On 01 Aug 2001 10:20:30 +0200, Johan Danielsson wrote:
>
> This bug-report is all from code inspection, so if I've missed
> something essential, please correct me. The reason I started looking
> at this is that I wanted to add some kind of Kerberos 5 support.
>
> It appears that the SSL mode in mysql is very broken. In
> mysql_real_connect you do:
>
> But this means that if the server doesn't support SSL, or worse, if
> some malicious guy turned off the SSL bit from the server to the
> client, SSL will not be used, without anyone finding out. If SSL is
> requested but isn't used, the connection should be terminated. In
> practice this probably means that any enctryption has to be negotiated
> before any other (vital) data is transmitted.
Well, this is not finished and doesn't work at all. We will put x509
based GRANT stuff also into ACL-s, so non-SSL connections can be
refused. Also there will appear functions to determine exact SSL cipher,
keylength and certificate stuff.
--
For technical support contracts, goto https://order.mysql.com/
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Tonu Samuel <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Security Administrator
/_/ /_/\_, /___/\___\_\___/ Hong Kong, China
<___/ www.mysql.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
