Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8957

[PATCH] Useless ssl_ctx_set_tmp_dh call in libmysql

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5, 10.0, 10.1
    • Fix Version/s: 10.1.9
    • Component/s: SSL
    • Labels:
    • Sprint:
      10.1.9-3

      Description

      When establishing a client SSL connection the client tries to setup Differ-Hellman parameters,
      which should be used on server only.

      see http://linux.die.net/man/3/ssl_ctx_set_tmp_dh : These functions apply to SSL/TLS servers only.

      Suggested fix:

      --- a/vio/viosslfactories.c
      +++ b/vio/viosslfactories.c
      @@ -259,14 +259,17 @@ static void check_ssl_init()
         }
       
         /* DH stuff */
      -  dh=get_dh2048();
      -  if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
      +  if (!is_client_method)
         {
      -    *error= SSL_INITERR_DH;
      -    goto err3;
      -  }
      +    dh=get_dh2048();
      +    if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
      +    {
      +      *error= SSL_INITERR_DH;
      +      goto err3;
      +    }
       
      -  DH_free(dh);
      +    DH_free(dh);
      +  }

        Attachments

          Activity

            People

            Assignee:
            sanja Oleksandr Byelkin
            Reporter:
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration