1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-6975 Implement TLS protocol

Browse Source 
followup:
* explicitly disable SSLv2 and SSLv3, keep other protocols enabled
* fix a compiler warning
* rename the test and combinations to avoid confusion

vio/viossl.c:
  fix a compiler warning
This commit is contained in:
Sergei Golubchik 2014-11-19 18:54:02 +01:00
parent 8bc5eabea8
commit d851d5e70c
6 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
mysql-test/r/openssl-poodle_6975,sslv3.result → mysql-test/r/openssl_6975,tlsv10.result
View File

0
mysql-test/r/openssl-poodle_6975,tlsv12.result → mysql-test/r/openssl_6975,tlsv12.result
View File

2
mysql-test/t/openssl-poodle_6975.combinations → mysql-test/t/openssl_6975.combinations
View File

@ -1,6 +1,6 @@
[tlsv12] [tlsv12]
loose-ssl-cipher=TLSv1.2 loose-ssl-cipher=TLSv1.2
[sslv3] [tlsv10]
loose-ssl-cipher=SSLv3 loose-ssl-cipher=SSLv3

0
mysql-test/t/openssl-poodle_6975.test → mysql-test/t/openssl_6975.test
View File

2
vio/viossl.c
View File

@ -144,7 +144,7 @@ int vio_ssl_close(Vio *vio)
break; break;
default: /* Shutdown failed */ default: /* Shutdown failed */
DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d", DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d",
SSL_get_error(ssl, r))); (int)SSL_get_error(ssl, r)));
break; break;
} }
} }

2
vio/viosslfactories.c
View File

@ -200,6 +200,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_RETURN(0); DBUG_RETURN(0);
} }
SSL_CTX_set_options(ssl_fd->ssl_context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
/* /*
Set the ciphers that can be used Set the ciphers that can be used
NOTE: SSL_CTX_set_cipher_list will return 0 if NOTE: SSL_CTX_set_cipher_list will return 0 if