Commit 341e5f44 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-10054 Secure login fails when CIPHER is required

SSL: do not require client certificate to exist,
if GRANT didn't require that
parent 8354c0c4
......@@ -2172,3 +2172,8 @@ NULL
select 'still connected?';
still connected?
still connected?
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
Variable_name Value
Ssl_cipher EDH-RSA-DES-CBC3-SHA
drop user mysqltest_1@localhost;
......@@ -34,5 +34,10 @@ select 'still connected?';
connection default;
disconnect ssl_con;
create user mysqltest_1@localhost;
grant usage on mysqltest.* to mysqltest_1@localhost require cipher "EDH-RSA-DES-CBC3-SHA";
--exec $MYSQL -umysqltest_1 --ssl-cipher=EDH-RSA-DES-CBC3-SHA -e "show status like 'ssl_cipher'" 2>&1
drop user mysqltest_1@localhost;
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc
......@@ -12199,6 +12199,9 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user)
return 1;
}
}
if (!acl_user->x509_issuer && !acl_user->x509_subject)
return 0; // all done
/* Prepare certificate (if exists) */
if (!(cert= SSL_get_peer_certificate(ssl)))
return 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment