From: Date: March 12 2006 2:05pm Subject: bk commit into 5.0 tree (midom:1.2075) BUG#17737 List-Archive: http://lists.mysql.com/commits/3751 X-Bug: 17737 Message-Id: <20060312130545.7674819F33D@flute.defau.lt> Below is the list of changes that have just been committed into a local 5.0 repository of midom. When midom does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.2075 06/03/12 15:05:25 midom@stripped +3 -0 BUG#17737 yassl libmysqlclient crashes if no client certificate provided As it is for server to decide what to do if client does not provide valid certificate, client may ignore such situation (viossl prints error anyway), instead of crashing. extra/yassl/src/handshake.cpp 1.6 06/03/12 15:05:16 midom@stripped +9 -1 Fall back from Verify procedures if no public and/or private key exists extra/yassl/src/cert_wrapper.cpp 1.6 06/03/12 15:05:15 midom@stripped +5 -0 add CertManager::unsetSendVerify() for falling back certificate verification extra/yassl/include/cert_wrapper.hpp 1.2 06/03/12 15:05:15 midom@stripped +1 -0 add CertManager::unsetSendVerify() for falling back certificate verification # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: midom # Host: flute.local # Root: /Users/midom/Development/mysql-5.0-bug17737 --- 1.1/extra/yassl/include/cert_wrapper.hpp 2005-04-28 16:23:03 +03:00 +++ 1.2/extra/yassl/include/cert_wrapper.hpp 2006-03-12 15:05:15 +02:00 @@ -113,6 +113,7 @@ void setVerifyPeer(); void setFailNoCert(); void setSendVerify(); + void unsetSendVerify(); private: CertManager(const CertManager&); // hide copy CertManager& operator=(const CertManager&); // and assign --- 1.5/extra/yassl/src/cert_wrapper.cpp 2005-07-01 18:00:54 +03:00 +++ 1.6/extra/yassl/src/cert_wrapper.cpp 2006-03-12 15:05:15 +02:00 @@ -143,6 +143,11 @@ sendVerify_ = true; } +void CertManager::unsetSendVerify() +{ + sendVerify_ = false; +} + void CertManager::AddPeerCert(x509* x) { --- 1.5/extra/yassl/src/handshake.cpp 2005-12-20 01:47:44 +02:00 +++ 1.6/extra/yassl/src/handshake.cpp 2006-03-12 15:05:16 +02:00 @@ -952,7 +952,15 @@ { if (ssl.GetError()) return; - Certificate cert(ssl.getCrypto().get_certManager().get_cert()); + // Do not send certificates, if none exist, unset verification hook too. + const x509 *x509cert = ssl.getCrypto().get_certManager().get_cert(); + if (!x509cert || !ssl.getCrypto().get_certManager().get_privateKeyLength()) { + ssl.useCrypto().use_certManager().unsetSendVerify(); + return; + } + + Certificate cert(x509cert); + RecordLayerHeader rlHeader; HandShakeHeader hsHeader; mySTL::auto_ptr out(new (ys) output_buffer, ysDelete);