database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

Remove server certification verification

Browse Source 
Since the server certification option is used by client
only, there is no need to have this flag in server and or
client capabilities. The server itself validates client
certificate depending on the user definition.
This commit is contained in:
Georg Richter
2023-07-13 09:30:33 +02:00
parent d543bed61b
commit 45feebb99d
8 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libmariadb/secure/openssl.c
View File

@@ -501,9 +501,8 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
/* In case handshake failed or if a root certificate (ca) was specified,
we need to check the result code of X509 verification. A detailed check
of the peer certificate (hostname checking will follow later) */
if (rc != 1 ||
(mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) ||
(mysql->options.ssl_ca || mysql->options.ssl_capath))
if (rc != 1 || mysql->options.extension->tls_verify_server_cert ||
mysql->options.ssl_ca || mysql->options.ssl_capath)
{
long x509_err= SSL_get_verify_result(ssl);
if (x509_err != X509_V_OK)