projects / packages / mysql.git / blame
| Commit | Line | Data |
|---|---|---|
| fc032bd9 AM |
1 | Fix things so that chains of certificates work in the server and client |
| 2 | certificate files. | |
| 3 | ||
| 4 | This only really works for OpenSSL-based builds, as yassl is unable to read | |
| 5 | multiple certificates from a file. The patch below to yassl/src/ssl.cpp | |
| 6 | doesn't fix that, but just arranges that the viosslfactories.c patch won't | |
| 7 | have any ill effects in a yassl build. Since we don't use yassl in Red Hat/ | |
| 8 | Fedora builds, I'm not feeling motivated to try to fix yassl for this. | |
| 9 | ||
| 10 | See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158 | |
| 11 | ||
| 12 | ||
| 4e0fffb4 AM |
13 | --- mysql-8.0.20/vio/viosslfactories.cc~ 2020-03-26 14:31:45.000000000 +0100 |
| 14 | +++ mysql-8.0.20/vio/viosslfactories.cc 2020-05-12 18:42:05.355762655 +0200 | |
| 15 | @@ -250,7 +250,7 @@ static int vio_set_cert_stuff(SSL_CTX *c | |
| 16 | if (!key_file && cert_file) key_file = cert_file; | |
| d79171ec AM |
17 | |
| 18 | if (cert_file && | |
| 4e0fffb4 AM |
19 | - SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { |
| 20 | + SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { | |
| 21 | *error = SSL_INITERR_CERT; | |
| 22 | DBUG_PRINT("error", | |
| 23 | ("%s from file '%s'", sslGetErrString(*error), cert_file)); | |
| 24 |