Bug #76286 Access denied with ssl connection from MySQL client
Submitted: 12 Mar 2015 12:03 Modified: 26 May 2015 13:04
Reporter: Filipe Silva Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Connection Handling Severity:S2 (Serious)
Version:5.7.6 OS:Any
Assigned to: CPU Architecture:Any

[12 Mar 2015 12:03] Filipe Silva
Description:
When connecting to a MySQL Server 5.7.6 Community with ssl enabled, from the corresponding MySQL client also using ssl, I get a "ERROR 1045 (28000): Access denied for user" error if the user has password defined and the general log is turned off.

This doesn't happen when connecting to the Commercial version OR if the user doesn't have a password OR if the general log is turned on.

How to repeat:
- Install MySQL Server 5.7.6 Community edition.

- Setup ssl. No general log. Start server.

- Create two users. User usra with password 'abc', user usrb without password. Default settings.

- Connect usra using: mysql --protocol=TCP -uusra -pabc --ssl-ca=.../ca-cert.pem
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'usra'@'localhost' (using password: YES)

- Connect usrb using: mysql --protocol=TCP -uusrb --ssl-ca=.../ca-cert.pem
(success)

- Turn on general log. Restart server.

- Connect usra using: mysql --protocol=TCP -uusra -pabc --ssl-ca=.../ca-cert.pem
(success)

- Connect usrb using: mysql --protocol=TCP -uusrb --ssl-ca=.../ca-cert.pem
(success)

Suggested fix:
-
[26 May 2015 13:04] Paul Dubois
Noted in 5.7.8, 5.8.0 changelogs.

Attempts to establish SSL connections to a Community Edition server
failed if the client had a password and the server did not have the
general query log enabled.