Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10054

Secure login fails when CIPHER is required.

    XMLWordPrintable

Details

    Description

      If a user account has been created with REQUIRE CIPHER option, the user can't login unless he sends it's client certificate to the server (which should be only mandatory for additional X509 checks like issuer or subject.

      How to repeat:

      grant select on test.* to ssl_user1@localhost require SSL;
      grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
      flush privileges;
      

      mysql -ussl_user1 -h127.0.0.1 --ssl-cipher=DHE-RSA-AES256-SHA -e"SHOW session status LIKE 'ssl_cipher'";
      +---------------+-----------------------+
      | Variable_name | Value                 |
      +---------------+-----------------------+
      | Ssl_cipher    | DHE-RSA-AES256-SHA256 |
      +---------------+-----------------------+
       
      mysql -ussl_user2 -h127.0.0.1 --ssl-cipher=DHE-RSA-AES256-SHA -e"SHOW session status LIKE 'ssl_cipher'";
      ERROR 1045 (28000): Access denied for user 'ssl_user2'@'localhost' (using password: NO)
      

      Fix attached

      Attachments

        Activity

          People

            serg Sergei Golubchik
            georg Georg Richter
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.