void *ma_ssl_init(MYSQL *mysql) { gnutls_session_t ssl= NULL; int ssl_error= 0; const char *err; pthread_mutex_lock(&LOCK_gnutls_config); if ((ssl_error= ma_ssl_set_certs(mysql)) < 0) goto error; if ((ssl_error = gnutls_init(&ssl, GNUTLS_CLIENT & GNUTLS_NONBLOCK)) < 0) goto error; gnutls_session_set_ptr(ssl, (void *)mysql); ssl_error= gnutls_priority_set_direct(ssl, "NORMAL:-DHE-RSA", &err); if (ssl_error < 0) goto error; if ((ssl_error= gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, GNUTLS_xcred)) < 0) goto error; pthread_mutex_unlock(&LOCK_gnutls_config); return (void *)ssl; error: ma_ssl_set_error(mysql, ssl_error); if (ssl) gnutls_deinit(ssl); pthread_mutex_unlock(&LOCK_gnutls_config); return NULL; }
void *ma_ssl_init(MYSQL *mysql) { int verify; SSL *ssl= NULL; pthread_mutex_lock(&LOCK_openssl_config); if (ma_ssl_set_certs(mysql)) { goto error; } if (!(ssl= SSL_new(SSL_context))) goto error; if (!SSL_set_app_data(ssl, mysql)) goto error; verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ? SSL_VERIFY_NONE : SSL_VERIFY_PEER; SSL_CTX_set_verify(SSL_context, verify, my_verify_callback); SSL_CTX_set_verify_depth(SSL_context, 1); pthread_mutex_unlock(&LOCK_openssl_config); return (void *)ssl; error: pthread_mutex_unlock(&LOCK_openssl_config); if (ssl) SSL_free(ssl); return NULL; }
void *ma_ssl_init(MYSQL *mysql) { int verify; SSL *ssl= NULL; #ifdef HAVE_SSL_SESSION_CACHE MA_SSL_SESSION *session= ma_ssl_get_session(mysql); #endif pthread_mutex_lock(&LOCK_openssl_config); if (ma_ssl_set_certs(mysql)) { goto error; } if (!(ssl= SSL_new(SSL_context))) goto error; if (!SSL_set_app_data(ssl, mysql)) goto error; #ifdef HAVE_SSL_SESSION_CACHE if (session) SSL_set_session(ssl, session->session); #endif verify= (!mysql->options.ssl_ca && !mysql->options.ssl_capath) ? SSL_VERIFY_NONE : SSL_VERIFY_PEER; SSL_CTX_set_verify(SSL_context, verify, my_verify_callback); SSL_CTX_set_verify_depth(SSL_context, 1); pthread_mutex_unlock(&LOCK_openssl_config); return (void *)ssl; error: pthread_mutex_unlock(&LOCK_openssl_config); if (ssl) SSL_free(ssl); return NULL; }