BUG#33177337: Connection with chained SSL certs fails with ssl_verify_identity

nmariz · nmariz · commit 240f24a57985 · 2021-09-10T18:46:27.000+01:00
This patch fixes the failing C extension connection with chained SSL
certificates using ssl_verify_identity=True.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -13,6 +13,7 @@ v8.0.27
 
 - WL#14689: Fallback conversion to str for types incompatible with MySQL
 - WL#14664: Allow SSPI Kerberos library usage with c-ext
+- BUG#33177337: Connection with chained SSL certs fails with ssl_verify_identity
 - BUG#28641350: mysqlx.result.Row objects cannot be printed directly
 
 v8.0.26
diff --git a/src/mysql_capi.c b/src/mysql_capi.c
@@ -1293,13 +1293,12 @@ MySQL_connect(MySQL *self, PyObject *args, PyObject *kwds)
             mysql_options(&self->session,
                           MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*)&abool);
 #endif
-        } else {
 #if MYSQL_VERSION_ID >= 50711
-            if (ssl_verify_identity && ssl_verify_identity == Py_True) {
-                ssl_mode= SSL_MODE_VERIFY_IDENTITY;
-                mysql_options(&self->session, MYSQL_OPT_SSL_MODE, &ssl_mode);
-            }
+        } else if (ssl_verify_identity && ssl_verify_identity == Py_True) {
+            ssl_mode= SSL_MODE_VERIFY_IDENTITY;
+            mysql_options(&self->session, MYSQL_OPT_SSL_MODE, &ssl_mode);
 #endif
+        } else {
             ssl_ca= NULL;
         }
         mysql_ssl_set(&self->session, ssl_key, ssl_cert, ssl_ca, NULL, NULL);
