Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17940

Documentation does not indicate that X509 and SSL are exclusive options

    XMLWordPrintable

    Details

      Description

      Documentation for CREATE USER says that the statement can contain REQUIRE clause as

       [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
      

      and tls_option is further specified as

      tls_option:
        SSL 
        | X509
        | CIPHER 'cipher'
        | ISSUER 'issuer'
        | SUBJECT 'subject'
      

      which suggests that any of them can be used as elements of a list. In practice, if X509 or SSL is used, it has to be the only option:

      MariaDB [test]> CREATE USER x1 REQUIRE X509 AND ISSUER 'i';
      ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND ISSUER 'i'' at line 1
       
      MariaDB [test]> CREATE USER x2 REQUIRE X509 AND ISSUER 'i';
      ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND ISSUER 'i'' at line 1
       
      MariaDB [test]> CREATE USER x2 REQUIRE ISSUER 'i' AND SSL;
      ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SSL' at line 1
      

      Same is true for upstream 5.7 (manual vs server).
      If the limitation is intentional, it should be documented accordingly.

      Also, I don't know if it's obvious to users or not, but every other option can only be used once.

        Attachments

          Activity

            People

            • Assignee:
              greenman Ian Gilfillan
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: