Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Fix LibreSSL X509 (SSL) certificate hostname checking.
(Currently) LibreSSL doesn't calculate the string length of the hostname that's passed to X509_check_host automatically in case namelen/chklen is 0. This causes server certificate validation to fail when building MariaDB with LibreSSL. The proposed fix makes MariaDB determine the string length passed to X509_check_host. As there are no ill side-effects (OpenSSL's X509_check_host also simply calls strlen if namelen == 0, see also X509_check_host(3)), this wasn't wrapped in any #ifdef like constructs. Please see here for a proposed patch to modify LibreSSL's behavior: libressl/openbsd#87
- Loading branch information