proxysql/deps/mariadb-client-library/ma_secure.c.patch

301,338d300
< static int my_verify_callback(int ok, X509_STORE_CTX *ctx)
< {
<   X509 *check_cert;
<   SSL *ssl;
<   MYSQL *mysql;
<   DBUG_ENTER("my_verify_callback");
< 
<   ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
<   DBUG_ASSERT(ssl != NULL);
<   mysql= (MYSQL *)SSL_get_app_data(ssl);
<   DBUG_ASSERT(mysql != NULL);
< 
<   /* skip verification if no ca_file/path was specified */
<   if (!mysql->options.ssl_ca && !mysql->options.ssl_capath)
<   {
<     ok= 1;
<     DBUG_RETURN(1);
<   }
< 
<   if (!ok)
<   {
<     uint depth;
<     if (!(check_cert= X509_STORE_CTX_get_current_cert(ctx)))
<       DBUG_RETURN(0);
<     depth= X509_STORE_CTX_get_error_depth(ctx);
<     if (depth == 0)
<       ok= 1;
<   }
< 
< /*
<     my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
<                         ER(CR_SSL_CONNECTION_ERROR), 
<                         X509_verify_cert_error_string(ctx->error));
< */
<   DBUG_RETURN(ok);
< }
< 
< 
352d313
<   int verify;
372,376d332
<   verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ?
<            SSL_VERIFY_NONE : SSL_VERIFY_PEER;
< 
<   SSL_CTX_set_verify(SSL_context, verify, my_verify_callback);
<   SSL_CTX_set_verify_depth(SSL_context, 1);