List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:October 27 2009 1:20pm
Subject:bzr push into mysql-5.0 branch (joro:2826 to 2827)
View as plain text  
 2827 Georgi Kodinov	2009-10-27 [merge]
      merge from 4.1

    modified:
      vio/viosslfactories.c
 2826 Sergey Glukhov	2009-10-27 [merge]
      automerge
     @ sql/sql_acl.cc
        automerge

    modified:
      sql/sql_acl.cc
=== modified file 'vio/viosslfactories.c'
--- a/vio/viosslfactories.c	2009-07-23 11:38:11 +0000
+++ b/vio/viosslfactories.c	2009-10-27 13:11:06 +0000
@@ -144,55 +144,6 @@ vio_set_cert_stuff(SSL_CTX *ctx, const c
 }
 
 
-static int
-vio_verify_callback(int ok, X509_STORE_CTX *ctx)
-{
-  char buf[256];
-  X509 *err_cert;
-
-  DBUG_ENTER("vio_verify_callback");
-  DBUG_PRINT("enter", ("ok: %d  ctx: 0x%lx", ok, (long) ctx));
-
-  err_cert= X509_STORE_CTX_get_current_cert(ctx);
-  X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
-  DBUG_PRINT("info", ("cert: %s", buf));
-  if (!ok)
-  {
-    int err, depth;
-    err= X509_STORE_CTX_get_error(ctx);
-    depth= X509_STORE_CTX_get_error_depth(ctx);
-
-    DBUG_PRINT("error",("verify error: %d  '%s'",err,
-			X509_verify_cert_error_string(err)));
-    /*
-      Approve cert if depth is greater then "verify_depth", currently
-      verify_depth is always 0 and there is no way to increase it.
-     */
-    if (verify_depth >= depth)
-      ok= 1;
-  }
-  switch (ctx->error)
-  {
-  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
-    DBUG_PRINT("info",("issuer= %s\n", buf));
-    break;
-  case X509_V_ERR_CERT_NOT_YET_VALID:
-  case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-    DBUG_PRINT("error", ("notBefore"));
-    /*ASN1_TIME_print_fp(stderr,X509_get_notBefore(ctx->current_cert));*/
-    break;
-  case X509_V_ERR_CERT_HAS_EXPIRED:
-  case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-    DBUG_PRINT("error", ("notAfter error"));
-    /*ASN1_TIME_print_fp(stderr,X509_get_notAfter(ctx->current_cert));*/
-    break;
-  }
-  DBUG_PRINT("exit", ("%d", ok));
-  DBUG_RETURN(ok);
-}
-
-
 #ifdef __NETWARE__
 
 /* NetWare SSL cleanup */
@@ -346,11 +297,7 @@ new_VioSSLConnectorFd(const char *key_fi
 
   /* Init the VioSSLFd as a "connector" ie. the client side */
 
-  /*
-    The verify_callback function is used to control the behaviour
-    when the SSL_VERIFY_PEER flag is set.
-  */
-  SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback);
+  SSL_CTX_set_verify(ssl_fd->ssl_context, verify, NULL);
 
   return ssl_fd;
 }
@@ -374,11 +321,7 @@ new_VioSSLAcceptorFd(const char *key_fil
   /* Set max number of cached sessions, returns the previous size */
   SSL_CTX_sess_set_cache_size(ssl_fd->ssl_context, 128);
 
-  /*
-    The verify_callback function is used to control the behaviour
-    when the SSL_VERIFY_PEER flag is set.
-  */
-  SSL_CTX_set_verify(ssl_fd->ssl_context, verify, vio_verify_callback);
+  SSL_CTX_set_verify(ssl_fd->ssl_context, verify, NULL);
 
   /*
     Set session_id - an identifier for this server session


Attachment: [text/bzr-bundle] bzr/joro@sun.com-20091027131106-1w5i5wrb27oqewk2.bundle
Thread
bzr push into mysql-5.0 branch (joro:2826 to 2827) Georgi Kodinov27 Oct