> > How can thd->scramble[SCRAMBLE_LENGTH] be not zero at this point?
[...]
thd->scramble[SCRAMBLE_LENGTH]= 1;
was needed to tell the plugin to generate the scramble. A plugin can be
called in the middle of the authentication or in the COM_CHANGE_USER.
It doesn't know what happens before it and need to know if the scramble
was already generated.
Only two plugins were setting thd->scramble, and only them could be default.
Now the situation changes, and any plugin could be tried as default.
In this case, thd->scramble will be found unset.
BTW, that doesn't help to distinguish being executed as a non-default plugin
during handshake from COM_CHANGE_USER.
Does this sort out the issue?
it won't be easy to add later without breaking the compatibility with
existing clients, I suspect.
Indeed. I would skip that part completely. It seems to me that scramble is
not important in the certificate validation and can be safely omitted. Do
I miss something?
--