summarylogtreecommitdiffstats
path: root/0004-Dont-read-PEM-keys.patch
diff options
context:
space:
mode:
Diffstat (limited to '0004-Dont-read-PEM-keys.patch')
-rw-r--r--0004-Dont-read-PEM-keys.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/0004-Dont-read-PEM-keys.patch b/0004-Dont-read-PEM-keys.patch
new file mode 100644
index 000000000000..cdecf582c387
--- /dev/null
+++ b/0004-Dont-read-PEM-keys.patch
@@ -0,0 +1,30 @@
+--- a/libmariadb/libmariadb/secure/openssl.c
++++ b/libmariadb/libmariadb/secure/openssl.c
+@@ -380,27 +380,10 @@
+
+ if (keyfile && keyfile[0])
+ {
+- FILE *fp;
+- if ((fp= fopen(keyfile, "rb")))
+- {
+- EVP_PKEY *key= EVP_PKEY_new();
+- PEM_read_PrivateKey(fp, &key, NULL, pw);
+- fclose(fp);
+- if (SSL_CTX_use_PrivateKey(ctx, key) != 1)
+- {
+- unsigned long err= ERR_peek_error();
+- EVP_PKEY_free(key);
+- if (!(ERR_GET_LIB(err) == ERR_LIB_X509 &&
+- ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE))
+- goto error;
+- }
+- EVP_PKEY_free(key);
+- } else {
+ my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
+ CER(CR_FILE_NOT_FOUND), keyfile);
+ return 1;
+ }
+- }
+ /* verify key */
+ if (certfile && SSL_CTX_check_private_key(ctx) != 1)
+ goto error;