On Mon, 9 Sept 2024 at 21:58, Sergei Golubchik <serg@mariadb.org> wrote:
How can thd->scramble[SCRAMBLE_LENGTH] be not zero at this point? *[...]* thd->scramble[SCRAMBLE_LENGTH]= 1;
was needed to tell the plugin to generate the scramble. A plugin can be called in the middle of the authentication or in the COM_CHANGE_USER. It doesn't know what happens before it and need to know if the scramble was already generated.
Only two plugins were setting thd->scramble, and only them could be default. Now the situation changes, and any plugin could be tried as default. In this case, thd->scramble will be found unset. BTW, that doesn't help to distinguish being executed as a non-default plugin during handshake from COM_CHANGE_USER. Does this sort out the issue? it won't be easy to add later without breaking the compatibility with
existing clients, I suspect.
Indeed. I would skip that part completely. It seems to me that scramble is not important in the certificate validation and can be safely omitted. Do I miss something? -- Yours truly, Nikita Malyavin