Fix up patch

sql-common/client.c: Remove the ssl_verify_server_cert will be added in separate patch vio/viossl.c: Fix coding standard vio/viosslfactories.c: Remove comment

Fix up patch
sql-common/client.c: Remove the ssl_verify_server_cert will be added in separate patch vio/viossl.c: Fix coding standard vio/viosslfactories.c: Remove comment
c3babee8 · unknown · 6af90061 · c3babee8 · c3babee8 · c3babee8
Commit c3babee8 authored Apr 12, 2006 by unknown
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 80 deletions

sql-common/client.c sql-common/client.c +1 -67

vio/viossl.c vio/viossl.c +12 -12

vio/viosslfactories.c vio/viosslfactories.c +0 -1

No files found.
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1567,64 +1567,6 @@ static MYSQL_METHODS client_methods=
 #endif
 };
-int ssl_verify_server_cert(Vio *vio, const char* server_host)
-{
-  SSL *ssl;
-  X509 *server_cert;
-  char *cp1, *cp2;
-  char buf[256];
-  DBUG_ENTER("ssl_verify_server_cert");
-  DBUG_PRINT("enter", ("server_host: %s", server_host));
-  if (!(ssl= (SSL*)vio->ssl_arg))
-  {
-    DBUG_PRINT("error", ("No SSL pointer found"));
-    return 1;
-  }
-  if (!server_host)
-  {
-    DBUG_PRINT("error", ("No server hostname supplied"));
-    return 1;
-  }
-  if (!(server_cert= SSL_get_peer_certificate(ssl)))
-  {
-    DBUG_PRINT("error", ("Could not get server certificate"));
-    return 1;
-  }
-  /*
-    We already know that the certificate exchanged was valid; the SSL library
-    handled that. Now we need to verify that the contents of the certificate
-    are what we expect.
-  */
-  X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
-  X509_free (server_cert);
-//  X509_NAME_get_text_by_NID(x509_get_subject_name(server_cert), NID_commonName, buf, sizeof(buf));... does the same thing
-  DBUG_PRINT("info", ("hostname in cert: %s", buf));
-  cp1 = strstr(buf, "/CN=");
-  if (cp1)
-  {
-    cp1 += 4; // Skip the "/CN=" that we found
-    cp2 = strchr(cp1, '/');
-    if (cp2)
-      *cp2 = '\0';
-    DBUG_PRINT("info", ("Server hostname in cert: ", cp1));
-    if (!strcmp(cp1, server_host))
-    {
-      /* Success */
-      DBUG_RETURN(0);
-    }
-  }
-  DBUG_PRINT("error", ("SSL certificate validation failure"));
-  DBUG_RETURN(1);
-}
 MYSQL *
 CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
 		       const char *passwd, const char *db,
@@ -2107,15 +2049,7 @@ CLI_MYSQL_REAL_CONNECT(MYSQL *mysql,const char *host, const char *user,
    }
    DBUG_PRINT("info", ("IO layer change done!"));
-#if 0
+    /* TODO Verify server cert */
-    /* Verify server cert */
-    if (mysql->options.ssl_verify_cert &&
-        ssl_verify_server_cert(mysql->net.vio, mysql->host))
-    {
-      set_mysql_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate);
-      goto error;
-    }
-#endif
  }
 #endif /* HAVE_OPENSSL */

--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -54,12 +54,12 @@ static void
 report_errors()
 {
  unsigned long	l;
-  const char*	file;
+  const char *file;
-  const char*	data;
+  const char *data;
-  int		line,flags;
+  int line,flags;
  DBUG_ENTER("report_errors");
-  while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)))
+  while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
  {
    char buf[512];
    DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
@@ -70,7 +70,7 @@ report_errors()
 }
-int vio_ssl_read(Vio * vio, gptr buf, int size)
+int vio_ssl_read(Vio *vio, gptr buf, int size)
 {
  int r;
  DBUG_ENTER("vio_ssl_read");
@@ -88,7 +88,7 @@ int vio_ssl_read(Vio * vio, gptr buf, int size)
 }
-int vio_ssl_write(Vio * vio, const gptr buf, int size)
+int vio_ssl_write(Vio *vio, const gptr buf, int size)
 {
  int r;
  DBUG_ENTER("vio_ssl_write");
@@ -101,10 +101,10 @@ int vio_ssl_write(Vio * vio, const gptr buf, int size)
 }
-int vio_ssl_close(Vio * vio)
+int vio_ssl_close(Vio *vio)
 {
  int r= 0;
-  SSL* ssl= (SSL*)vio->ssl_arg;
+  SSL *ssl= (SSL*)vio->ssl_arg;
  DBUG_ENTER("vio_ssl_close");
  if (ssl)
@@ -129,10 +129,10 @@ int vio_ssl_close(Vio * vio)
 }
-int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
+int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
  SSL *ssl;
-  X509* client_cert;
+  X509 *client_cert;
  my_bool unused;
  my_bool net_blocking;
  enum enum_vio_type old_type;
@@ -204,7 +204,7 @@ int sslaccept(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
 }
-int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
+int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
  SSL *ssl;
  X509 *server_cert;
@@ -265,7 +265,7 @@ int sslconnect(struct st_VioSSLFd* ptr, Vio* vio, long timeout)
 }
-int vio_ssl_blocking(Vio * vio __attribute__((unused)),
+int vio_ssl_blocking(Vio *vio __attribute__((unused)),
 		     my_bool set_blocking_mode,
 		     my_bool *old_mode)
 {

--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -209,7 +209,6 @@ static void check_ssl_init()
  }
 #ifdef __NETWARE__
-  /* MASV, should it be done everytime? */
  netware_ssl_init();
 #endif