Bug #116133 Java's caching_sha2_password plugin should allow local unencrypted connections
Submitted: 17 Sep 18:19 Modified: 18 Oct 4:22
Reporter: Victor Sun Email Updates:
Status: No Feedback Impact on me:
None 
Category:Connector / J Severity:S3 (Non-critical)
Version:8.0.32 OS:Any
Assigned to: CPU Architecture:Any

[17 Sep 18:19] Victor Sun 
Description:
Connecting to a localhost connection with the caching_sha2_password authentication plugin using the Java client library requires an encrypted or RSA-protected connection, even if the connection is a local (UNIX) socket which should not require an encrypted connection. I am using the AFUNIXDatabaseSocketFactory class provided by Junixsocket and I get that the client isn't meant to support UNIX sockets, but shouldn't there at least be an option/way to turn off this requirement as it is completely unnecessary in this case?

Also, when I do enable SSL for the connection, if my engine 
 has an outdated certificate, I am unable to connect, due to the library verifying the certificate's expiry. Even if I specify not to verify the CA, it still checks and fails. Source: https://github.com/mysql/mysql-connector-j/blob/8.0.33/src/main/core-impl/java/com/mysql/c.... However, I am still able to connect using the CLI client and use replication, so it appears to just be a Java client library issue.

How to repeat:
Connect to user using `caching_sha2_password` authentication over UNIX socket to an engine with an outdated certificate.

Suggested fix:
There was a previous bug reported for the Python client library: https://bugs.mysql.com/bug.php?id=92260. The fix checks if a UNIX socket is used and skips the SSL requirement if it is. I suggest either exposing a different flag that overrides the SSL requirement, or move the certificate validity check to only be run if the rest of the certificate is being verified as well.
[18 Sep 4:22] MySQL Verification Team 
Hello Victor Sun,

Thank you for the report and feedback.
Please note that C/J 8.0.32 is very old and many related bugs since then. May I request you to try Connector/J 9.0.0? If you are still experiencing the issue then please provide a test case(.java), along with exact details of MySQL Server version in use which demonstrate the issue? Thank you.

regards,
Umesh
[19 Oct 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".