| Bug #76157 | SSL-related global status information only available when connected using --ssl | ||
|---|---|---|---|
| Submitted: | 4 Mar 2015 22:45 | Modified: | 14 Apr 2015 19:49 |
| Reporter: | Todd Farmer (OCA) | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Security: Encryption | Severity: | S3 (Non-critical) |
| Version: | 8.0.0 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[14 Apr 2015 19:49]
Paul DuBois
Noted in 5.7.8, 5.8.0 changelogs. Global status variables related to SSL certificate metadata were available only within sessions established using SSL.
[18 Jun 2016 21:24]
Omer Barnir
Posted by developer: Reported version value updated to reflect release name change from 5.8 to 8.0
Description: The global variables related to SSL certificate metadata are only available when connecting via SSL. Most notably and problematic, cert expiration information can only be seen when using SSL: R:\ >bin\mysql -uroot -P3312 -e"show global status like 'Ssl_server_not%'\G" *************************** 1. row *************************** Variable_name: Ssl_server_not_after Value: *************************** 2. row *************************** Variable_name: Ssl_server_not_before Value: R:\ >bin\mysql -uroot -P3312 -e"show global status like 'Ssl_server_not%'\G" --ssl *************************** 1. row *************************** Variable_name: Ssl_server_not_after Value: Feb 17 20:21:49 2016 GMT *************************** 2. row *************************** Variable_name: Ssl_server_not_before Value: Feb 17 20:21:49 2015 GMT This makes very little sense, given that these are *global* variables. How to repeat: See above. Suggested fix: Make SSL cert information available via global variables regardless of connection type.