Bug #1982 secure Authentication fails on 3.1.0 alpha with 4.1.0 server
Submitted: 28 Nov 2003 18:07 Modified: 29 Nov 2003 6:24
Reporter: Quartz 12h Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / J Severity:S2 (Serious)
Version:3.1.0a OS:Windows (win2k,)
Assigned to: Mark Matthews CPU Architecture:Any

[28 Nov 2003 18:07] Quartz 12h 
Description:
Connector/J, 3.1.0 alpha (web site)
MysqlIO, line 683: secureAuth doesn't work. I added a "if(false &&" to bypass
Maybe it is the 4.1.0 (dev) server on win2k.

            if (!connection.useSSL()) {
                if (false && (serverCapabilities & CLIENT_SECURE_CONNECTION) != 0) { //HACK: secure auth doesn't work
                    clientParam |= CLIENT_SECURE_CONNECTION;
                    secureAuth(packLength, serverCapabilities, clientParam,
                        user, password, database);

How to repeat:
use srv 4.1.0, connector j 3.1.0a,

just try to get connection with a database, user, password.

File f = new File(jarpath);
URL u = f.toURL();
URLClassLoader uc = new URLClassLoader(new URL[]{u});
Driver d = (Driver)uc.loadClass("com.mysql.jdbc.Driver").newInstance();
Properties props = new Properties();
//props.setProperty("useServerPrepStmts", "true"); //tested later
props.setProperty("user", "root");
props.setProperty("password", "x");
conn = d.connect("jdbc:mysql://127.0.0.1:3306/stress", props);

Suggested fix:
hack the code...
[28 Nov 2003 20:36] Mark Matthews 
I've tested with both 3.1.0 and the nightly snapshots of 3.1 and can't repeat this behavior. How did you install MySQL-4.1.0 (was it a 'clean' install, or an upgrade)?
[29 Nov 2003 5:37] Quartz 12h 
for the 4.1 server, it works fine with the 3.0.8 and 3.0.9 connJ stack.
I can browse everything with mysqlcc, and the database "stress" that I use is really there.

I tried to follow the install guide. Mostly doesn't work. So I unzip 4.1, delete the data folder, copy my old data folder in place and started the mysqld-nt.
I was bumpy at first, non-responsive, I had to kill it a couple time. But Like I said, it works (at least data is acessible and writable). FYI, the C:\mysql\bin\winmysqladmin.exe does not start, because the ./lib/opt/*.dll are not in the ./bin directory (I copied them in ./bin, assuming I should not use the ./lib/debug/*.dll versions).

I stepped through the code to discover that it is the authentication (login) in secure mode (scrambled) that is messed up. To exercice that code, you must not  have an SSL socket.

The server return an error message saying that database "stre" is not found (which should be "stress").
Looks like a protocol packet is trimmed on one of the two ends.
[29 Nov 2003 6:25] Mark Matthews 
Ahh. Once you expounded on what 'doesn't work' means (database name truncated), then yes, this is a known bug that was fixed in Connector/J 3.0.9 and 3.1.1. See a nightly snapshot of 3.1 if you want to use all of the features in MySQL-4.1.1 (from http://downloads.mysql.com/snapshots.php)