25 lines
1.1 KiB
Diff
25 lines
1.1 KiB
Diff
|
Fix things so that chains of certificates work in the server and client
|
||
|
|
certificate files.
|
||
|
|
|
||
|
|
This only really works for OpenSSL-based builds, as yassl is unable to read
|
||
|
|
multiple certificates from a file. The patch below to yassl/src/ssl.cpp
|
||
|
|
doesn't fix that, but just arranges that the viosslfactories.c patch won't
|
||
|
|
have any ill effects in a yassl build. Since we don't use yassl in Red Hat/
|
||
|
|
Fedora builds, I'm not feeling motivated to try to fix yassl for this.
|
||
|
|
|
||
|
|
See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158
|
||
|
|
|
||
|
|
diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
|
||
|
|
index 5e881e3..2927e7f 100644
|
||
|
|
--- a/vio/viosslfactories.cc
|
||
|
|
+++ b/vio/viosslfactories.cc
|
||
|
|
@@ -198,7 +198,7 @@ static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file,
|
||
|
|
if (!key_file && cert_file) key_file = cert_file;
|
||
|
|
|
||
|
|
if (cert_file &&
|
||
|
|
- SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
|
||
|
|
+ SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
|
||
|
|
*error = SSL_INITERR_CERT;
|
||
|
|
DBUG_PRINT("error",
|
||
|
|
("%s from file '%s'", sslGetErrString(*error), cert_file));
|