Bug #89547 Option to extract the public key of the server
Submitted: 6 Feb 2018 7:49 Modified: 7 Feb 2018 13:10
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S4 (Feature request)
Version:8.0.3 OS:Any
Assigned to: CPU Architecture:Any

[6 Feb 2018 7:49] Daniël van Eeden 
Description:
From https://insidemysql.com/preparing-your-community-connector-for-mysql-8-part-1-sha256/

mysql_options(&mysql, MYSQL_OPT_GET_SERVER_PUBLIC_KEY, true);

But if I want to make things slightly more secure (and faster?) then I would like to implement TOFU (trust-on-first-use). 

To do that I would need to extract the public key.

How to repeat:
See description

Suggested fix:
key = get_key_from_local(host_name);
if (key == NULL)
{
  mysql_options(&mysql, MYSQL_OPT_GET_SERVER_PUBLIC_KEY, true);
  ...
  key= mysql_get_public_key(mysql);
  store_key_local(host_name, key);
}
else
{
  mysql_options(&mysql, MYSQL_SERVER_PUBLIC_KEY, key);
  ...
}

So a function like mysql_get_public_key() would be needed.

It is probably possible to send a SQL query to fetch the key again but that's not very efficient.
[6 Feb 2018 7:49] Daniël van Eeden 
.
[7 Feb 2018 13:10] Georgi Kodinov 
Thank you for you valuable feature request !