[packages/mysql.git] / openssl.patch

--- mysql-5.0.96/vio/viosslfactories.c~	2019-09-17 11:52:59.000000000 +0200
+++ mysql-5.0.96/vio/viosslfactories.c	2019-09-17 12:14:48.223177024 +0200
@@ -48,12 +48,18 @@
   DH *dh;
   if ((dh=DH_new()))
   {
-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+    BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+    BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    dh->p= p;
+    dh->g= g;
     if (! dh->p || ! dh->g)
+#else
+      if (!DH_set0_pqg(dh, p, NULL, g))
+#endif
     {
       DH_free(dh);
-      dh=0;
+      dh=NULL;
     }
   }
   return(dh);
commit fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d
Author: Harin Vadodaria <harin.vadodaria@oracle.com>
Date:   Fri Jan 2 10:18:04 2015 +0530

    Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL
    
    Explicitly disable weaker SSL protocols.

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index cd6a6d68cb4..7e475683f9a 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
 {
   DH *dh;
   struct st_VioSSLFd *ssl_fd;
+  long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
   DBUG_ENTER("new_VioSSLFd");
 
   check_ssl_init();
@@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     DBUG_RETURN(0);
   }
 
+  SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
+
   /*
     Set the ciphers that can be used
     NOTE: SSL_CTX_set_cipher_list will return 0 if
--- mysql-5.0.96/vio/viosslfactories.c~	2022-10-18 09:53:29.000000000 +0200
+++ mysql-5.0.96/vio/viosslfactories.c	2022-10-18 10:39:06.402730218 +0200
@@ -338,7 +338,7 @@
     verify= SSL_VERIFY_NONE;
 
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
-                             ca_path, cipher, TLSv1_client_method(), &dummy)))
+                             ca_path, cipher, TLS_client_method(), &dummy)))
   {
     return 0;
   }
@@ -360,7 +360,7 @@
   struct st_VioSSLFd *ssl_fd;
   int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
   if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
-                             ca_path, cipher, TLSv1_server_method(), error)))
+                             ca_path, cipher, TLS_server_method(), error)))
   {
     return 0;
   }
Commit	Line	Data
81ac6df7 AM	1	--- mysql-5.0.96/vio/viosslfactories.c~ 2019-09-17 11:52:59.000000000 +0200
	2	+++ mysql-5.0.96/vio/viosslfactories.c 2019-09-17 12:14:48.223177024 +0200
	3	@@ -48,12 +48,18 @@
	4	DH *dh;
	5	if ((dh=DH_new()))
	6	{
ea606baa AM	7	- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
	8	- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
	9	+ BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
	10	+ BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
81ac6df7 AM	11	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	12	+ dh->p= p;
	13	+ dh->g= g;
	14	if (! dh->p \|\| ! dh->g)
	15	+#else
	16	+ if (!DH_set0_pqg(dh, p, NULL, g))
	17	+#endif
	18	{
	19	DH_free(dh);
	20	- dh=0;
	21	+ dh=NULL;
	22	}
	23	}
	24	return(dh);
5ad7499d AM	25	commit fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d
	26	Author: Harin Vadodaria <harin.vadodaria@oracle.com>
	27	Date: Fri Jan 2 10:18:04 2015 +0530
	28
	29	Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL
	30
	31	Explicitly disable weaker SSL protocols.
	32
	33	diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
	34	index cd6a6d68cb4..7e475683f9a 100644
	35	--- a/vio/viosslfactories.c
	36	+++ b/vio/viosslfactories.c
	37	@@ -173,6 +173,7 @@ new_VioSSLFd(const char key_file, const char cert_file,
	38	{
	39	DH *dh;
	40	struct st_VioSSLFd *ssl_fd;
	41	+ long ssl_ctx_options= SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3;
	42	DBUG_ENTER("new_VioSSLFd");
	43
	44	check_ssl_init();
	45	@@ -200,6 +201,8 @@ new_VioSSLFd(const char key_file, const char cert_file,
	46	DBUG_RETURN(0);
	47	}
	48
	49	+ SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
	50	+
	51	/*
	52	Set the ciphers that can be used
	53	NOTE: SSL_CTX_set_cipher_list will return 0 if
	54	--- mysql-5.0.96/vio/viosslfactories.c~ 2022-10-18 09:53:29.000000000 +0200
	55	+++ mysql-5.0.96/vio/viosslfactories.c 2022-10-18 10:39:06.402730218 +0200
	56	@@ -338,7 +338,7 @@
	57	verify= SSL_VERIFY_NONE;
	58
	59	if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
	60	- ca_path, cipher, TLSv1_client_method(), &dummy)))
	61	+ ca_path, cipher, TLS_client_method(), &dummy)))
	62	{
	63	return 0;
	64	}
	65	@@ -360,7 +360,7 @@
	66	struct st_VioSSLFd *ssl_fd;
	67	int verify= SSL_VERIFY_PEER \| SSL_VERIFY_CLIENT_ONCE;
	68	if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
	69	- ca_path, cipher, TLSv1_server_method(), error)))
	70	+ ca_path, cipher, TLS_server_method(), error)))
	71	{
	72	return 0;
	73	}