]>
Commit | Line | Data |
---|---|---|
81ac6df7 AM |
1 | --- mysql-5.0.96/vio/viosslfactories.c~ 2019-09-17 11:52:59.000000000 +0200 |
2 | +++ mysql-5.0.96/vio/viosslfactories.c 2019-09-17 12:14:48.223177024 +0200 | |
3 | @@ -48,12 +48,18 @@ | |
4 | DH *dh; | |
5 | if ((dh=DH_new())) | |
6 | { | |
ea606baa AM |
7 | - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); |
8 | - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); | |
9 | + BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); | |
10 | + BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); | |
81ac6df7 AM |
11 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L |
12 | + dh->p= p; | |
13 | + dh->g= g; | |
14 | if (! dh->p || ! dh->g) | |
15 | +#else | |
16 | + if (!DH_set0_pqg(dh, p, NULL, g)) | |
17 | +#endif | |
18 | { | |
19 | DH_free(dh); | |
20 | - dh=0; | |
21 | + dh=NULL; | |
22 | } | |
23 | } | |
24 | return(dh); | |
5ad7499d AM |
25 | commit fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d |
26 | Author: Harin Vadodaria <harin.vadodaria@oracle.com> | |
27 | Date: Fri Jan 2 10:18:04 2015 +0530 | |
28 | ||
29 | Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL | |
30 | ||
31 | Explicitly disable weaker SSL protocols. | |
32 | ||
33 | diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c | |
34 | index cd6a6d68cb4..7e475683f9a 100644 | |
35 | --- a/vio/viosslfactories.c | |
36 | +++ b/vio/viosslfactories.c | |
37 | @@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file, | |
38 | { | |
39 | DH *dh; | |
40 | struct st_VioSSLFd *ssl_fd; | |
41 | + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; | |
42 | DBUG_ENTER("new_VioSSLFd"); | |
43 | ||
44 | check_ssl_init(); | |
45 | @@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, | |
46 | DBUG_RETURN(0); | |
47 | } | |
48 | ||
49 | + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options); | |
50 | + | |
51 | /* | |
52 | Set the ciphers that can be used | |
53 | NOTE: SSL_CTX_set_cipher_list will return 0 if | |
54 | --- mysql-5.0.96/vio/viosslfactories.c~ 2022-10-18 09:53:29.000000000 +0200 | |
55 | +++ mysql-5.0.96/vio/viosslfactories.c 2022-10-18 10:39:06.402730218 +0200 | |
56 | @@ -338,7 +338,7 @@ | |
57 | verify= SSL_VERIFY_NONE; | |
58 | ||
59 | if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, | |
60 | - ca_path, cipher, TLSv1_client_method(), &dummy))) | |
61 | + ca_path, cipher, TLS_client_method(), &dummy))) | |
62 | { | |
63 | return 0; | |
64 | } | |
65 | @@ -360,7 +360,7 @@ | |
66 | struct st_VioSSLFd *ssl_fd; | |
67 | int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; | |
68 | if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, | |
69 | - ca_path, cipher, TLSv1_server_method(), error))) | |
70 | + ca_path, cipher, TLS_server_method(), error))) | |
71 | { | |
72 | return 0; | |
73 | } |