[MDEV-10054] Secure login fails when CIPHER is required. - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1.14
Fix Version/s: 10.1.15
Component/s: Authentication and Privilege System, SSL
Labels:
- patch
Environment:
All

Description

If a user account has been created with REQUIRE CIPHER option, the user can't login unless he sends it's client certificate to the server (which should be only mandatory for additional X509 checks like issuer or subject.

How to repeat:

grant select on test.* to ssl_user1@localhost require SSL;

grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";

flush privileges;

mysql -ussl_user1 -h127.0.0.1 --ssl-cipher=DHE-RSA-AES256-SHA -e"SHOW session status LIKE 'ssl_cipher'";

+---------------+-----------------------+

| Variable_name | Value                 |

+---------------+-----------------------+

| Ssl_cipher    | DHE-RSA-AES256-SHA256 |

+---------------+-----------------------+

mysql -ussl_user2 -h127.0.0.1 --ssl-cipher=DHE-RSA-AES256-SHA -e"SHOW session status LIKE 'ssl_cipher'";

ERROR 1045 (28000): Access denied for user 'ssl_user2'@'localhost' (using password: NO)

Fix attached

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

sql_acl.patch
3 kB
2016-05-11 07:25

Activity

Ascending order - Click to sort in descending order

Georg Richter created issue - 2016-05-11 07:26

Elena Stepanova made changes - 2016-05-11 08:28

Field	Original Value	New Value
Labels		patch

Elena Stepanova made changes - 2016-05-11 08:28

Fix Version/s		10.1 [ 16100 ]
Fix Version/s		10.2 [ 14601 ]
Assignee		Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2016-06-06 12:00

Affects Version/s

10.2.0 [ 20700 ]

Sergei Golubchik made changes - 2016-06-06 12:00

Fix Version/s

10.2 [ 14601 ]

Sergei Golubchik made changes - 2016-06-28 13:39

Status

Open [ 1 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2016-06-28 13:39

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2016-06-28 20:34

Fix Version/s		10.1.15 [ 22018 ]
Fix Version/s	10.1 [ 16100 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2016-06-28 20:34

Component/s

SSL [ 10112 ]

Sergei Golubchik made changes - 2021-12-06 21:42

Workflow

MariaDB v3 [ 75638 ]

MariaDB v4 [ 150418 ]

People

Assignee:: Sergei Golubchik

Reporter:: Georg Richter

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016-05-11 07:26

Updated:: 2016-06-28 20:34

Resolved:: 2016-06-28 20:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Activity

People

Dates

Git Integration