Bug #27925 X509_Issuer and X509_Subject does not uniquely identify a user
Submitted: 18 Apr 2007 11:24
Reporter: Oli Sennhauser Email Updates:
Status: Open Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:>= 5.0 OS:Any
Assigned to: CPU Architecture:Any

[18 Apr 2007 11:24] Oli Sennhauser
Description:
According to mysql.user we use x509_issuer and x509_subject to identify a user. According to rfc 3280 chap. 4.1.2.2 identifies the issuer name (= CA) and the serial number a unique certificate. And not the subject and the issuer.

For example issuer could be Verisign and subject "Max Muster". But Max Muster can exist several times at Verisign.

If you are not CA yourself you do NOT have under control what subject contains.

From the PKI point of view only subject and serial are correct.

How to repeat:
desc mysql.user
rfc 3280 chap. 4.1.2.2