Changeset 32ceedd1d91a2fea4727ea7d82520738a9363be9

Show
Ignore:
Timestamp:
11/17/10 16:24:43 (3 years ago)
Author:
Mike Jackson <mjackson@omniti.com>
git-committer:
Mike Jackson <mjackson@omniti.com> 1290011083 +0000
git-parent:

[2c35111d986f670203e64beb67e6fdc0ceb97c65]

git-author:
Mike Jackson <mjackson@omniti.com> 1290011083 +0000
Message:

Adding an extra paranoia check to make sure we have a non-NULL SSL cipher after connection if we've requested that the connection use SSL.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • src/modules/mysql.c

    rb38124b r32ceedd  
    287287        AVAIL_BAIL(mysql_error(ci->conn)); 
    288288 
     289#if MYSQL_VERSION_ID >= 50000 
     290      if (!strcmp(sslmode, "require")) { 
     291        /* mysql has a bad habit of silently failing to establish ssl and 
     292         * falling back to unencrypted, so after making the connection, let's  
     293         * check that we're actually using SSL by checking for a non-NULL  
     294         * return value from mysql_get_ssl_cipher(). 
     295         */ 
     296        if (mysql_get_ssl_cipher(ci->conn) == NULL) { 
     297          noitL(nldeb, "mysql_get_ssl_cipher() returns NULL, but SSL mode required."); 
     298          AVAIL_BAIL("mysql_get_ssl_cipher() returns NULL, but SSL mode required."); 
     299        } 
     300      } 
     301#endif 
     302 
    289303      gettimeofday(&t1, NULL); 
    290304      sub_timeval(t1, check->last_fire_time, &diff);