Attachment #211857 for bug #244320

View | Details | Raw Unified | Return to bug 244320
Collapse All | Expand All




--- rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c.orig	2019-12-18 12:59:40 UTC
+++ rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
@@ -232,7 +232,7 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, 
                                     const char* tls_version)
 {
   DH *dh= NULL;
-#ifdef HAVE_TLSv13
+#ifdef SSL_OP_NO_TLSv1_3
   /* We support TLS up to 1.2, so explicitly disable TLS 1.3. */
   long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_3;
 #else
@@ -257,14 +257,14 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx, 
                     SSL_OP_NO_TLSv1 |
                     SSL_OP_NO_TLSv1_1
                     | SSL_OP_NO_TLSv1_2
-#ifdef HAVE_TLSv13
+#ifdef SSL_OP_NO_TLSv1_3
                     | SSL_OP_NO_TLSv1_3
-#endif /* HAVE_TLSv13 */
+#endif /* SSL_OP_NO_TLSv1_3 */
                    );
 
   SSL_CTX_set_options(ssl_ctx, ssl_ctx_options);
 
-#ifdef HAVE_TLSv13
+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
   /* We do not support TLS 1.3.
      Setting empty TLS 1.3 ciphersuites disables them. */
   if (SSL_CTX_set_ciphersuites(ssl_ctx, "") == 0)

Line 0 Link Here

(-)databases/mysql57-client/files/patch-vio_viosslfactories.c (+11 lines)
	1	--- vio/viosslfactories.c.orig 2019-12-18 12:59:40 UTC
	2	+++ vio/viosslfactories.c
	3	@@ -501,7 +501,7 @@ new_VioSSLFd(const char key_file, const char cert_fi
	4	struct st_VioSSLFd *ssl_fd;
	5	/* MySQL 5.7 supports TLS up to v1.2, explicitly disable TLSv1.3. */
	6	long ssl_ctx_options= SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3
	7	-#ifdef HAVE_TLSv13
	8	+#ifdef SSL_OP_NO_TLSv1_3
	9	\| SSL_OP_NO_TLSv1_3
	10	#endif /* HAVE_TLSv13 */
	11	;

Return to bug 244320

Line 0 Link Here

(-)databases/mysql57-client/files/patch-rapid_plugin_group__replication_libmysqlgcs_src_bindings_xcom_xcom_xcom__ssl__transport.c (+29 lines)
	1	--- rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c.orig 2019-12-18 12:59:40 UTC
	2	+++ rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
	3	@@ -232,7 +232,7 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx,
	4	const char* tls_version)
	5	{
	6	DH *dh= NULL;
	7	-#ifdef HAVE_TLSv13
	8	+#ifdef SSL_OP_NO_TLSv1_3
	9	/* We support TLS up to 1.2, so explicitly disable TLS 1.3. */
	10	long ssl_ctx_options= SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3 \| SSL_OP_NO_TLSv1_3;
	11	#else
	12	@@ -257,14 +257,14 @@ static int configure_ssl_algorithms(SSL_CTX* ssl_ctx,
	13	SSL_OP_NO_TLSv1 \|
	14	SSL_OP_NO_TLSv1_1
	15	\| SSL_OP_NO_TLSv1_2
	16	-#ifdef HAVE_TLSv13
	17	+#ifdef SSL_OP_NO_TLSv1_3
	18	\| SSL_OP_NO_TLSv1_3
	19	-#endif /* HAVE_TLSv13 */
	20	+#endif /* SSL_OP_NO_TLSv1_3 */
	21	);
	22
	23	SSL_CTX_set_options(ssl_ctx, ssl_ctx_options);
	24
	25	-#ifdef HAVE_TLSv13
	26	+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
	27	/* We do not support TLS 1.3.
	28	Setting empty TLS 1.3 ciphersuites disables them. */
	29	if (SSL_CTX_set_ciphersuites(ssl_ctx, "") == 0)