Apply patch from CONC-190 #700

10 years ago · 0c577f8d81
parent 168f573f3f
commit 0c577f8d81
2 changed files with 48 additions and 0 deletions
--- a/deps/Makefile
+++ b/deps/Makefile
@ -29,6 +29,7 @@ mariadb-client-library/mariadb_client/include/my_config.h:
 	cd mariadb-client-library/mariadb_client && patch libmariadb/net.c < ../net.c.patch
 	cd mariadb-client-library/mariadb_client && patch libmariadb/mysql_async.c < ../mysql_async.c.patch
 	cd mariadb-client-library/mariadb_client && patch libmariadb/password.c < ../password.c.patch
+	cd mariadb-client-library/mariadb_client && patch libmariadb/ma_secure.c < ../ma_secure.c.patch
 	cd mariadb-client-library/mariadb_client && patch include/mysql.h < ../mysql.h.patch
 	cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE}
 # cd mariadb-client-library/mariadb_client/include && make my_config.h
--- a/deps/mariadb-client-library/ma_secure.c.patch
+++ b/deps/mariadb-client-library/ma_secure.c.patch
@ -0,0 +1,47 @@
+301,338d300
+< static int my_verify_callback(int ok, X509_STORE_CTX *ctx)
+< {
+<   X509 *check_cert;
+<   SSL *ssl;
+<   MYSQL *mysql;
+<   DBUG_ENTER("my_verify_callback");
+< 
+<   ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+<   DBUG_ASSERT(ssl != NULL);
+<   mysql= (MYSQL *)SSL_get_app_data(ssl);
+<   DBUG_ASSERT(mysql != NULL);
+< 
+<   /* skip verification if no ca_file/path was specified */
+<   if (!mysql->options.ssl_ca && !mysql->options.ssl_capath)
+<   {
+<     ok= 1;
+<     DBUG_RETURN(1);
+<   }
+< 
+<   if (!ok)
+<   {
+<     uint depth;
+<     if (!(check_cert= X509_STORE_CTX_get_current_cert(ctx)))
+<       DBUG_RETURN(0);
+<     depth= X509_STORE_CTX_get_error_depth(ctx);
+<     if (depth == 0)
+<       ok= 1;
+<   }
+< 
+< /*
+<     my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
+<                         ER(CR_SSL_CONNECTION_ERROR), 
+<                         X509_verify_cert_error_string(ctx->error));
+< */
+<   DBUG_RETURN(ok);
+< }
+< 
+< 
+352d313
+<   int verify;
+372,376d332
+<   verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ?
+<            SSL_VERIFY_NONE : SSL_VERIFY_PEER;
+< 
+<   SSL_CTX_set_verify(SSL_context, verify, my_verify_callback);
+<   SSL_CTX_set_verify_depth(SSL_context, 1);