Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
N/A
-
None
Description
Documentation for CREATE USER says that the statement can contain REQUIRE clause as
[REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
|
and tls_option is further specified as
tls_option:
|
SSL
|
| X509
|
| CIPHER 'cipher'
|
| ISSUER 'issuer'
|
| SUBJECT 'subject'
|
which suggests that any of them can be used as elements of a list. In practice, if X509 or SSL is used, it has to be the only option:
MariaDB [test]> CREATE USER x1 REQUIRE X509 AND ISSUER 'i'; |
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND ISSUER 'i'' at line 1 |
|
|
MariaDB [test]> CREATE USER x2 REQUIRE X509 AND ISSUER 'i'; |
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND ISSUER 'i'' at line 1 |
|
|
MariaDB [test]> CREATE USER x2 REQUIRE ISSUER 'i' AND SSL; |
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SSL' at line 1 |
Same is true for upstream 5.7 (manual vs server).
If the limitation is intentional, it should be documented accordingly.
Also, I don't know if it's obvious to users or not, but every other option can only be used once.