Bug#17208 SSL: client does not verify server certificate

- Add new function 'ssl_verify_server_cert' which is used if we are connecting to the server with SSL. It will compare the hostname in the server's cert against the hostname that we used when connecting to the server. Will reject the connection if hostname does not match. - Add new option "OPT_SSL_VERIFY_SERVER_CERT" to be passed to mysql_options which will turn on checking of servers cert. - Add new argument "ssl-verify-server-cert" to all mysql* clients which will activate the above option. - Generate a new server cert with 1024 bits that has "localhost" as the server name.
2025-08-08 11:22:35 +03:00 · 2006-04-18 17:58:27 +02:00
parent d66ac94911
commit a51668c74c
13 changed files with 159 additions and 50 deletions
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -3123,6 +3123,8 @@ sql_real_connect(char *host,char *database,char *user,char *password,
  if (opt_use_ssl)
    mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
 		  opt_ssl_capath, opt_ssl_cipher);
+  mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,
+                (char*)&opt_ssl_verify_server_cert);
 #endif
  if (opt_protocol)
    mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol);