This reverts 395641549ac7..536d9e2b9e5b, in particular:
8dffd56936 MDEV-31857 enable MYSQL_OPT_SSL_VERIFY_SERVER_CERT by default
a99570c118 MDEV-31855 SSL cert validation protocol extension
9aa15e72a7 TLS fingerprint
and related commits
POWER and other architectures that define char(as my_bool) to be unsigned (as the C
standard leaves this undefined). This resulted in error branches being
unreachabe as indicated by the below compile warnings.
plugins/pvio/pvio_socket.c:763:42: warning: comparison of constant -1 with expression of type 'my_bool' (aka 'char') is always
false [-Wtautological-constant-out-of-range-compare]
if (pvio_socket_blocking(pvio, 1, 0) == SOCKET_ERROR)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
plugins/pvio/pvio_socket.c:875:46: warning: comparison of constant -1 with expression of type 'my_bool' (aka 'char') is always
false [-Wtautological-constant-out-of-range-compare]
if (pvio_socket_blocking(pvio, 0, 0) == SOCKET_ERROR)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
plugins/pvio/pvio_socket.c:907:42: warning: comparison of constant -1 with expression of type 'my_bool' (aka 'char') is always
false [-Wtautological-constant-out-of-range-compare]
if (pvio_socket_blocking(pvio, 1, 0) == SOCKET_ERROR)
ma_hext2int: signed char - prevent compiler errors when char is unsigned.
libmariadb/ma_tls.c:169:31: warning: comparison of constant -1 with expression of type 'char' is always false
[-Wtautological-constant-out-of-range-compare]
if ((d1 = ma_hex2int(*p)) == - 1 ||
~~~~~~~~~~~~~~~~~~~~~ ^ ~~~
libmariadb/ma_tls.c:170:35: warning: comparison of constant -1 with expression of type 'char' is always false
[-Wtautological-constant-out-of-range-compare]
(d2 = ma_hex2int(*(p+1))) == -1 ||
~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~
To fix this all the pvio_*_blocking functions have been changed to use
int as a return value.
Other my_bool/char differences fixed:
mariadb_dyncol_val_str: fix prototype to use char - like implemented function.
unittest: bind.is_null is my_bool* so we use a my_bool.
Client part of MDEV-14101: Add support for tls-version, via
mysql_options(mysql, MARIADB_OPT_TLS_VERSION, value)
Accepted values are "TLSv1.1", "TLSv1.2" and "TLSv1.3".
Fixed testcase openssl_1 for schannel
When calling mariadb_get_infov with option MARIADB_TLS_LIBRARY
the functioni now returns the correct version number and name
of the tls/ssl library in use.
- don't use password in global context
- load keys and certs via callback functions
- don't use gnutls_bye since server is not able to detect dead socket
- fixed valgrind errors in gnutls
- TLS/SSL: renamed HAVE_SSL to HAVE_TLS to avoid trouble in
10.2-integration
- Fixed wrong timeout in non-blocking mode
- Fixed valgrind error in prepared statement
