = NULL; - if (crl_file && ! crl_file[0]) crl_file = NULL; - if (crl_path && ! crl_path[0]) crl_path = NULL; + /* + If some optional parameters indicate empty strings, then + for compatibility with SSL libraries, replace them with NULL, + otherwise these libraries will try to open files with an empty + name, etc., and they will return an error code instead performing + the necessary operations: + */ + if (ca_file && !ca_file[0]) + { + ca_file = NULL; + } + if (ca_path && !ca_path[0]) + { + ca_path = NULL; + } + if (crl_file && !crl_file[0]) + { + crl_file = NULL; + } + if (crl_path && !crl_path[0]) + { + crl_path = NULL; + } DBUG_PRINT("enter", ("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' " @@ -391,6 +410,30 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, if (crl_path && ! crl_path[0]) crl_path = NULL; /* + If some optional parameters indicate empty strings, then + for compatibility with SSL libraries, replace them with NULL, + otherwise these libraries will try to open files with an empty + name, etc., and they will return an error code instead performing + the necessary operations: + */ + if (ca_file && !ca_file[0]) + { + ca_file = NULL; + } + if (ca_path && !ca_path[0]) + { + ca_path = NULL; + } + if (crl_file && !crl_file[0]) + { + crl_file = NULL; + } + if (crl_path && !crl_path[0]) + { + crl_path = NULL; + } + + /* Turn off verification of servers certificate if both ca_file and ca_path is set to NULL */ @@ -423,10 +466,29 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, struct st_VioSSLFd *ssl_fd; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; - if (ca_file && ! ca_file[0]) ca_file = NULL; - if (ca_path && ! ca_path[0]) ca_path = NULL; - if (crl_file && ! crl_file[0]) crl_file = NULL; - if (crl_path && ! crl_path[0]) crl_path = NULL; + /* + If some optional parameters indicate empty strings, then + for compatibility with SSL libraries, replace them with NULL, + otherwise these libraries will try to open files with an empty + name, etc., and they will return an error code instead performing + the necessary operations: + */ + if (ca_file && !ca_file[0]) + { + ca_file = NULL; + } + if (ca_path && !ca_path[0]) + { + ca_path = NULL; + } + if (crl_file && !crl_file[0]) + { + crl_file = NULL; + } + if (crl_path && !crl_path[0]) + { + crl_path = NULL; + } if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, ca_path, cipher, FALSE, error, |