diff --git a/include/mysql_async.h b/include/mysql_async.h index 2728b9c1..298f3f57 100644 --- a/include/mysql_async.h +++ b/include/mysql_async.h @@ -1,17 +1,20 @@ /* Copyright (C) 2012 MariaDB Services and Kristian Nielsen + 2015 MariaDB Corporation - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA */ /* Common definitions for MariaDB non-blocking client library. */ diff --git a/libmariadb/ma_secure.c b/libmariadb/ma_secure.c index 82f29608..78938ef5 100644 --- a/libmariadb/ma_secure.c +++ b/libmariadb/ma_secure.c @@ -400,6 +400,7 @@ int my_ssl_connect(SSL *ssl) { my_bool blocking; MYSQL *mysql; + int rc; DBUG_ENTER("my_ssl_connect"); @@ -426,6 +427,18 @@ int my_ssl_connect(SSL *ssl) DBUG_RETURN(1); } + rc= SSL_get_verify_result(ssl); + if (rc != X509_V_OK) + { + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + ER(CR_SSL_CONNECTION_ERROR), X509_verify_cert_error_string(rc)); + /* restore blocking mode */ + if (!blocking) + vio_blocking(mysql->net.vio, FALSE, 0); + + DBUG_RETURN(1); + } + vio_reset(mysql->net.vio, VIO_TYPE_SSL, mysql->net.vio->sd, 0, 0); mysql->net.vio->ssl= ssl; DBUG_RETURN(0); diff --git a/libmariadb/mysql_async.c b/libmariadb/mysql_async.c index 5606e52c..e1424509 100644 --- a/libmariadb/mysql_async.c +++ b/libmariadb/mysql_async.c @@ -1,19 +1,19 @@ -/* - Copyright 2011 Kristian Nielsen and Monty Program Ab +/* Copyright (C) 2012 MariaDB Services and Kristian Nielsen + 2015 MariaDB Corporation - This file is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. - You should have received a copy of the GNU General Public License - along with this. If not, see . -*/ + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, /* MySQL non-blocking client library functions. diff --git a/unittest/libmariadb/ssl.c.in b/unittest/libmariadb/ssl.c.in index 00355961..71f63c4c 100644 --- a/unittest/libmariadb/ssl.c.in +++ b/unittest/libmariadb/ssl.c.in @@ -356,7 +356,7 @@ static int test_conc50_2(MYSQL *my) mysql= mysql_init(NULL); FAIL_IF(!mysql, "Can't allocate memory"); - mysql_ssl_set(mysql, NULL, NULL, "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/dummy.pem", NULL, NULL); + mysql_ssl_set(mysql, NULL, NULL, "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/not-found.pem", NULL, NULL); mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, port, socketname, 0); @@ -366,6 +366,26 @@ static int test_conc50_2(MYSQL *my) return OK; } +static int test_conc127(MYSQL *my) +{ + MYSQL *mysql; + + if (check_skip_ssl()) + return SKIP; + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, NULL, NULL, "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/dummy.pem", NULL, NULL); + + mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, + port, socketname, 0); + FAIL_IF(mysql_errno(mysql) == 0, "Error expected (invalid certificate)"); + mysql_close(mysql); + + return OK; +} + static int test_conc50_3(MYSQL *my) { MYSQL *mysql; @@ -598,6 +618,7 @@ static int test_conc_102(MYSQL *mysql) struct my_tests_st my_tests[] = { {"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_conc127", test_conc127, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50", test_conc50, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50_1", test_conc50_1, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_conc50_2", test_conc50_2, TEST_CONNECTION_NEW, 0, NULL, NULL},