Description:
When using the script as per http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html , the recent openssl on fedora doesn't produce the same syntax as documented 

the sample in http://dev.mysql.com/doc/refman/5.0/en/grant.html says 

  ISSUER '/C=FI/ST=Some-State/L=Helsinki/
    O=MySQL Finland AB/CN=Tonu Samuel/Email=tonu@example.com';

while in client-cert.pem I produce, I see
'...Samuel/emailAddress=tonu@example.com'

not sure that this is why I still get the unspecific error as eported in Bug #20899, but it certainly could be a reason.

How to repeat:
use openssl on fedora

Suggested fix:
mention in refman, provide better error message (Bug #20899) that possibly even cites the issuer found in the certificate presented by the client as seen by the server...

Thank you for a problem report. What exact OpenSSL version do you use?

OpenSSL 0.9.7a Feb 19 2003

Redhat workstation
on Linux 2.6.9-34.0.1.EL #1 Wed May 17 16:44:57 EDT 2006 i686 i686 i386 GNU/Linux

as said, it is the same with fedora.

Can you, please, try to repeat with MySQL 4.0.27 and OpenSSL 0.9.8b (or OpenSSL 0.9.7j), and inform about the results? The versions you used are old.

I am using openssl 0.9.7j on my gentoo 2.6.14 and mysql version 4.1.20.
If the version of openssl and mysql is so important it would be nice to have a note in the documentation too.

The emailAddress string in the generated certificate still isn't the same as the one in the documentation.

Grant the privileges using the following ISSUER string works
REQUIRE ISSUER '/C=CH/ST=ZH/L=Zurich/O=Acme Corp./OU=R n D/CN=Cedric Wider/emailAddress=foo@bar.com';

And this one (same as in the documentation) doesn't work
REQUIRE ISSUER '/C=CH/ST=ZH/L=Zurich/O=Acme Corp./OU=R n D/CN=Cedric Wider/Email=foo@bar.com';

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".