Connector/C 6.1 Commercial has been updated to use
OpenSSL version 1.0.1g, which has been
publicly reported as not vulnerable to
Note #1645479.1 for further details.
Since the only change in Connector/C 6.1.4 is the inclusion of
OpenSSL libraries publicly reported as
unaffected by CVE-2014-0160, and since Oracle-produced MySQL
Community builds use
YaSSL libraries which
have been reported as not affected by CVE-2014-0160, Oracle will
not produce builds for Connector/C Community for version 6.1.4.
This means the Community edition of Connector/C will skip
(Bug #18533200, CVE-2014-0160)
There was a difference in certificate handling by yaSSL and
OpenSSL (used for Community and Enterprise, respectively).
OpenSSL expected a blank certificate to be sent when not all of
--ssl-key options were specified, and yaSSL did
not do so. To resolve this, yaSSL has been modified to send a
blank certificate when an option is missing.
(Bug #68788, Bug #16715064)