Bug #18384260: MULTIPLE SECURITY ISSUES IN CERTIFICATE VALIDATION

gkodinov · gkodinov · commit 10956689cbdf · 2014-07-31T12:52:49.000+03:00
the 5.5 version of the fix.
Added a call to X509_verify_cert_error_string() into the client certificate
verification code.
diff --git a/sql-common/client.c b/sql-common/client.c
@@ -1909,6 +1909,12 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
     DBUG_RETURN(1);
   }
 
+  if (X509_V_OK != SSL_get_verify_result(ssl))
+  {
+    *errptr= "Failed to verify the server certificate";
+    X509_free(server_cert);
+    DBUG_RETURN(1);
+  }
   /*
     We already know that the certificate exchanged was valid; the SSL library
     handled that. Now we need to verify that the contents of the certificate
