Security Fix: Connector/C 6.1 Commercial has been updated to use
OpenSSLversion 1.0.1g, which has been publicly reported as not vulnerable to CVE-2014-0160. Please see Oracle Note #1645479.1 for further details.
Since the only change in Connector/C 6.1.4 is the inclusion of
OpenSSLlibraries publicly reported as unaffected by CVE-2014-0160, and since Oracle-produced MySQL Community builds use
YaSSLlibraries which have been reported as not affected by CVE-2014-0160, Oracle will not produce builds for Connector/C Community for version 6.1.4. This means the Community edition of Connector/C will skip version 6.1.4. (Bug #18533200, CVE-2014-0160)
There was a difference in certificate handling by yaSSL and OpenSSL (used for Community and Enterprise, respectively). OpenSSL expected a blank certificate to be sent when not all of the
--ssl-keyoptions were specified, and yaSSL did not do so. To resolve this, yaSSL has been modified to send a blank certificate when an option is missing. (Bug #68788, Bug #16715064)