Fix things so that chains of certificates work in the server and client certificate files. This only really works for OpenSSL-based builds, as yassl is unable to read multiple certificates from a file. The patch below to yassl/src/ssl.cpp doesn't fix that, but just arranges that the viosslfactories.c patch won't have any ill effects in a yassl build. Since we don't use yassl in Red Hat/ Fedora builds, I'm not feeling motivated to try to fix yassl for this. See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158 diff -Naur mysql-5.1.66.orig/vio/viosslfactories.c mysql-5.1.66/vio/viosslfactories.c --- mysql-5.1.66.orig/vio/viosslfactories.c 2012-09-07 10:14:06.000000000 -0400 +++ mysql-5.1.66/vio/viosslfactories.c 2012-11-02 10:17:16.495347128 -0400 @@ -109,7 +109,7 @@ key_file= cert_file; if (cert_file && - SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) + SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { *error= SSL_INITERR_CERT; DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file)); diff -Naur mysql-5.1.66.orig/extra/yassl/src/ssl.cpp mysql-5.1.66/extra/yassl/src/ssl.cpp --- mysql-5.1.66.orig/extra/yassl/src/ssl.cpp 2012-09-07 10:14:06.000000000 -0400 +++ mysql-5.1.66/extra/yassl/src/ssl.cpp 2012-11-02 10:16:16.513789708 -0400 @@ -1628,10 +1628,10 @@ } - int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*) + int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file) { - // TDOD: - return SSL_SUCCESS; + // For the moment, treat like use_certificate_file + return read_file(ctx, file, SSL_FILETYPE_PEM, Cert); }