1 --- mysql-5.0.96/vio/viosslfactories.c~ 2019-09-17 11:52:59.000000000 +0200
2 +++ mysql-5.0.96/vio/viosslfactories.c 2019-09-17 12:14:48.223177024 +0200
7 - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
8 - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
9 + BIGNUM* p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
10 + BIGNUM* g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
11 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
14 if (! dh->p || ! dh->g)
16 + if (!DH_set0_pqg(dh, p, NULL, g))
25 commit fe4c4ab914d82af1a1cb2e1bca78c8dcfbc57d4d
26 Author: Harin Vadodaria <harin.vadodaria@oracle.com>
27 Date: Fri Jan 2 10:18:04 2015 +0530
29 Bug#19820550 : DISABLE SSL 3.0 SUPPORT IN OPENSSL
31 Explicitly disable weaker SSL protocols.
33 diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
34 index cd6a6d68cb4..7e475683f9a 100644
35 --- a/vio/viosslfactories.c
36 +++ b/vio/viosslfactories.c
37 @@ -173,6 +173,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
40 struct st_VioSSLFd *ssl_fd;
41 + long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
42 DBUG_ENTER("new_VioSSLFd");
45 @@ -200,6 +201,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
49 + SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
52 Set the ciphers that can be used
53 NOTE: SSL_CTX_set_cipher_list will return 0 if
54 --- mysql-5.0.96/vio/viosslfactories.c~ 2022-10-18 09:53:29.000000000 +0200
55 +++ mysql-5.0.96/vio/viosslfactories.c 2022-10-18 10:39:06.402730218 +0200
57 verify= SSL_VERIFY_NONE;
59 if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
60 - ca_path, cipher, TLSv1_client_method(), &dummy)))
61 + ca_path, cipher, TLS_client_method(), &dummy)))
66 struct st_VioSSLFd *ssl_fd;
67 int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
68 if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
69 - ca_path, cipher, TLSv1_server_method(), error)))
70 + ca_path, cipher, TLS_server_method(), error)))