Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5(EOL), 10.0(EOL), 10.1(EOL)
-
10.1.9-3
Description
When establishing a client SSL connection the client tries to setup Differ-Hellman parameters,
which should be used on server only.
see http://linux.die.net/man/3/ssl_ctx_set_tmp_dh : These functions apply to SSL/TLS servers only.
Suggested fix:
--- a/vio/viosslfactories.c
|
+++ b/vio/viosslfactories.c
|
@@ -259,14 +259,17 @@ static void check_ssl_init()
|
}
|
|
/* DH stuff */
|
- dh=get_dh2048();
|
- if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
|
+ if (!is_client_method)
|
{
|
- *error= SSL_INITERR_DH;
|
- goto err3;
|
- }
|
+ dh=get_dh2048();
|
+ if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
|
+ {
|
+ *error= SSL_INITERR_DH;
|
+ goto err3;
|
+ }
|
|
- DH_free(dh);
|
+ DH_free(dh);
|
+ }
|
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Fix Version/s | 10.1 [ 16100 ] | |
| Affects Version/s | 10.1 [ 16100 ] | |
| Affects Version/s | 10.0 [ 16000 ] | |
| Affects Version/s | 5.5 [ 15800 ] | |
| Labels | upstream | |
| Summary | Useless ssl_ctx_set_tmp_dh call in libmysql | [PATCH] Useless ssl_ctx_set_tmp_dh call in libmysql |
| Sprint | 10.1.9-3 [ 20 ] | |
| Assignee | Oleksandr Byelkin [ sanja ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Fix Version/s | 10.1.9 [ 20301 ] | |
| Fix Version/s | 10.1 [ 16100 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | In Progress [ 3 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 72142 ] | MariaDB v4 [ 149719 ] |
yes, according to the documentation patch is correct.