Description:
mysqld (4.0.16) built with SSL support (--with-vio --with-openssl) crashes if both of the following conditions are met:
1. Permissions for a user have been set with GRANT...REQUIRE SUBJECT or GRANT...REQUIRE ISSUER.
2. A client program attempts to connect to the server by calling mysql_real_connect() with the CLIENT_SSL flag but didn't call mysql_ssl_set() beforehand.
When these conditions are met, mysqld crashes and logs "mysqld got signal 11; This could be because you hit a bug...." to the .err file. In the client program, mysql_real_connect() fails with "Lost connection to MySQL server during query."
I can consistently reproduce this crash with MySQL 4.0.16 on FreeBSD 4.9 running on a Pentium III (built from source via the ports collection) and on Solaris 9 running on a SPARC Ultra 1 (built from source). The compiler on the FreeBSD box is gcc 2.95.4; the compiler on the Solaris box is gcc 3.3.2. OpenSSL on both boxes is 0.9.7c.
How to repeat:
1. Grant permissions to a user with a command such as the following:
GRANT USAGE ON * TO testuser IDENTIFIED BY 'password'
REQUIRE SUBJECT '/CN=Test User/emailAddress=testuser@example.com';
2. Compile and run the attached C program.
Suggested fix:
Unknown.
