database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

GnuTLS fixes:

Browse Source 
To behave like OpenSSL and Schannel, we need to check the hostname,
even if other checks failed before.
This commit is contained in:
Georg Richter
2024-09-06 10:58:57 +02:00
parent b827743c27
commit 375720dc1c
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libmariadb/secure/gnutls.c
View File

@@ -1463,13 +1463,12 @@ int ma_tls_verify_server_cert(MARIADB_TLS *ctls, unsigned int flags)
if (status & GNUTLS_CERT_REVOKED) if (status & GNUTLS_CERT_REVOKED)
mysql->net.tls_verify_status|= MARIADB_TLS_VERIFY_REVOKED; mysql->net.tls_verify_status|= MARIADB_TLS_VERIFY_REVOKED;
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
if (flags & MARIADB_TLS_VERIFY_TRUST) mysql->net.tls_verify_status|= MARIADB_TLS_VERIFY_TRUST;
mysql->net.tls_verify_status|= MARIADB_TLS_VERIFY_TRUST;
if ((status & GNUTLS_CERT_NOT_ACTIVATED) || (status & GNUTLS_CERT_EXPIRED)) if ((status & GNUTLS_CERT_NOT_ACTIVATED) || (status & GNUTLS_CERT_EXPIRED))
mysql->net.tls_verify_status|= MARIADB_TLS_VERIFY_PERIOD; mysql->net.tls_verify_status|= MARIADB_TLS_VERIFY_PERIOD;
} }
if (!status && (flags & MARIADB_TLS_VERIFY_HOST)) if ((flags & MARIADB_TLS_VERIFY_HOST))
{ {
gnutls_x509_crt_t cert= ma_get_cert(ctls); gnutls_x509_crt_t cert= ma_get_cert(ctls);
int rc; int rc;