Bug #21565 More verbose connection log
Submitted: 10 Aug 2006 10:53 Modified: 28 Aug 2006 11:33
Reporter: Cedric Wider Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Logging Severity:S4 (Feature request)
Version:5.0.25 OS:Any (All)
Assigned to: CPU Architecture:Any

[10 Aug 2006 10:53] Cedric Wider
Description:
While trying to set up SSL client authentication I often got the following error: ERROR 1045 (28000): Access denied for user '<username>'@'<host>' (using password: YES)

It would be helpful to see why the server decided to deny the connection request in the logfile. Eg. Something like "Access denied for user '<username>'@'<host>' (using password: YES) - Certificate could not be verified"

How to repeat:
Start the server with the --log[=filename] option or put a log entry to your my.cnf file. (Additional you could use the --ssl* options to set up a ssl environment)

Then try connecting using false credentials and check the output in the logfile.
[10 Aug 2006 11:44] Ralf Hauser
or say, "certificate expired" or "root certificate not found in cacerts", etc...

Please cite/dump the client certificate your received into the server-side log such that one can detect a confusion if the GRANT statement asks for one DN and the certificate found contains a different one
[15 Aug 2006 9:57] Ralf Hauser
see also Bug #19870 and Bug #20899
[28 Aug 2006 11:33] Valeriy Kravchuk
Thank you for a reasonable feature request.