Revert "Follow up of 7b8b5ddae280b2d33e2b3fce8446f679521a75be:"

The fix fails with ssl_crl server test, since certificates are loaded in global context. If there is a valid certificate in global context, certificate revocation test on server will fail. This reverts commit db385afbbe.
2025-08-08 14:02:17 +03:00 · 2020-09-16 07:28:41 +02:00
parent db385afbbe
commit 0157f3db88
1 changed files with 3 additions and 4 deletions
--- a/libmariadb/secure/openssl.c
+++ b/libmariadb/secure/openssl.c
@@ -486,10 +486,8 @@ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
  if (certfile  && certfile[0] != 0)
  {
    if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1)
-    {
      goto error; 
  }
-  }

  if (keyfile && keyfile[0])
  {
@@ -499,7 +497,7 @@ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
      EVP_PKEY *key= EVP_PKEY_new();
      PEM_read_PrivateKey(fp, &key, NULL, pw);
      fclose(fp);
-      if (SSL_CTX_use_PrivateKey(ctx, key) != 1)
+      if (SSL_use_PrivateKey(ssl, key) != 1)
      {
        unsigned long err= ERR_peek_error();
        EVP_PKEY_free(key);
@@ -515,7 +513,7 @@ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
    }
  }
  /* verify key */
-  if (certfile && !SSL_CTX_check_private_key(ctx))
+  if (certfile && !SSL_check_private_key(ssl))
    goto error;
  
  if (mysql->options.extension &&
@@ -909,3 +907,4 @@ int ma_tls_get_protocol_version(MARIADB_TLS *ctls)

  return SSL_version(ctls->ssl) & 0xFF;
 }
+