MDEV-6975 Implement TLS protocol

followup: * explicitly disable SSLv2 and SSLv3, keep other protocols enabled * fix a compiler warning * rename the test and combinations to avoid confusion vio/viossl.c: fix a compiler warning
2014-11-19 18:54:02 +01:00 · 2014-11-19 18:54:02 +01:00 · d851d5e70c
commit d851d5e70c
parent 8bc5eabea8
6 changed files with 4 additions and 2 deletions
--- a/mysql-test/r/openssl-poodle_6975,sslv3.result
+++ b/mysql-test/r/openssl-poodle_6975,sslv3.result
--- a/mysql-test/r/openssl-poodle_6975,tlsv12.result
+++ b/mysql-test/r/openssl-poodle_6975,tlsv12.result
--- a/mysql-test/t/openssl-poodle_6975.combinations
+++ b/mysql-test/t/openssl-poodle_6975.combinations
@ -1,6 +1,6 @@
 [tlsv12]
 loose-ssl-cipher=TLSv1.2

-[sslv3]
+[tlsv10]
 loose-ssl-cipher=SSLv3

--- a/mysql-test/t/openssl-poodle_6975.test
+++ b/mysql-test/t/openssl-poodle_6975.test
--- a/vio/viossl.c
+++ b/vio/viossl.c
@ -144,7 +144,7 @@ int vio_ssl_close(Vio *vio)
      break;
    default: /* Shutdown failed */
      DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d",
-                               SSL_get_error(ssl, r)));
+                               (int)SSL_get_error(ssl, r)));
      break;
    }
  }
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@ -200,6 +200,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
    DBUG_RETURN(0);
  }

+  SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
  /*
    Set the ciphers that can be used
    NOTE: SSL_CTX_set_cipher_list will return 0 if