mirror of
https://github.com/MariaDB/server.git
synced 2025-01-19 05:22:25 +01:00
97e0f59b3b
when X.509 subject was required for a connect, we tested whether it was the right one, but did not refuse the connexion if not. fixed. (corrected CS now --replace_results socket-path) mysql-test/r/openssl_1.result: Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both test not only whether we can connect with a correct X.509 subject when one is required, but also assure that we can't without one. mysql-test/t/openssl_1.test: Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both test not only whether we can connect with a correct X.509 subject when one is required, but also assure that we can't without one. sql/sql_acl.cc: Bug#20411: "GRANT ... REQUIRE ISSUER nnn AND SUBJECT mmm" fails to require both actually refuse connexion if X.509 is required, but does not match. kudos to Al Smith.
53 lines
2.2 KiB
Text
53 lines
2.2 KiB
Text
drop table if exists t1;
|
|
create table t1(f1 int);
|
|
insert into t1 values (5);
|
|
grant select on test.* to ssl_user1@localhost require SSL;
|
|
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
|
|
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
|
|
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
|
|
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
|
|
flush privileges;
|
|
connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET);
|
|
ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO)
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1'
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1'
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1'
|
|
SHOW STATUS LIKE 'Ssl_cipher';
|
|
Variable_name Value
|
|
Ssl_cipher DHE-RSA-AES256-SHA
|
|
select * from t1;
|
|
f1
|
|
5
|
|
delete from t1;
|
|
ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1'
|
|
drop user ssl_user1@localhost, ssl_user2@localhost,
|
|
ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost;
|
|
drop table t1;
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
Error when connection to server using SSL:Unable to get private key from ''
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|
|
Error when connection to server using SSL:Unable to get certificate from ''
|
|
mysqltest: Could not open connection 'default': 2026 SSL connection error
|