[#MDEV-8957] [PATCH] Useless ssl_ctx_set_tmp

[MDEV-8957] [PATCH] Useless ssl_ctx_set_tmp_dh call in libmysql Created: 2015-10-17 Updated: 2015-11-15 Resolved: 2015-11-15
Status:	Closed
Project:	MariaDB Server
Component/s:	SSL
Affects Version/s:	5.5, 10.0, 10.1
Fix Version/s:	10.1.9

Type:

Bug

Priority:

Major

Reporter:

Georg Richter

Assignee:

Oleksandr Byelkin

Resolution:

Fixed

Votes:

Labels:

upstream

Sprint:

10.1.9-3

Description

When establishing a client SSL connection the client tries to setup Differ-Hellman parameters,
which should be used on server only.

see http://linux.die.net/man/3/ssl_ctx_set_tmp_dh : These functions apply to SSL/TLS servers only.

Suggested fix:

--- a/vio/viosslfactories.c

+++ b/vio/viosslfactories.c

@@ -259,14 +259,17 @@ static void check_ssl_init()

   /* DH stuff */

-  dh=get_dh2048();

-  if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))

+  if (!is_client_method)

-    *error= SSL_INITERR_DH;

-    goto err3;

-  }

+    dh=get_dh2048();

+    if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))

+    {

+      *error= SSL_INITERR_DH;

+      goto err3;

+    }

-  DH_free(dh);

+    DH_free(dh);

+  }

Comments

Comment by Oleksandr Byelkin [ 2015-11-15 ]

yes, according to the documentation patch is correct.

Generated at Thu Feb 08 07:31:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.