|
1 | 1 | // SPDX-License-Identifier: LGPL-2.1-or-later |
2 | | -// Copyright (c) 2015-2024 MariaDB Corporation Ab |
| 2 | +// Copyright (c) 2015-2025 MariaDB Corporation Ab |
3 | 3 |
|
4 | 4 | 'use strict'; |
5 | 5 |
|
@@ -81,7 +81,7 @@ class Authentication extends Command { |
81 | 81 | if (packet.remaining()) { |
82 | 82 | const validationHash = packet.readBufferLengthEncoded(); |
83 | 83 | if (validationHash.length > 0) { |
84 | | - if (!this.plugin.permitHash() || !this.cmdParam.opts.password || this.cmdParam.opts.password === '') { |
| 84 | + if (!this.plugin.permitHash() || !Boolean(this.cmdParam.opts.password)) { |
85 | 85 | return this.throwNewError( |
86 | 86 | 'Self signed certificates. Either set `ssl: { rejectUnauthorized: false }` (trust mode) or provide server certificate to client', |
87 | 87 | true, |
@@ -253,6 +253,21 @@ class Authentication extends Command { |
253 | 253 | pluginData = packet.readBufferRemaining(); |
254 | 254 | } |
255 | 255 |
|
| 256 | + if ( |
| 257 | + info.requireValidCert && |
| 258 | + info.selfSignedCertificate && |
| 259 | + Boolean(this.cmdParam.opts.password) && |
| 260 | + !this.plugin.permitHash() |
| 261 | + ) { |
| 262 | + return this.throwNewError( |
| 263 | + `Unsupported authentication plugin ${pluginName} with Self signed certificates. Either set 'ssl: { rejectUnauthorized: false }' (trust mode) or provide server certificate to client`, |
| 264 | + true, |
| 265 | + info, |
| 266 | + '08000', |
| 267 | + Errors.ER_SELF_SIGNED_BAD_PLUGIN |
| 268 | + ); |
| 269 | + } |
| 270 | + |
256 | 271 | if (opts.restrictedAuth && !opts.restrictedAuth.includes(pluginName)) { |
257 | 272 | this.throwNewError( |
258 | 273 | `Unsupported authentication plugin ${pluginName}. Authorized plugin: ${opts.restrictedAuth.toString()}`, |
|
0 commit comments