summaryrefslogtreecommitdiffstats
path: root/mysql-chain-certs.patch
blob: 34f646160edb04562371f63caaeb9c5eb6cbdd79 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Fix things so that chains of certificates work in the server and client
certificate files.

This only really works for OpenSSL-based builds, as yassl is unable to read
multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
doesn't fix that, but just arranges that the viosslfactories.c patch won't
have any ill effects in a yassl build.  Since we don't use yassl in Red Hat/
Fedora builds, I'm not feeling motivated to try to fix yassl for this.

See RH bug #598656.  Filed upstream at http://bugs.mysql.com/bug.php?id=54158


diff -Naur mysql-5.1.66.orig/vio/viosslfactories.c mysql-5.1.66/vio/viosslfactories.c
--- mysql-5.1.66.orig/vio/viosslfactories.c	2012-09-07 10:14:06.000000000 -0400
+++ mysql-5.1.66/vio/viosslfactories.c	2012-11-02 10:17:16.495347128 -0400
@@ -109,7 +109,7 @@
     key_file= cert_file;
 
   if (cert_file &&
-      SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
+      SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
   {
     *error= SSL_INITERR_CERT;
     DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
diff -Naur mysql-5.1.66.orig/extra/yassl/src/ssl.cpp mysql-5.1.66/extra/yassl/src/ssl.cpp
--- mysql-5.1.66.orig/extra/yassl/src/ssl.cpp	2012-09-07 10:14:06.000000000 -0400
+++ mysql-5.1.66/extra/yassl/src/ssl.cpp	2012-11-02 10:16:16.513789708 -0400
@@ -1628,10 +1628,10 @@
     }
 
 
-    int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
+    int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
     {
-        // TDOD:
-        return SSL_SUCCESS;
+        // For the moment, treat like use_certificate_file
+        return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
     }