From 229cb8ec8889b304f6a9d8abc06ed3f22ab14ad6 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Thu, 31 Jul 2014 12:52:49 +0300 Subject: [PATCH] Bug #18384260: MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION the 5.5 version of the fix. Added a call to X509_verify_cert_error_string() into the client certificate verification code. --- sql-common/client.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sql-common/client.c b/sql-common/client.c index f2c091261b4..850daa38750 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1909,6 +1909,12 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c DBUG_RETURN(1); } + if (X509_V_OK != SSL_get_verify_result(ssl)) + { + *errptr= "Failed to verify the server certificate"; + X509_free(server_cert); + DBUG_RETURN(1); + } /* We already know that the certificate exchanged was valid; the SSL library handled that. Now we need to verify that the contents of the certificate