[#MDEV-31994] Support for finger print verification of client certificate.

[MDEV-31994] Support for finger print verification of client certificate. Created: 2023-08-23 Updated: 2023-12-22
Status:	Open
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Fix Version/s:	11.5

Type:

Task

Priority:

Major

Reporter:

Georg Richter

Assignee:

Georg Richter

Resolution:

Unresolved

Votes:

Labels:

None

Description

If the identity of a client can't be verified through a signed TLS certificate issued by a trusted certificate issuer, it should be possible to verify the identity by checking the finger print of the client certificate.

1. Supported finger print hashes:
SHA224, SHA256, SHA384, SHA512. The hash algorithm can be detected by the length of the provided hash string.

2. New TLS option (CREATE USER)

REQUIRE FINGERPRINT HEX_STRING : This option implies REQUIRE X509 and SSL.

3. Example (using a SHA384 hash)

CREATE USER user@host REQUIRE FINGERPRINT X'E7ADDDEBC326C9E216EB6EE99AF7B7846D0A3067DD74642BC78B8993AD49CA43235DD80CD1446802B2F1E40FE1EC620B'

Generated at Thu Feb 08 10:28:00 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-31994] Support for finger print verification of client certificate. Created: 2023-08-23 Updated: 2023-12-22