diff options
Diffstat (limited to '0004-Dont-read-PEM-keys.patch')
-rw-r--r-- | 0004-Dont-read-PEM-keys.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/0004-Dont-read-PEM-keys.patch b/0004-Dont-read-PEM-keys.patch new file mode 100644 index 000000000000..cdecf582c387 --- /dev/null +++ b/0004-Dont-read-PEM-keys.patch @@ -0,0 +1,30 @@ +--- a/libmariadb/libmariadb/secure/openssl.c ++++ b/libmariadb/libmariadb/secure/openssl.c +@@ -380,27 +380,10 @@ + + if (keyfile && keyfile[0]) + { +- FILE *fp; +- if ((fp= fopen(keyfile, "rb"))) +- { +- EVP_PKEY *key= EVP_PKEY_new(); +- PEM_read_PrivateKey(fp, &key, NULL, pw); +- fclose(fp); +- if (SSL_CTX_use_PrivateKey(ctx, key) != 1) +- { +- unsigned long err= ERR_peek_error(); +- EVP_PKEY_free(key); +- if (!(ERR_GET_LIB(err) == ERR_LIB_X509 && +- ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) +- goto error; +- } +- EVP_PKEY_free(key); +- } else { + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + CER(CR_FILE_NOT_FOUND), keyfile); + return 1; + } +- } + /* verify key */ + if (certfile && SSL_CTX_check_private_key(ctx) != 1) + goto error; |