Fix for CONC-635: Disable TLS/SSL for named pipe/shared mem

Since the server doesn't support secure connections for
shared memory and named pipe connections but indicates
this capability by setting the CLIENT_SSL flag, we unset
this flag in case the connection uses shared memory
or named pipe.

Author: 9EOR9

plugins/auth/my_auth.c

@@ -200,8 +200,6 @@ static int send_change_user_packet(MCPVIO_EXT *mpvio,
   return res;
 }
 
-
-
 static int send_client_reply_packet(MCPVIO_EXT *mpvio,
                                     const uchar *data, int data_len)
 {
@@ -237,6 +235,16 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
        to unset CLIENT_CONNECT_WITH_DB flag */
     mysql->client_flag&= ~CLIENT_CONNECT_WITH_DB;
 
+  /* CONC-635: For connections via named pipe or shared memory the server
+               indicates the capability for secure connections (TLS), but
+               doesn't support it. */
+  if ((mysql->server_capabilities & CLIENT_SSL) &&
+      (mysql->net.pvio->type == PVIO_TYPE_NAMEDPIPE ||
+       mysql->net.pvio->type == PVIO_TYPE_SHAREDMEM))
+  {
+    mysql->server_capabilities &= ~(CLIENT_SSL);
+  }
+
   /* if server doesn't support SSL and verification of server certificate
      was set to mandatory, we need to return an error */
   if (mysql->options.use_ssl && !(mysql->server_capabilities & CLIENT_SSL))