database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-10054 Secure login fails when CIPHER is required

Browse Source 
SSL: do not require client certificate to exist,
if GRANT didn't require that
This commit is contained in:
Sergei Golubchik
2016-06-28 15:38:41 +02:00
parent 8354c0c4d6
commit 341e5f4411
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
mysql-test/r/ssl.result
View File

@@ -2172,3 +2172,8 @@ NULL
select 'still connected?'; select 'still connected?';
still connected? still connected?
still connected? still connected?
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
Variable_name Value
Ssl_cipher EDH-RSA-DES-CBC3-SHA
drop user mysqltest_1@localhost;

5
mysql-test/t/ssl.test
View File

@@ -34,5 +34,10 @@ select 'still connected?';
connection default; connection default;
disconnect ssl_con; disconnect ssl_con;
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
--exec $MYSQL -umysqltest_1 --ssl-cipher=EDH-RSA-DES-CBC3-SHA -e "show status like 'ssl_cipher'" 2>&1
drop user mysqltest_1@localhost;
# Wait till all disconnects are completed # Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc --source include/wait_until_count_sessions.inc

3
sql/sql_acl.cc
View File

@@ -12199,6 +12199,9 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
return 1; return 1;
} }
} }
if (!acl_user->x509_issuer && !acl_user->x509_subject)
return 0; // all done
/* Prepare certificate (if exists) */ /* Prepare certificate (if exists) */
if (!(cert= SSL_get_peer_certificate(ssl))) if (!(cert= SSL_get_peer_certificate(ssl)))
return 1; return 1;