database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

CONC-433: Add CRL support for GnuTLS

Browse Source 
Added support for certificate revocation list (CRL) in GnuTLS.
This commit is contained in:
Georg Richter
2021-04-15 18:19:45 +02:00
parent 37bb780bde
commit 132c5b51c1
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libmariadb/secure/gnutls.c
View File

@@ -1060,7 +1060,7 @@ static int ma_gnutls_set_ciphers(gnutls_session_t ssl,
char priority[1024]; char priority[1024];
char *p= get_priority(token, priority, 1024); char *p= get_priority(token, priority, 1024);
if (p) if (p)
strncat(prio, p, PRIO_SIZE - strlen(prio) - 1); strncat(prio, p, PRIO_SIZE - strlen(prio));
token = strtok(NULL, ":"); token = strtok(NULL, ":");
} }
return gnutls_priority_set_direct(ssl, prio , &err); return gnutls_priority_set_direct(ssl, prio , &err);
@@ -1090,6 +1090,14 @@ static int ma_tls_set_certs(MYSQL *mysql,
goto error; goto error;
} }
if (mysql->options.extension && mysql->options.extension->ssl_crl)
{
ssl_error= gnutls_certificate_set_x509_crl_file(ctx,
mysql->options.extension->ssl_crl, GNUTLS_X509_FMT_PEM);
if (ssl_error < 0)
goto error;
}
if (!mysql->options.ssl_ca && !mysql->options.ssl_capath) if (!mysql->options.ssl_ca && !mysql->options.ssl_capath)
{ {
ssl_error= gnutls_certificate_set_x509_system_trust(ctx); ssl_error= gnutls_certificate_set_x509_system_trust(ctx);
@@ -1144,9 +1152,7 @@ void *ma_tls_init(MYSQL *mysql)
data->mysql= mysql; data->mysql= mysql;
gnutls_session_set_ptr(ssl, (void *)data); gnutls_session_set_ptr(ssl, (void *)data);
/*
gnutls_certificate_set_retrieve_function2(GNUTLS_xcred, client_cert_callback);
*/
ssl_error= ma_gnutls_set_ciphers(ssl, mysql->options.ssl_cipher, mysql->options.extension ? mysql->options.extension->tls_version : NULL); ssl_error= ma_gnutls_set_ciphers(ssl, mysql->options.ssl_cipher, mysql->options.extension ? mysql->options.extension->tls_version : NULL);
if (ssl_error < 0) if (ssl_error < 0)
goto error; goto error;