| Bug #59630 | SSL CA File is not checked | ||
|---|---|---|---|
| Submitted: | 20 Jan 2011 12:42 | Modified: | 28 Mar 2011 23:14 |
| Reporter: | Daniël van Eeden | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Errors | Severity: | S2 (Serious) |
| Version: | 5.1.50, 5.5.8, 5.0 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | SSL | ||
[3 Mar 2011 19:17]
Kristofer Pettersson
I'm looking at this.
[28 Mar 2011 23:14]
Sveta Smirnova
Thank you for the report. Verified as described.
[24 Apr 2017 22:18]
Daniël van Eeden
With 5.7.18 this happens if you remove/rename data/ca.pem 2017-04-24T22:16:06.191791Z 0 [Warning] Failed to set up SSL because of the following SSL library error: SSL context is not usable without certificate and private key Not the best error message, but the behaviour is better
Description: When the ssl-ca for mysqld is set to an incorrect path then mysqld will startup without error. The client has a valid ssl-ca setting. Then client SSL connections will fail with the following error: "ERROR 2026 (HY000): SSL connection error" Using wireshark the TLS 1.0 error can be found: "Unknown CA (48)" From a strace (path replaced for privacy): open("/path/to/ca-cert.pm", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) How to repeat: Set ssl-ca to an invalid path for the server and a valid path for the client Try to connect using SSL. Suggested fix: Check if ssl-ca file is readable on startup and log an error if that's not the case.