Description:
When granting a user the X509_certificate SSL related option MySQL server uses the certificate's CN as the subject, instead of the certificate's real subject.

How to repeat:
mysql> select version();
+----------------+
| version()      |
+----------------+
| 5.0.11-beta-nt |
+----------------+
1 row in set (0.03 sec)

mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | YES   |
+---------------+-------+
1 row in set (0.00 sec)

mysql> grant select on test.* to 'pippo1'@'localhost' identified by 'pippo1' req
uire subject '/E=client_cert@myca.com/CN=client_cert/OU=pippo/O=pippopippo/L=torin
o/S=italy/C=it';
Query OK, 0 rows affected (0.02 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)

mysql>

The connection is unsuccessful:

C:\Documents and Settings\pippo>mysql -upippo1 -ppippo1
ERROR 1045 (28000): Access denied for user 'pippo1'@'localhost' (using password:
 YES)

And in the error log i read:

050830 12:48:30 [Note] X509 subject mismatch: '/E=client_cert@myca.com/CN=client_cert/OU=pippo/O=pippopippo/L=torino/S=italy/C=it' vs 'client_cert'

Verified w/5.0.11

Tested w/5.0.12 from bk too

I wasn't able to reproduce this under XP and Linux with a recent 5.0 pull

Two questions:

1. What does "a recent 5.0 pull" mean? If it is fixed it's fixed from a version number so that users can rely on it

2. How can you pass to "can't repeat"? It has been verified, it must be closed by some kind of patch and not from some random change.