Blame SOURCES/mysql-chain-certs.patch
|
 |
a1be07 |
Fix things so that chains of certificates work in the server and client
|
|
|
a1be07 |
certificate files.
|
|
|
a1be07 |
|
|
|
a1be07 |
This only really works for OpenSSL-based builds, as yassl is unable to read
|
|
|
a1be07 |
multiple certificates from a file. The patch below to yassl/src/ssl.cpp
|
|
|
a1be07 |
doesn't fix that, but just arranges that the viosslfactories.c patch won't
|
|
|
a1be07 |
have any ill effects in a yassl build. Since we don't use yassl in Red Hat/
|
|
|
a1be07 |
Fedora builds, I'm not feeling motivated to try to fix yassl for this.
|
|
|
a1be07 |
|
|
|
a1be07 |
See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158
|
|
|
a1be07 |
|
|
|
a1be07 |
diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
|
|
|
a1be07 |
index 5e881e3..2927e7f 100644
|
|
|
a1be07 |
--- a/vio/viosslfactories.cc
|
|
|
a1be07 |
+++ b/vio/viosslfactories.cc
|
|
|
a1be07 |
@@ -198,7 +198,7 @@ static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file,
|
|
|
a1be07 |
if (!key_file && cert_file) key_file = cert_file;
|
|
|
a1be07 |
|
|
|
a1be07 |
if (cert_file &&
|
|
|
a1be07 |
- SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
|
|
|
a1be07 |
+ SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
|
|
|
a1be07 |
*error = SSL_INITERR_CERT;
|
|
|
a1be07 |
DBUG_PRINT("error",
|
|
|
a1be07 |
("%s from file '%s'", sslGetErrString(*error), cert_file));
|