Commit fcb03305 authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #11761822: yassl rejects valid certificate which openssl accepts

    
Applied the fix that updates yaSSL to 2.2.1 and fixes parsing this 
particular certificate.
Added a test case with the certificate itself.
parent e72278fd
...@@ -758,6 +758,10 @@ void CertDecoder::GetName(NameType nt) ...@@ -758,6 +758,10 @@ void CertDecoder::GetName(NameType nt)
while (source_.get_index() < length) { while (source_.get_index() < length) {
GetSet(); GetSet();
if (source_.GetError().What() == SET_E) {
source_.SetError(NO_ERROR_E); // extensions may only have sequence
source_.prev();
}
GetSequence(); GetSequence();
byte b = source_.next(); byte b = source_.next();
......
...@@ -201,7 +201,7 @@ static void check_ssl_init() ...@@ -201,7 +201,7 @@ static void check_ssl_init()
static struct st_VioSSLFd * static struct st_VioSSLFd *
new_VioSSLFd(const char *key_file, const char *cert_file, new_VioSSLFd(const char *key_file, const char *cert_file,
const char *ca_file, const char *ca_path, const char *ca_file, const char *ca_path,
const char *cipher, SSL_METHOD *method, const char *cipher, my_bool is_client_method,
enum enum_ssl_init_error* error) enum enum_ssl_init_error* error)
{ {
DH *dh; DH *dh;
...@@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file, ...@@ -222,7 +222,9 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
my_malloc(sizeof(struct st_VioSSLFd),MYF(0))))) my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
DBUG_RETURN(0); DBUG_RETURN(0);
if (!(ssl_fd->ssl_context= SSL_CTX_new(method))) if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ?
TLSv1_client_method() :
TLSv1_server_method())))
{ {
*error= SSL_INITERR_MEMFAIL; *error= SSL_INITERR_MEMFAIL;
DBUG_PRINT("error", ("%s", sslGetErrString(*error))); DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
...@@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, ...@@ -300,7 +302,7 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
verify= SSL_VERIFY_NONE; verify= SSL_VERIFY_NONE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
ca_path, cipher, TLSv1_client_method(), &dummy))) ca_path, cipher, TRUE, &dummy)))
{ {
return 0; return 0;
} }
...@@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, ...@@ -322,7 +324,7 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
struct st_VioSSLFd *ssl_fd; struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
ca_path, cipher, TLSv1_server_method(), error))) ca_path, cipher, FALSE, error)))
{ {
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment