Bug #75313 Details about server certificate.
Submitted: 25 Dec 2014 15:13 Modified: 17 Jul 2015 13:53
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S4 (Feature request)
Version:5.6.22 OS:Any
Assigned to: CPU Architecture:Any
Tags: SSL, subject, tls

[25 Dec 2014 15:13] Daniël van Eeden 
Description:
When I'm connected to a server which has SSL enabled it would like to verify:
- The CN in the certificate (e.g. display it, not just --ssl-verify-server-cert)
- The issuer of the certificate
- The certificate of the server

This is similar to what Firefox does for an SSL enabled website:
 You are connected to: google.com
 Verified by: Google Inc
 The connection to this website is secure

If I click 'more details..' I get to see:
The certificate version, the whole certificate chain. Constraints, extensions CRL distribution points, fingerprints, OCSP url's, etc.

The validity of the certificate is already shown: Ssl_server_not_after/Ssl_server_not_after.

How to repeat:
Try to find information about the certificate presented by the server.

Suggested fix:
Expose more details about the certificate presented by the server.

Especially the CN/Subject and issuer.
e.g:
mysql -h foo.example.com:
Connected to foo.example.com (Certificate: *.example.com issued by MeMyselfAndI)

Maybe add it to "status / \s" in the client. Maybe add a dump certificate and/or pipe through certificate viewer option
[17 Jul 2015 13:53] Georgi Kodinov 
Thank you for your reasonable feature request.