From 17b443c49ed4b80b3d2b653e100c5a1313e33eef Mon Sep 17 00:00:00 2001
From: lazio579 <wangbin5790@163.com>
Date: Fri, 28 Sep 2018 16:21:05 +0800
Subject: [PATCH] Fix ssl related problems when ssl_new returns nil

---
 plugins/admin/admin-plugin.c | 13 +++++++++----
 src/plugin-common.c          | 17 +++++++++++------
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/plugins/admin/admin-plugin.c b/plugins/admin/admin-plugin.c
index a57f297..8dd2976 100644
--- a/plugins/admin/admin-plugin.c
+++ b/plugins/admin/admin-plugin.c
@@ -164,10 +164,15 @@ NETWORK_MYSQLD_PLUGIN_PROTO(server_read_auth) {
 
 #ifdef HAVE_OPENSSL
         if (auth->ssl_request) {
-            network_ssl_create_connection(con->client, NETWORK_SSL_SERVER);
-            g_string_free(g_queue_pop_tail(con->client->recv_queue->chunks), TRUE);
-            con->state = ST_FRONT_SSL_HANDSHAKE;
-            return NETWORK_SOCKET_SUCCESS;
+            if (network_ssl_create_connection(con->client, NETWORK_SSL_SERVER) == FALSE) {
+                network_mysqld_con_send_error_full(con->client, C("SSL server failed"), 1045, "28000");
+                network_mysqld_auth_response_free(auth);
+                return NETWORK_SOCKET_ERROR;
+            } else {
+                g_string_free(g_queue_pop_tail(con->client->recv_queue->chunks), TRUE);
+                con->state = ST_FRONT_SSL_HANDSHAKE;
+                return NETWORK_SOCKET_SUCCESS;
+            }
         }
 #endif
         con->client->response = auth;
diff --git a/src/plugin-common.c b/src/plugin-common.c
index 5936d03..2a912ef 100644
--- a/src/plugin-common.c
+++ b/src/plugin-common.c
@@ -152,13 +152,18 @@ do_read_auth(network_mysqld_con *con)
 
 #ifdef HAVE_OPENSSL
         if (con->srv->ssl && auth->ssl_request) {
-            network_ssl_create_connection(recv_sock, NETWORK_SSL_SERVER);
-            g_string_free(g_queue_pop_tail(recv_sock->recv_queue->chunks), TRUE);
-            if (recv_sock->recv_queue->chunks->length > 0) {
-                g_warning("%s: client-recv-queue-len = %d", G_STRLOC, recv_sock->recv_queue->chunks->length);
+            if (network_ssl_create_connection(recv_sock, NETWORK_SSL_SERVER) == FALSE) {
+                network_mysqld_con_send_error_full(con->client, C("SSL server failed"), 1045, "28000");
+                network_mysqld_auth_response_free(auth);
+                return NETWORK_SOCKET_ERROR;
+            } else {
+                g_string_free(g_queue_pop_tail(recv_sock->recv_queue->chunks), TRUE);
+                if (recv_sock->recv_queue->chunks->length > 0) {
+                    g_warning("%s: client-recv-queue-len = %d", G_STRLOC, recv_sock->recv_queue->chunks->length);
+                }
+                con->state = ST_FRONT_SSL_HANDSHAKE;
+                return NETWORK_SOCKET_SUCCESS;
             }
-            con->state = ST_FRONT_SSL_HANDSHAKE;
-            return NETWORK_SOCKET_SUCCESS;
         }
 #endif
         if (!(auth->client_capabilities & CLIENT_PROTOCOL_41)) {