summaryrefslogtreecommitdiff
path: root/vio/viosslfactories.c
diff options
context:
space:
mode:
Diffstat (limited to 'vio/viosslfactories.c')
-rw-r--r--vio/viosslfactories.c33
1 files changed, 4 insertions, 29 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index ef3dfb1f5b0..ee944c68f92 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -51,27 +51,6 @@ static DH *get_dh512(void)
}
-static void
-report_errors()
-{
- unsigned long l;
- const char* file;
- const char* data;
- int line,flags;
-
- DBUG_ENTER("report_errors");
-
- while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
- {
-#ifndef DBUG_OFF /* Avoid warning */
- char buf[200];
- DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
- file,line,(flags & ERR_TXT_STRING) ? data : "")) ;
-#endif
- }
- DBUG_VOID_RETURN;
-}
-
static const char*
ssl_error_string[] =
{
@@ -193,16 +172,17 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_RETURN(0);
if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ?
- TLSv1_client_method() :
- TLSv1_server_method())))
+ SSLv23_client_method() :
+ SSLv23_server_method())))
{
*error= SSL_INITERR_MEMFAIL;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- report_errors();
my_free(ssl_fd);
DBUG_RETURN(0);
}
+ SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
/*
Set the ciphers that can be used
NOTE: SSL_CTX_set_cipher_list will return 0 if
@@ -213,7 +193,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{
*error= SSL_INITERR_CIPHERS;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free(ssl_fd);
DBUG_RETURN(0);
@@ -230,7 +209,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
*error= SSL_INITERR_BAD_PATHS;
DBUG_PRINT("error", ("SSL_CTX_load_verify_locations failed : %s",
sslGetErrString(*error)));
- report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free(ssl_fd);
DBUG_RETURN(0);
@@ -241,7 +219,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{
*error= SSL_INITERR_BAD_PATHS;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free(ssl_fd);
DBUG_RETURN(0);
@@ -264,7 +241,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_PRINT("warning", ("X509_STORE_load_locations for CRL failed"));
*error= SSL_INITERR_BAD_PATHS;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free(ssl_fd);
DBUG_RETURN(0);
@@ -275,7 +251,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file, error))
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
- report_errors();
SSL_CTX_free(ssl_fd->ssl_context);
my_free(ssl_fd);
DBUG_RETURN(0);
View Lorry Controller Status