hcq/oceanbase
hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

when rpc_server_authentication_method has none, server does notverify client identity

Browse Source
This commit is contained in:
obdev 2024-02-07 21:31:12 +00:00 committed by ob-robot
parent 1a24f7c5bb
commit 58a5d44e67
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deps/ussl-hook/loop/handle-event.c vendored
View File

@ -444,7 +444,9 @@ static int acceptfd_handle_first_readable_event(acceptfd_sk_t *s)
} else {
negotiation_message_t nego_message_ack;
nego_message_ack.type = nego_message->type;
if (0 != fd_enable_ssl_for_server(s->fd, ssl_config_ctx_id, nego_message->type)) {
int has_method_none = test_server_auth_methods(USSL_AUTH_NONE);
if (0 != fd_enable_ssl_for_server(s->fd, ssl_config_ctx_id, nego_message->type,
has_method_none)) {
err = EUCLEAN;
s->has_error = 1;
ussl_log_error("fd_enable_ssl_for_server failed, fd:%d", s->fd);

6
deps/ussl-hook/ssl/ssl_config.c vendored
View File

@ -554,7 +554,7 @@ int ssl_load_config(int ctx_id, const ssl_config_item_t *ssl_config)
return ret;
}
int fd_enable_ssl_for_server(int fd, int ctx_id, int type)
int fd_enable_ssl_for_server(int fd, int ctx_id, int type, int has_method_none)
{
int ret = 0;
SSL_CTX *ctx = NULL;
@ -575,6 +575,10 @@ int fd_enable_ssl_for_server(int fd, int ctx_id, int type)
ret = EINVAL;
ussl_log_warn("SSL_set_fd failed, ret:%d, fd:%d, ctx_id:%d", ret, fd, ctx_id);
} else {
//if server has auth method none, server does not verify client identity
if (has_method_none) {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
}
SSL_set_accept_state(ssl);
ATOMIC_STORE(&(gs_fd_ssl_array[fd].ssl), ssl);
ATOMIC_STORE(&(gs_fd_ssl_array[fd].type), type);

2
deps/ussl-hook/ssl/ssl_config.h vendored
View File

@ -21,7 +21,7 @@ enum SSL_ROLE {
};
int ssl_load_config(int ctx_id, const ssl_config_item_t *ssl_config);
int fd_enable_ssl_for_server(int fd, int ctx_id, int type);
int fd_enable_ssl_for_server(int fd, int ctx_id, int type, int has_method_none);
int fd_enable_ssl_for_client(int fd, int ctx_id, int type);
void fd_disable_ssl(int fd);
int ssl_do_handshake(int fd);