Bug #88372 | Certificate store not working due to wrong thumbprint character length | ||
---|---|---|---|
Submitted: | 6 Nov 2017 8:57 | Modified: | 13 Feb 2018 6:14 |
Reporter: | Jaco Stienstra | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | Connector / NET | Severity: | S3 (Non-critical) |
Version: | >= 6.8 | OS: | Windows |
Assigned to: | CPU Architecture: | Any | |
Tags: | certificate thumbprint |
[6 Nov 2017 8:57]
Jaco Stienstra
[1 Dec 2017 6:41]
Chiranjeevi Battula
Hello Jaco Stienstra, Thank you for the bug report. Could you please provide repeatable test case (exact steps/sample project, connection string, algorithm etc. - please make it as private if you prefer) to confirm this issue at our end? Thanks, Chiranjeevi.
[1 Dec 2017 13:55]
Jaco Stienstra
I have used the following code to test if the certificate was indeed in the store using roughly the same code the MySQL Data library uses and a connection test to a MySQL server. var thumbprint = "E53C060C0C8A1B4011A9BDF19223B92245DC06D4"; X509CertificateCollection certs = new X509CertificateCollection(); StoreLocation location = StoreLocation.CurrentUser; X509Store store = new X509Store(StoreName.My, location); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); // Test to find certificate with given thumbprint certs.AddRange(store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, true)); if (certs.Count == 0) { MessageBox.Show("no cert found", "oh noes"); } else { MessageBox.Show(certs[0].Subject, "cert"); } using (MySqlConnection connection = new MySqlConnection("Host=1.2.3.4;database=test;user=test;Password=test;CertificateStoreLocation=CurrentUser;SSLMode=Required;CertificateThumbprint="+thumbprint)) { connection.Open(); MessageBox.Show("Server version: "+ connection.ServerVersion, "Connection Info"); } Since i was unable to connect i modified the method GetClientCertificates(): https://github.com/mysql/mysql-connector-net/blob/a12b00dade83c79730ad3d1fe63fa7dffedc1c4c... I added a string length check on line 368 by throwing an exception: https://github.com/mysql/mysql-connector-net/blob/a12b00dade83c79730ad3d1fe63fa7dffedc1c4c... throw new MySqlException("Certificate TP Length:"+ Settings.CertificateThumbprint.Length); I will attach a pfx containing a certificate with above thumbprint.
[1 Dec 2017 13:55]
Jaco Stienstra
certificate
Attachment: devolutions.pfx (application/x-pkcs12, text), 3.26 KiB.
[1 Dec 2017 14:23]
Jaco Stienstra
Additional info: To test this you only need a running mysql server, a valid user or password is not needed to test the certificate functionality.
[13 Feb 2018 6:14]
Chiranjeevi Battula
Hello Jaco Stienstra, Thank you for the bug report. Verified based on internal discussion with dev's. Thanks, Chiranjeevi.