Description:
Offspring from Bug#29753

Even if no grants require client certificate, OpenSSL'ish SSL support in MySQL will reject connections from clients with no certificate:

$ mysql --ssl-ca=...

T@5    : | | <vio_init
T@5    : | | info: ssl: 0x350e170  timeout: 5
T@5    : | | error: SSL_accept failure
T@5    : | | >report_errors
T@5    : | | | error: OpenSSL: error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did not respond with certificate list:s3_srvr.c:1930:

T@5    : | | | error: error: error:00000005:lib(0):func(0):DH lib
T@5    : | | | info: socket_errno: 0
T@5    : | | <report_errors

This is opposite from YaSSL, which allows such connections, unless key requirements are set in GRANT statement.

How to repeat:
-

Suggested fix:
-

apparently that happens when connecting with YaSSL client. OpenSSL client without certificates works.

I can confirm that.

Server ( 5.0.68-log) compiled with openssl.

Client (compiled with openssl):
mysql -u slave -h foobar -p --ssl-ca=/dev/null
Enter password: 
Welcome to the MySQL monitor.
Your MySQL connection id is 14
...

Client (compiled with yassl):
mysql -u slave -h foobar -p --ssl-ca=/dev/null
Enter password:
ERROR 2026 (HY000): SSL connection error

Simply wrong.

What I want to add is that debugging of SSL connection errors in MySQL is damn hard.

Related to #40141 (maybe duplicate).

Bug #40141, which has patch attached, has marked as duplicate of this one.

Any updates on this 2007 community bug?

Expect 5.5 and 5.6 to be affected also?

Fixed as part of Bug #68788
Version Fixed:	mysql-5.5.37

Fixed in mysql-5.6.17

当我使用mysql-5.7.24连接mysql-8.0.33时，仍然发生ssl错误。
更换客户端版本后错误消失