From e7ff2040d7af2dec681bbfab5bc2a8232e53c50d Mon Sep 17 00:00:00 2001 From: Robert Golebiowski Date: Wed, 8 Jul 2015 12:21:51 +0200 Subject: [PATCH] Bug #21025377 CAN'T CONNECT TO SSL ENABLED SERVER FIRST 30 SEC AFTER INITIAL STARTUP Description: By using mysql_ssl_rsa_setup to get SSL enabled server (after running mysqld --initialize) server don't answer properly to "mysqladmin ping" first 30 secs after startup. Bug-fix: YASSL validated certificate date to the minute but should have to the second. This is why the ssl on the server side was not up right away after new certs were created with mysql_ssl_rsa_setup. The fix for that was submitted by Todd. YASSL was updated to 2.3.7c. --- extra/yassl/README | 5 +++++ extra/yassl/include/openssl/ssl.h | 2 +- extra/yassl/taocrypt/src/asn.cpp | 7 ++++++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/extra/yassl/README b/extra/yassl/README index d245d20ce5f..61326bc079a 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,11 @@ before calling SSL_new(); *** end Note *** +yaSSL Patch notes, version 2.3.7c (6/12/2015) + This release of yaSSL does certificate DATE comparisons to the second + instead of to the minute, helpful when using freshly generated certs. + Though keep in mind that time sync differences could still show up. + yaSSL Patch notes, version 2.3.7b (3/18/2015) This release of yaSSL fixes a potential crash with corrupted private keys. Also detects bad keys earlier for user. diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index e10fb5299f7..5818a3b2cfc 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -35,7 +35,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.7b" +#define YASSL_VERSION "2.3.7c" #if defined(__cplusplus) diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index d521088d74a..342255c91b8 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -39,7 +39,7 @@ namespace TaoCrypt { namespace { // locals -// to the minute +// to the second bool operator>(tm& a, tm& b) { if (a.tm_year > b.tm_year) @@ -60,6 +60,11 @@ bool operator>(tm& a, tm& b) a.tm_min > b.tm_min) return true; + if (a.tm_year == b.tm_year && a.tm_mon == b.tm_mon && + a.tm_mday == b.tm_mday && a.tm_hour == b.tm_hour && + a.tm_min == b.tm_min && a.tm_sec > b.tm_sec) + return true; + return false; }