Changes to improve robustness of SSL processing, separate it so far as possible from protocols. Separate the detailed mechanism of authentication from the MySQL protocol with a view to making it into a module later.

2016-02-15 09:29:07 +00:00
parent 971d1d5de2
commit 866e91c088
17 changed files with 1218 additions and 741 deletions
--- a/server/core/config.c
+++ b/server/core/config.c
@ -133,12 +133,14 @@ static char *service_params[] =
    "version_string",
    "filters",
    "weightby",
+    /* These should no longer be required
    "ssl_cert",
    "ssl_ca_cert",
    "ssl",
    "ssl_key",
    "ssl_version",
    "ssl_cert_verify_depth",
+     * */
    "ignore_databases",
    "ignore_databases_regex",
    "log_auth_warnings",
@ -1092,6 +1094,7 @@ make_ssl_structure (CONFIG_CONTEXT *obj, bool require_cert, int *error_count)
                local_errors++;
            }
        }
+        else new_ssl->ssl_cert_verify_depth = 9;

        listener_set_certificates(new_ssl, ssl_cert, ssl_key, ssl_ca_cert);