Fix things so that chains of certificates work in the server and client certificate files. This only really works for OpenSSL-based builds, as yassl is unable to read multiple certificates from a file. The patch below to yassl/src/ssl.cpp doesn't fix that, but just arranges that the viosslfactories.c patch won't have any ill effects in a yassl build. Since we don't use yassl in Red Hat/ Fedora builds, I'm not feeling motivated to try to fix yassl for this. See RH bug #598656. Filed upstream at http://bugs.mysql.com/bug.php?id=54158 diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc index 5e881e3..2927e7f 100644 --- a/vio/viosslfactories.cc +++ b/vio/viosslfactories.cc @@ -198,7 +198,7 @@ static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, if (!key_file && cert_file) key_file = cert_file; if (cert_file && - SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { + SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { *error = SSL_INITERR_CERT; DBUG_PRINT("error", ("%s from file '%s'", sslGetErrString(*error), cert_file));