MySQL Bugs: #27925: X509_Issuer and X509_Subject does not uniquely identify a user

Bug #27925	X509_Issuer and X509_Subject does not uniquely identify a user
Submitted:	18 Apr 2007 11:24
Reporter:	Oli Sennhauser	Email Updates:
Status:	Open	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S4 (Feature request)
Version:	>= 5.0	OS:	Any
Assigned to:		CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
According to mysql.user we use x509_issuer and x509_subject to identify a user. According to rfc 3280 chap. 4.1.2.2 identifies the issuer name (= CA) and the serial number a unique certificate. And not the subject and the issuer.

For example issuer could be Verisign and subject "Max Muster". But Max Muster can exist several times at Verisign.

If you are not CA yourself you do NOT have under control what subject contains.

From the PKI point of view only subject and serial are correct.

How to repeat:
desc mysql.user
rfc 3280 chap. 4.1.2.2