Bug #13164 yassl: "SSL connection error" on several platforms
Submitted: 14 Sep 2005 8:36 Modified: 21 Dec 2005 13:59
Reporter: Magnus Blaudd
Status: Closed
Category:Server Severity:S3 (Non-critical)
Version: OS:HP/UX (HPUX 11, Solaris 8)
Assigned to: Magnus Blaudd Target Version:

[14 Sep 2005 8:36] Magnus Blaudd 
Description:
All tests fail with error "SSL connection error" when running mysql-test-run on QNX 6.2
compiled with yassl and the --with-openssl flag.

How to repeat:
10368: alias                           [ fail ]
10369: Errors are (from
/home/mysqldev/buildqnx2/test/mysql-standard-5.0.13-beta-yassl-nto-qnx6.2.1-i386/mysql-test/var/log/mysqltest-time)
:
10370: mysqltest: At line 0: Failed in mysql_real_connect(): SSL connection error
10371: (the last lines may be the most important ones)
10372: 
10373: Ending Tests
10374: Shutting-down MySQL daemon
10375: 
10376: Master(s) shutdown finished
10377: Slave(s) shutdown finished
10378: Resuming Tests
[14 Sep 2005 14:20] Magnus Blaudd 
This problem is caused by missing "/dev/urandom" on some platforms.

Will add better error message to indicate the problem.

For example HP UX 11 have a "strong random number generator" called KRNG11 that can be
installed to fix this problem.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
[22 Sep 2005 9:23] Magnus Blaudd 
There is also a patch for Solaris
http://sunsolve6.sun.com/search/document.do?assetkey=112438
[22 Sep 2005 12:19] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/30197
[22 Sep 2005 12:31] Magnus Blaudd 
Added a fix that tries to open /dev/random if /dev/urandom is not available. This fixes
the problem on QNX but pacthes are still required for the other platforms.
[21 Oct 2005 10:44] Magnus Blaudd 
The "HP-UX Strong Random Number Generator" can be retrieved from 
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
Overview

The Strong Random Number Generator provides a secure, non-reproducible source of true
random numbers for applications with strong security requirements, such as for generating
encryption keys. Generating encryption keys from a non-random source constitutes a
security risk that can be removed with this product. The /dev/random and /dev/urandom
special files are created during product installation. When configured to use these
special files, applications such as SSH will have a more secure environment for perfoming
cryptographic computations.
[21 Oct 2005 10:53] Magnus Blaudd 
For Solaris versions that does not have /dev/urandom installed please use this patch
http://sunsolve6.sun.com/search/document.do?assetkey=112438
[21 Dec 2005 13:59] Jon Stephens 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

mented bugfix in 5.0.16 changelog. Updated Manual as suggested. Bug closed.