Bug #28100 SSL enabled MySQL still allows users to connect without SSL
Submitted: 25 Apr 2007 15:36 Modified: 29 May 2007 19:42
Reporter: Will Fitch Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S1 (Critical)
Version:5.0.37 OS:Linux
Assigned to: CPU Architecture:Any

[25 Apr 2007 15:36] Will Fitch 
Description:
Connecting to a MySQL server that is SSL enabled with OpenSSL from a MySQL client allows a user to connect if they specify the wrong location to SSL certificates.  Once the user connects, the MySQL server returns SSL errors, but still allows connections and queries to be ran. 

How to repeat:
I was using the MySQL client 4.1.20 against a MySQL server 5.0.37.  This is the exact Linux command line info:

[user@host dir]$ mysql -u ssluserl -p --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem   -h hostname.tld --port=3309
Enter password:
Error when connection to server using SSL:6570:error:02001002:system library:fopen:No such file or directory:bss_f                                           ile.c:259:fopen('client-cert.pem','r')
6570:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
6570:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513:
Unable to get certificate from 'client-cert.pem'
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 99 to server version: 5.0.37

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
+--------------------+
[26 Apr 2007 7:17] Sveta Smirnova 
Thank you for the report.

Please connect as "mysql -u ssluserl -p --ssl-ca=ca-cert.pem
--ssl-cert=client-cert.pem --ssl-key=client-key.pem   -h hostname.tld
--port=3309" and provide output of \s command of the mysql client.

Also please provide configuration file for the server.
[26 May 2007 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[29 May 2007 12:39] Will Fitch 
The following is the output of \s.

Enter password:
Error when connection to server using SSL:11907:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/client-cert.pem','r')
11907:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
11907:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513:
Unable to get certificate from '/client-cert.pem'
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 74 to server version: 5.0.37

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> \s
--------------
mysql  Ver 14.7 Distrib 4.1.20, for redhat-linux-gnu (i686) using readline 4.3

Connection id:          74
Current database:
Current user:           ssluser@host.tld
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.0.37
Protocol version:       10
Connection:             host.tld via TCP/IP
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    latin1
Conn.  characterset:    latin1
TCP port:               3309
Uptime:                 3 days 21 hours 31 min 24 sec

Threads: 1  Questions: 2219  Slow queries: 0  Opens: 202  Flush tables: 1  Open tables: 4  Queries per second avg: 0.007
[29 May 2007 19:40] Sveta Smirnova 
Thank you for the report.

But string "Cipher in use is DHE-RSA-AES256-SHA" shows your connection is secured.  Not existant client certificate was simple ignored. So this is not a bug.
[29 May 2007 19:42] Will Fitch 
The only problem I have is that anyone can connect to an SSL enabled MySQL server without any certificate validation whatsoever.