Skip to content

Major fixes to authentication support
Compare
Choose a tag to compare
@tanner0101 tanner0101 released this 30 Jul 15:31
1.3.0
1e85541
This commit was created on GitHub.com and signed with GitHub鈥檚 verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
This patch was authored and released by @gwynne.

Fixes the following failure modes:

  • In tests, certain errors would crash instead of failing
  • The xor(_:_:) utility did not correctly apply the operation to the entire buffer.
  • Most protocol errors now throw a much more specific error.
  • Trace logging is now more verbose during authentication.
  • The AuthSwitchRequest packet (tagged with 0xfe during the authentication phase, incorrectly treated as EOF before) is now correctly handled; this permits both the use of arbitrary auth plugins and the use of the "fast auth" mechanism.
  • The caching_sha2_password handling would previously incorrectly treat the trailing NUL as part of the auth data.
  • The fast_auth_success (0x1 0x3) packet during authentication is now correctly handled.
  • When the caching_sha2_password plugin fails to authenticate on non-TLS connections, we now log a useful error message and throw a meaningful error. The framework is in place to implement this fully as soon as a usable implementation of the RSA public-key encrypt operation (with PEM armor and PKCS#1-OAEP padding support) is available.

This massively increases compatibility with all supported versions of MySQL and MariaDB and paves the way for further improvements.

Tagged semver-minor due to the new enumerators for the more specific errors.

Assets 2