← Back to branch summary

~ubuntu-branches/ubuntu/raring/mysql-5.5/raring-proposed

« back to all changes in this revision

Viewing changes to packaging/rpm-uln/mysql-chain-certs.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2013-01-16 08:29:25 UTC
  • mfrom: (1.1.11)
  • Revision ID: package-import@ubuntu.com-20130116082925-znscu5xswxo6pmw2
Tags: 5.5.29-0ubuntu1
https://launchpad.net/bugs/1100264
* SECURITY UPDATE: Update to 5.5.29 to fix security issues (LP: #1100264)
  - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
* debian/patches/CVE-2012-5611.patch: removed, included upstream.
* debian/patches/38_scripts__mysqld_safe.sh__signals.patch: refreshed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
packaging/rpm-uln/mysql-chain-certs.patch
 
1
Fix things so that chains of certificates work in the server and client
 
2
certificate files.
 
3
 
 
4
This only really works for OpenSSL-based builds, as yassl is unable to read
 
5
multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
 
6
doesn't fix that, but just arranges that the viosslfactories.c patch won't
 
7
have any ill effects in a yassl build.  Since we don't use yassl in Red Hat/
 
8
Fedora builds, I'm not feeling motivated to try to fix yassl for this.
 
9
 
 
10
See RH bug #598656.  Filed upstream at http://bugs.mysql.com/bug.php?id=54158
 
11
 
 
12
   ===
 
13
 
 
14
Joerg Bruehe, MySQL Build Team at Oracle: First patch adapted to code changes in MySQL 5.5
 
15
 
 
16
 
 
17
diff -Naur mysql-5.5.29.orig/vio/viosslfactories.c mysql-5.5.29/vio/viosslfactories.c
 
18
--- mysql-5.5.29.orig/vio/viosslfactories.c     2010-05-06 11:28:07.000000000 -0400
 
19
+++ mysql-5.5.29/vio/viosslfactories.c  2010-05-26 23:23:46.000000000 -0400
 
20
@@ -106,7 +106,7 @@
 
21
     key_file= cert_file;
 
22
 
 
23
   if (cert_file &&
 
24
-      SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0)
 
25
+      SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
 
26
   {
 
27
     *error= SSL_INITERR_CERT;
 
28
     DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
 
29
diff -Naur mysql-5.1.47.orig/extra/yassl/src/ssl.cpp mysql-5.1.47/extra/yassl/src/ssl.cpp
 
30
--- mysql-5.1.47.orig/extra/yassl/src/ssl.cpp   2010-05-06 11:24:26.000000000 -0400
 
31
+++ mysql-5.1.47/extra/yassl/src/ssl.cpp        2010-05-26 23:29:13.000000000 -0400
 
32
@@ -1606,10 +1606,10 @@
 
33
     }
 
34
 
 
35
 
 
36
-    int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
 
37
+    int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
 
38
     {
 
39
-        // TDOD:
 
40
-        return SSL_SUCCESS;
 
41
+        // For the moment, treat like use_certificate_file
 
42
+        return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
 
43
     }
 
44
 
 
45