Fix LibreSSL X509 (SSL) certificate hostname checking.
(Currently) LibreSSL doesn't calculate the string length of the hostname that's passed to X509_check_host automatically in case namelen/chklen is 0. This causes server certificate validation to fail when building MariaDB with LibreSSL. The proposed fix makes MariaDB determine the string length passed to X509_check_host. As there are no ill side-effects (OpenSSL's X509_check_host also simply calls strlen if namelen == 0, see also X509_check_host(3)), this wasn't wrapped in any #ifdef like constructs. Please see here for a proposed patch to modify LibreSSL's behavior: https://github.com/libressl-portable/openbsd/pull/87
Showing
Please register or sign in to comment