[CONC-312] Implement caching_sha2_password plugin Created: 2018-02-20 Updated: 2019-05-20 Resolved: 2018-10-10 |
|
| Status: | Closed |
| Project: | MariaDB Connector/C |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.8, 3.1.0 |
| Type: | Task | Priority: | Critical |
| Reporter: | Georg Richter | Assignee: | Georg Richter |
| Resolution: | Fixed | Votes: | 3 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Description |
|
MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin: Workflow: 1) Server sends scramble packet
3) Client sends digest4 as authentication string On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP. |
| Comments |
| Comment by Georg Richter [ 2018-03-06 ] |
|
https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd |
| Comment by Georg Richter [ 2018-03-06 ] |
|
commit: https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd |
| Comment by Honza Horak [ 2018-08-01 ] |
|
Georg, I'm wondering what was the reason to close this issue as WONTFIX. It would make sense to me to have this capability in the mariadb connector. This way, the mariadb connector cannot connect to the MySQL that is run with the default configuration. |
| Comment by Sergei Golubchik [ 2018-10-02 ] |
|
Reopened. Let's have caching_sha2_password plugin for compatibility reasons |
| Comment by Georg Richter [ 2018-10-10 ] |
|
The caching_sha2_plugin doesn't work with GnuTLS, since neither GnuTLS nor libnettle provide the required rsa encryption with OAEP padding functionality. |
| Comment by Georg Richter [ 2018-12-01 ] |
|
Pushed into 3.0 branch (will be available in C/C 3.0.8) |