FB8-53: Expose user certificate details to command line (#959)

Summary:
Jira ticket: https://jira.percona.com/browse/FB8-53

Reference Patch: f29eb03
Reference Patch: c631017

'THD' class extended with the following convenience methods:
- 'has_net_vio()'
- 'get_net_vio()'
- 'has_net_vio_ssl_arg()'
- 'get_net_vio_ssl_arg()'
- 'get_peer_certificate_info()'

Implemented new 'Fill_authinfo_list' class derived from 'Do_THD_Impl'
which populates 'INFORMATION_SCHEMA.AUTHINFO' table.

This is a change to help the implementation of SSL based authentication
efforts. Currently the certificate details are unavailable to the sys admin.
The v3 extensions usually carry important information for identifying the
user.

This change adds a new table to the information schema to expose auth
details. It is organized by process ID like processlist table.
Pull Request resolved: #959

Reviewed By: lth

Differential Revision: D14137362

Pulled By: lth

fbshipit-source-id: b42aeba

mysql-test/r/dd_is_compatibility_ci.result

@@ -153,6 +153,7 @@ WHERE table_schema LIKE 'information_schema'
   ORDER BY table_name COLLATE UTF8_GENERAL_CI;
 SELECT * FROM v1;
 table_name
+AUTHINFO
 CHARACTER_SETS
 COLLATIONS
 COLLATION_CHARACTER_SET_APPLICABILITY

mysql-test/r/dd_is_compatibility_cs.result

@@ -153,6 +153,7 @@ WHERE table_schema LIKE 'information_schema'
   ORDER BY table_name COLLATE UTF8_GENERAL_CI;
 SELECT * FROM v1;
 table_name
+AUTHINFO
 CHARACTER_SETS
 COLLATIONS
 COLLATION_CHARACTER_SET_APPLICABILITY

mysql-test/r/information_schema_authinfo.result

@@ -0,0 +1,6 @@
+#
+# Test case for information_schema.authinfo table
+# (SSL connection)
+#
+include/assert.inc [SSL field for the current connection must be set to 1]
+include/assert.inc [Info field (peer certificate) for the current connection must be non-empty]

mysql-test/r/information_schema_authinfo_nossl.result

@@ -0,0 +1,6 @@
+#
+# Test case for information_schema.authinfo table
+# (non-SSL connection)
+#
+include/assert.inc [SSL field for the current connection must be set to 0]
+include/assert.inc [Info field (peer certificate) for the current connection must be NULL]

mysql-test/r/information_schema_ci.result

@@ -60,6 +60,7 @@ table_name COLLATE utf8_general_ci not like 'ndb_%' AND
 table_name COLLATE utf8_general_ci not like 'innodb_%';
 select * from v1;
 c
+AUTHINFO
 CHARACTER_SETS
 COLLATIONS
 COLLATION_CHARACTER_SET_APPLICABILITY
@@ -609,8 +610,8 @@ from information_schema.tables
 where table_schema='information_schema'
 order by table_name collate utf8_general_ci limit 2;
 TABLE_NAME	TABLE_TYPE	ENGINE
+AUTHINFO	SYSTEM VIEW	NULL
 CHARACTER_SETS	SYSTEM VIEW	NULL
-COLLATIONS	SYSTEM VIEW	NULL
 show tables from information_schema like "T%";
 Tables_in_information_schema (T%)
 TABLES
@@ -846,7 +847,7 @@ table_schema IN ('mysql', 'information_schema', 'test', 'mysqltest')
 AND table_name not like 'ndb%' AND table_name COLLATE utf8_general_ci not like 'innodb_%'
 GROUP BY TABLE_SCHEMA;
 TABLE_SCHEMA	count(*)
-information_schema	35
+information_schema	36
 mysql	31
 create table t1 (i int, j int);
 create trigger trg1 before insert on t1 for each row
@@ -1287,6 +1288,7 @@ group by c2.column_type order by num limit 1)
 and t.table_name not like 'INNODB_%'
 group by t.table_name order by num1, t.table_name COLLATE utf8_general_ci;
 TABLE_NAME	group_concat(t.table_schema, '.', t.table_name)	num1
+AUTHINFO	information_schema.AUTHINFO	1
 CHARACTER_SETS	information_schema.CHARACTER_SETS	1
 COLLATIONS	information_schema.COLLATIONS	1
 COLLATION_CHARACTER_SET_APPLICABILITY	information_schema.COLLATION_CHARACTER_SET_APPLICABILITY	1
@@ -2418,6 +2420,7 @@ AND t.table_name NOT LIKE 'ndb%'
   ORDER BY t.table_name COLLATE utf8_general_ci,
 c1.column_name COLLATE utf8_general_ci;
 TABLE_NAME	COLUMN_NAME
+AUTHINFO	ID
 CHARACTER_SETS	CHARACTER_SET_NAME
 COLLATIONS	COLLATION_NAME
 COLLATION_CHARACTER_SET_APPLICABILITY	COLLATION_NAME
@@ -2472,6 +2475,7 @@ AND t.table_name NOT LIKE 'ndb%'
   ORDER BY t.table_name COLLATE utf8_general_ci,
 c1.column_name COLLATE utf8_general_ci;
 TABLE_NAME	COLUMN_NAME
+AUTHINFO	ID
 CHARACTER_SETS	CHARACTER_SET_NAME
 COLLATIONS	COLLATION_NAME
 COLLATION_CHARACTER_SET_APPLICABILITY	COLLATION_NAME

mysql-test/r/information_schema_cs.result

@@ -60,6 +60,7 @@ table_name COLLATE utf8_general_ci not like 'ndb_%' AND
 table_name COLLATE utf8_general_ci not like 'innodb_%';
 select * from v1;
 c
+AUTHINFO
 CHARACTER_SETS
 COLLATIONS
 COLLATION_CHARACTER_SET_APPLICABILITY
@@ -609,8 +610,8 @@ from information_schema.tables
 where table_schema='information_schema'
 order by table_name collate utf8_general_ci limit 2;
 TABLE_NAME	TABLE_TYPE	ENGINE
+AUTHINFO	SYSTEM VIEW	NULL
 CHARACTER_SETS	SYSTEM VIEW	NULL
-COLLATIONS	SYSTEM VIEW	NULL
 show tables from information_schema like "T%";
 Tables_in_information_schema (T%)
 TABLES
@@ -846,7 +847,7 @@ table_schema IN ('mysql', 'information_schema', 'test', 'mysqltest')
 AND table_name not like 'ndb%' AND table_name COLLATE utf8_general_ci not like 'innodb_%'
 GROUP BY TABLE_SCHEMA;
 TABLE_SCHEMA	count(*)
-information_schema	35
+information_schema	36
 mysql	31
 create table t1 (i int, j int);
 create trigger trg1 before insert on t1 for each row
@@ -1287,6 +1288,7 @@ group by c2.column_type order by num limit 1)
 and t.table_name not like 'INNODB_%'
 group by t.table_name order by num1, t.table_name COLLATE utf8_general_ci;
 TABLE_NAME	group_concat(t.table_schema, '.', t.table_name)	num1
+AUTHINFO	information_schema.AUTHINFO	1
 CHARACTER_SETS	information_schema.CHARACTER_SETS	1
 COLLATIONS	information_schema.COLLATIONS	1
 COLLATION_CHARACTER_SET_APPLICABILITY	information_schema.COLLATION_CHARACTER_SET_APPLICABILITY	1
@@ -2418,6 +2420,7 @@ AND t.table_name NOT LIKE 'ndb%'
   ORDER BY t.table_name COLLATE utf8_general_ci,
 c1.column_name COLLATE utf8_general_ci;
 TABLE_NAME	COLUMN_NAME
+AUTHINFO	ID
 CHARACTER_SETS	CHARACTER_SET_NAME
 COLLATIONS	COLLATION_NAME
 COLLATION_CHARACTER_SET_APPLICABILITY	COLLATION_NAME
@@ -2472,6 +2475,7 @@ AND t.table_name NOT LIKE 'ndb%'
   ORDER BY t.table_name COLLATE utf8_general_ci,
 c1.column_name COLLATE utf8_general_ci;
 TABLE_NAME	COLUMN_NAME
+AUTHINFO	ID
 CHARACTER_SETS	CHARACTER_SET_NAME
 COLLATIONS	COLLATION_NAME
 COLLATION_CHARACTER_SET_APPLICABILITY	COLLATION_NAME

mysql-test/r/information_schema_db.result

@@ -6,6 +6,7 @@ drop function if exists f2;
 use INFORMATION_SCHEMA;
 show tables where Tables_in_information_schema NOT LIKE 'INNODB%' and Tables_in_information_schema NOT LIKE 'ndb%';
 Tables_in_information_schema
+AUTHINFO
 CHARACTER_SETS
 COLLATIONS
 COLLATION_CHARACTER_SET_APPLICABILITY

mysql-test/r/mysqlshow_ci.result

@@ -79,6 +79,7 @@ Database: information_schema
 +---------------------------------------+
 |                Tables                 |
 +---------------------------------------+
+| AUTHINFO                              |
 | CHARACTER_SETS                        |
 | COLLATION_CHARACTER_SET_APPLICABILITY |
 | COLLATIONS                            |
@@ -150,6 +151,7 @@ Database: INFORMATION_SCHEMA
 +---------------------------------------+
 |                Tables                 |
 +---------------------------------------+
+| AUTHINFO                              |
 | CHARACTER_SETS                        |
 | COLLATION_CHARACTER_SET_APPLICABILITY |
 | COLLATIONS                            |

mysql-test/r/mysqlshow_cs.result

@@ -79,6 +79,7 @@ Database: information_schema
 +---------------------------------------+
 |                Tables                 |
 +---------------------------------------+
+| AUTHINFO                              |
 | CHARACTER_SETS                        |
 | COLLATIONS                            |
 | COLLATION_CHARACTER_SET_APPLICABILITY |
@@ -150,6 +151,7 @@ Database: INFORMATION_SCHEMA
 +---------------------------------------+
 |                Tables                 |
 +---------------------------------------+
+| AUTHINFO                              |
 | CHARACTER_SETS                        |
 | COLLATIONS                            |
 | COLLATION_CHARACTER_SET_APPLICABILITY |

mysql-test/suite/audit_null/r/event_params_cert.result

@@ -8,7 +8,7 @@ SELECT * FROM foo;
 i
 SHOW STATUS LIKE "Audit_null_generic_event_response";
 Variable_name	Value
-Audit_null_generic_event_response	connection_certificate:-----BEGIN CERTIFICATE-----\nMIIDyDCCArCgAwIBAgIJAOG0pVw936YVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV\nBAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEP\nMA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVNeVNRTDELMAkGA1UEAwwCQ0EwHhcN\nMTQxMjA1MDQ0OTIzWhcNMjkxMjAxMDQ0OTIzWjBnMQswCQYDVQQGEwJTRTESMBAG\nA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xDzANBgNVBAoMBk9y\nYWNsZTEOMAwGA1UECwwFTXlTUUwxDzANBgNVBAMMBkNsaWVudDCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAMjRof6kjPMbF3EbdDUR4A5sQAr7wPfw67vJ\nHaHH17CK9vHP+mvQeWTru2mlDYAG31IU0oUyz7/OKkcoW80LKKu7BzPVi9O0csSm\ntcw3uQOoeFYlWB8XMHzRCrvsPKMDkJeZkkmus1eWXBrp6AIjrsjJBVBj5XehmnMG\ndA5GUCjYyU/EHDe4UhgLrxkr1OVmdKTz8No
+Audit_null_generic_event_response	connection_certificate:-----BEGIN CERTIFICATE-----\nMIIDyDCCArCgAwIBAgIJAOG0pVw936YVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV\nBAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEP\nMA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVNeVNRTDELMAkGA1UEAwwCQ0EwHhcN\nMTQxMjA1MDQ0OTIzWhcNMjkxMjAx
 DROP USER cert_auth@localhost;
 DROP TABLE foo;
 UNINSTALL PLUGIN null_audit;

mysql-test/suite/audit_null/t/event_params_cert.test

@@ -14,7 +14,10 @@ SET @@null_audit_extended_log = 1;
 
 SELECT * FROM foo;
 
---replace_regex /.*(connection_certificate:[^;]*).*/\1/
+# As "certificate:" part in the status var may be truncated because of the
+# max status var length limit, taking only first 255 chars here to make this
+# test stable
+--replace_regex /.*(connection_certificate:[^;]{255}).*/\1/
 SHOW STATUS LIKE "Audit_null_generic_event_response";
 
 disconnect con1;

mysql-test/suite/funcs_1/r/is_columns_is_ci.result

@@ -6,6 +6,11 @@ ORDER BY table_schema,
 table_name COLLATE utf8_general_ci,
 ordinal_position;
 TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	ORDINAL_POSITION	COLUMN_DEFAULT	IS_NULLABLE	DATA_TYPE	CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH	NUMERIC_PRECISION	NUMERIC_SCALE	DATETIME_PRECISION	CHARACTER_SET_NAME	COLLATION_NAME	COLUMN_TYPE	COLUMN_KEY	EXTRA	PRIVILEGES	COLUMN_COMMENT	GENERATION_EXPRESSION	SRS_ID
+def	information_schema	AUTHINFO	ID	1		NO	bigint	NULL	NULL	NULL	NULL	NULL	NULL	NULL	bigint(21) unsigned			select			NULL
+def	information_schema	AUTHINFO	USER	2		NO	varchar	10	32	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(32)			select			NULL
+def	information_schema	AUTHINFO	HOST	3		NO	varchar	21	64	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(64)			select			NULL
+def	information_schema	AUTHINFO	SSL	4		NO	int	NULL	NULL	NULL	NULL	NULL	NULL	NULL	int(7)			select			NULL
+def	information_schema	AUTHINFO	INFO	5		YES	varchar	21845	65535	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(65535)			select			NULL
 def	information_schema	CHARACTER_SETS	CHARACTER_SET_NAME	1	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(64)			select			NULL
 def	information_schema	CHARACTER_SETS	DEFAULT_COLLATE_NAME	2	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(64)			select			NULL
 def	information_schema	CHARACTER_SETS	DESCRIPTION	3	NULL	NO	varchar	2048	6144	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(2048)			select			NULL
@@ -458,6 +463,11 @@ WHERE table_schema = 'information_schema'
 AND table_name <> 'PROFILING' AND table_name not like 'INNODB_%' AND table_name not like 'ndb%'
 ORDER BY TABLE_SCHEMA, TABLE_NAME COLLATE utf8_general_ci, ORDINAL_POSITION;
 COL_CML	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	DATA_TYPE	CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH	CHARACTER_SET_NAME	COLLATION_NAME	COLUMN_TYPE
+NULL	information_schema	AUTHINFO	ID	bigint	NULL	NULL	NULL	NULL	bigint(21) unsigned
+3.2000	information_schema	AUTHINFO	USER	varchar	10	32	utf8	utf8_general_ci	varchar(32)
+3.0476	information_schema	AUTHINFO	HOST	varchar	21	64	utf8	utf8_general_ci	varchar(64)
+NULL	information_schema	AUTHINFO	SSL	int	NULL	NULL	NULL	NULL	int(7)
+3.0000	information_schema	AUTHINFO	INFO	varchar	21845	65535	utf8	utf8_general_ci	varchar(65535)
 3.0000	information_schema	CHARACTER_SETS	CHARACTER_SET_NAME	varchar	64	192	utf8	utf8_general_ci	varchar(64)
 3.0000	information_schema	CHARACTER_SETS	DEFAULT_COLLATE_NAME	varchar	64	192	utf8	utf8_general_ci	varchar(64)
 3.0000	information_schema	CHARACTER_SETS	DESCRIPTION	varchar	2048	6144	utf8	utf8_general_ci	varchar(2048)

mysql-test/suite/funcs_1/r/is_columns_is_cs.result

@@ -6,6 +6,11 @@ ORDER BY table_schema,
 table_name COLLATE utf8_general_ci,
 ordinal_position;
 TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	ORDINAL_POSITION	COLUMN_DEFAULT	IS_NULLABLE	DATA_TYPE	CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH	NUMERIC_PRECISION	NUMERIC_SCALE	DATETIME_PRECISION	CHARACTER_SET_NAME	COLLATION_NAME	COLUMN_TYPE	COLUMN_KEY	EXTRA	PRIVILEGES	COLUMN_COMMENT	GENERATION_EXPRESSION	SRS_ID
+def	information_schema	AUTHINFO	ID	1		NO	bigint	NULL	NULL	NULL	NULL	NULL	NULL	NULL	bigint(21) unsigned			select			NULL
+def	information_schema	AUTHINFO	USER	2		NO	varchar	10	32	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(32)			select			NULL
+def	information_schema	AUTHINFO	HOST	3		NO	varchar	21	64	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(64)			select			NULL
+def	information_schema	AUTHINFO	SSL	4		NO	int	NULL	NULL	NULL	NULL	NULL	NULL	NULL	int(7)			select			NULL
+def	information_schema	AUTHINFO	INFO	5		YES	varchar	21845	65535	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(65535)			select			NULL
 def	information_schema	CHARACTER_SETS	CHARACTER_SET_NAME	1	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(64)			select			NULL
 def	information_schema	CHARACTER_SETS	DEFAULT_COLLATE_NAME	2	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(64)			select			NULL
 def	information_schema	CHARACTER_SETS	DESCRIPTION	3	NULL	NO	varchar	2048	6144	NULL	NULL	NULL	utf8	utf8_general_ci	varchar(2048)			select			NULL
@@ -458,6 +463,11 @@ WHERE table_schema = 'information_schema'
 AND table_name <> 'PROFILING' AND table_name not like 'INNODB_%' AND table_name not like 'ndb%'
 ORDER BY TABLE_SCHEMA, TABLE_NAME COLLATE utf8_general_ci, ORDINAL_POSITION;
 COL_CML	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	DATA_TYPE	CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH	CHARACTER_SET_NAME	COLLATION_NAME	COLUMN_TYPE
+NULL	information_schema	AUTHINFO	ID	bigint	NULL	NULL	NULL	NULL	bigint(21) unsigned
+3.2000	information_schema	AUTHINFO	USER	varchar	10	32	utf8	utf8_general_ci	varchar(32)
+3.0476	information_schema	AUTHINFO	HOST	varchar	21	64	utf8	utf8_general_ci	varchar(64)
+NULL	information_schema	AUTHINFO	SSL	int	NULL	NULL	NULL	NULL	int(7)
+3.0000	information_schema	AUTHINFO	INFO	varchar	21845	65535	utf8	utf8_general_ci	varchar(65535)
 3.0000	information_schema	CHARACTER_SETS	CHARACTER_SET_NAME	varchar	64	192	utf8	utf8_general_ci	varchar(64)
 3.0000	information_schema	CHARACTER_SETS	DEFAULT_COLLATE_NAME	varchar	64	192	utf8	utf8_general_ci	varchar(64)
 3.0000	information_schema	CHARACTER_SETS	DESCRIPTION	varchar	2048	6144	utf8	utf8_general_ci	varchar(2048)

mysql-test/suite/funcs_1/r/is_tables_is.result

@@ -17,6 +17,29 @@ AND table_name not like 'ndb%'
 ORDER BY table_schema,table_name COLLATE utf8_general_ci;
 TABLE_CATALOG	def
 TABLE_SCHEMA	information_schema
+TABLE_NAME	AUTHINFO
+TABLE_TYPE	SYSTEM VIEW
+ENGINE	NULL
+VERSION	10
+ROW_FORMAT	NULL
+TABLE_ROWS	#TBLR#
+AVG_ROW_LENGTH	#ARL#
+DATA_LENGTH	#DL#
+MAX_DATA_LENGTH	#MDL#
+INDEX_LENGTH	#IL#
+DATA_FREE	#DF#
+AUTO_INCREMENT	#AI#
+CREATE_TIME	#CRT#
+UPDATE_TIME	#UT#
+CHECK_TIME	#CT#
+TABLE_COLLATION	NULL
+CHECKSUM	NULL
+CREATE_OPTIONS	#CO#
+TABLE_COMMENT	#TC#
+user_comment	
+Separator	-----------------------------------------------------
+TABLE_CATALOG	def
+TABLE_SCHEMA	information_schema
 TABLE_NAME	CHARACTER_SETS
 TABLE_TYPE	SYSTEM VIEW
 ENGINE	NULL
@@ -818,6 +841,29 @@ AND table_name not like 'ndb%'
 ORDER BY table_schema,table_name COLLATE utf8_general_ci;
 TABLE_CATALOG	def
 TABLE_SCHEMA	information_schema
+TABLE_NAME	AUTHINFO
+TABLE_TYPE	SYSTEM VIEW
+ENGINE	NULL
+VERSION	10
+ROW_FORMAT	NULL
+TABLE_ROWS	#TBLR#
+AVG_ROW_LENGTH	#ARL#
+DATA_LENGTH	#DL#
+MAX_DATA_LENGTH	#MDL#
+INDEX_LENGTH	#IL#
+DATA_FREE	#DF#
+AUTO_INCREMENT	#AI#
+CREATE_TIME	#CRT#
+UPDATE_TIME	#UT#
+CHECK_TIME	#CT#
+TABLE_COLLATION	NULL
+CHECKSUM	NULL
+CREATE_OPTIONS	#CO#
+TABLE_COMMENT	#TC#
+user_comment	
+Separator	-----------------------------------------------------
+TABLE_CATALOG	def
+TABLE_SCHEMA	information_schema
 TABLE_NAME	CHARACTER_SETS
 TABLE_TYPE	SYSTEM VIEW
 ENGINE	NULL

mysql-test/t/information_schema_authinfo-client.opt

@@ -0,0 +1,4 @@
+--ssl-mode=VERIFY_CA
+--ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem
+--ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem
+--ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem

mysql-test/t/information_schema_authinfo-master.opt

@@ -0,0 +1,4 @@
+--ssl=1
+--ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem
+--ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert.pem
+--ssl-key=$MYSQL_TEST_DIR/std_data/server-key.pem

mysql-test/t/information_schema_authinfo.test

@@ -0,0 +1,14 @@
+--source include/have_ssl.inc
+
+--echo #
+--echo # Test case for information_schema.authinfo table
+--echo # (SSL connection)
+--echo #
+
+--let $assert_text= SSL field for the current connection must be set to 1
+--let $assert_cond= [ SELECT `ssl` = 1 FROM information_schema.authinfo WHERE id = CONNECTION_ID() ]
+--source include/assert.inc
+
+--let $assert_text= Info field (peer certificate) for the current connection must be non-empty
+--let $assert_cond= [ SELECT LENGTH(info) > 0 FROM information_schema.authinfo WHERE id = CONNECTION_ID() ]
+--source include/assert.inc

mysql-test/t/information_schema_authinfo_nossl.test

@@ -0,0 +1,12 @@
+--echo #
+--echo # Test case for information_schema.authinfo table
+--echo # (non-SSL connection)
+--echo #
+
+--let $assert_text= SSL field for the current connection must be set to 0
+--let $assert_cond= [ SELECT `ssl` = 0 FROM information_schema.authinfo WHERE id = CONNECTION_ID() ]
+--source include/assert.inc
+
+--let $assert_text= Info field (peer certificate) for the current connection must be NULL
+--let $assert_cond= [ SELECT info IS NULL FROM information_schema.authinfo WHERE id = CONNECTION_ID() ]
+--source include/assert.inc

sql/auth/sql_authentication.cc

@@ -1843,9 +1843,6 @@ static bool read_client_connect_attrs(char **ptr, size_t *max_bytes_available,
   return false;
 }
 
-typedef std::string Sql_string_t;
-static Sql_string_t x509_cert_write(X509 *cert);
-
 static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user) {
 #if defined(HAVE_OPENSSL)
   Vio *vio = thd->get_protocol_classic()->get_vio();
@@ -1877,7 +1874,6 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user) {
       if (vio_type(vio) == VIO_TYPE_SSL &&
           SSL_get_verify_result(ssl) == X509_V_OK &&
           (cert = SSL_get_peer_certificate(ssl))) {
-        thd->set_connection_certificate(x509_cert_write(cert));
         X509_free(cert);
         return 0;
       }
@@ -1927,7 +1923,6 @@ static bool acl_check_ssl(THD *thd, const ACL_USER *acl_user) {
         }
         OPENSSL_free(ptr);
       }
-      thd->set_connection_certificate(x509_cert_write(cert));
       X509_free(cert);
       return 0;
 #else  /* HAVE_OPENSSL */
@@ -3374,6 +3369,8 @@ int acl_authenticate(THD *thd, enum_server_command command) {
       DBUG_RETURN(1);
     }
 
+    thd->update_connection_certificate();
+
     /*
       Check whether the account has been locked.
     */
@@ -4167,6 +4164,8 @@ static SYS_VAR *sha256_password_sysvars[] = {
     MYSQL_SYSVAR(private_key_path), MYSQL_SYSVAR(public_key_path),
     MYSQL_SYSVAR(auto_generate_rsa_keys), 0};
 
+typedef std::string Sql_string_t;
+
 /**
   Exception free resize
 

sql/sql_audit.cc

@@ -380,8 +380,9 @@ int mysql_audit_notify(THD *thd, mysql_event_general_subclass_t subclass,
   event.general_sql_command = sql_statement_names[thd->lex->sql_command];
   event.affected_rows = thd->get_row_count_func();
   event.port = mysqld_port;
-  event.connection_certificate.str = thd->connection_certificate().c_str();
-  event.connection_certificate.length = thd->connection_certificate().size();
+  event.connection_certificate.str = thd->get_connection_certificate().c_str();
+  event.connection_certificate.length =
+      thd->get_connection_certificate().size();
 
   thd_get_audit_query(thd, &event.general_query,
                       (const CHARSET_INFO **)&event.general_charset);