Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8957

[PATCH] Useless ssl_ctx_set_tmp_dh call in libmysql

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 5.5(EOL), 10.0(EOL), 10.1(EOL)
    • 10.1.9
    • SSL
    • 10.1.9-3

    Description

      When establishing a client SSL connection the client tries to setup Differ-Hellman parameters,
      which should be used on server only.

      see http://linux.die.net/man/3/ssl_ctx_set_tmp_dh : These functions apply to SSL/TLS servers only.

      Suggested fix:

      --- a/vio/viosslfactories.c
      +++ b/vio/viosslfactories.c
      @@ -259,14 +259,17 @@ static void check_ssl_init()
         }
       
         /* DH stuff */
      -  dh=get_dh2048();
      -  if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
      +  if (!is_client_method)
         {
      -    *error= SSL_INITERR_DH;
      -    goto err3;
      -  }
      +    dh=get_dh2048();
      +    if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
      +    {
      +      *error= SSL_INITERR_DH;
      +      goto err3;
      +    }
       
      -  DH_free(dh);
      +    DH_free(dh);
      +  }

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.