MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Domas Mituzas Date:March 12 2006 1:05pm
Subject:bk commit into 5.0 tree (midom:1.2075) BUG#17737
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of midom. When midom does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2075 06/03/12 15:05:25 midom@stripped +3 -0
  BUG#17737 yassl libmysqlclient crashes if no client certificate provided
  
  As it is for server to decide what to do if client does not provide valid certificate, 
  client may ignore such situation (viossl prints error anyway), instead of crashing.

  extra/yassl/src/handshake.cpp
    1.6 06/03/12 15:05:16 midom@stripped +9 -1
    Fall back from Verify procedures if no public and/or private key exists

  extra/yassl/src/cert_wrapper.cpp
    1.6 06/03/12 15:05:15 midom@stripped +5 -0
    add CertManager::unsetSendVerify() for falling back certificate verification

  extra/yassl/include/cert_wrapper.hpp
    1.2 06/03/12 15:05:15 midom@stripped +1 -0
    add CertManager::unsetSendVerify() for falling back certificate verification

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	midom
# Host:	flute.local
# Root:	/Users/midom/Development/mysql-5.0-bug17737

--- 1.1/extra/yassl/include/cert_wrapper.hpp	2005-04-28 16:23:03 +03:00
+++ 1.2/extra/yassl/include/cert_wrapper.hpp	2006-03-12 15:05:15 +02:00
@@ -113,6 +113,7 @@
     void setVerifyPeer();
     void setFailNoCert();
     void setSendVerify();
+    void unsetSendVerify();
 private:
     CertManager(const CertManager&);            // hide copy
     CertManager& operator=(const CertManager&); // and assign

--- 1.5/extra/yassl/src/cert_wrapper.cpp	2005-07-01 18:00:54 +03:00
+++ 1.6/extra/yassl/src/cert_wrapper.cpp	2006-03-12 15:05:15 +02:00
@@ -143,6 +143,11 @@
     sendVerify_ = true;
 }
 
+void CertManager::unsetSendVerify()
+{
+	sendVerify_ = false;
+}
+
 
 void CertManager::AddPeerCert(x509* x)
 { 

--- 1.5/extra/yassl/src/handshake.cpp	2005-12-20 01:47:44 +02:00
+++ 1.6/extra/yassl/src/handshake.cpp	2006-03-12 15:05:16 +02:00
@@ -952,7 +952,15 @@
 {
     if (ssl.GetError()) return;
 
-    Certificate       cert(ssl.getCrypto().get_certManager().get_cert());
+    // Do not send certificates, if none exist, unset verification hook too.
+    const x509 *x509cert = ssl.getCrypto().get_certManager().get_cert();
+    if (!x509cert || !ssl.getCrypto().get_certManager().get_privateKeyLength()) {
+        ssl.useCrypto().use_certManager().unsetSendVerify();
+        return;
+    }
+
+    Certificate       cert(x509cert);
+
     RecordLayerHeader rlHeader;
     HandShakeHeader   hsHeader;
     mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete);
Thread
bk commit into 5.0 tree (midom:1.2075) BUG#17737Domas Mituzas12 Mar