| Bug #59635 | SSL Status variables not correct | ||
|---|---|---|---|
| Submitted: | 20 Jan 2011 14:09 | Modified: | 9 May 2011 14:07 |
| Reporter: | Daniël van Eeden | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
| Version: | 5.5.8, 5.0.92, 5.1.57, 5.6.3 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | SSL | ||
[20 Jan 2011 14:09]
Daniël van Eeden
[28 Mar 2011 22:33]
Sveta Smirnova
Thank you for the report. Verified as described.
[9 May 2011 8:46]
Daniël van Eeden
I think this is partly fixed by http://lists.mysql.com/commits/132818 from Bug #52596 This doesn't seem to be a complete fix.
[9 May 2011 11:15]
Davi Arnaut
yaSSL does not support _various_ counters/statuses that OpenSSL has. Use OpenSSL if you want these...
[9 May 2011 11:27]
Daniël van Eeden
This is using OpenSSL. If a status variable is not supported it should be an empty string instead of the value 0.
[9 May 2011 11:33]
Davi Arnaut
> This is using OpenSSL. SSL_accepts is taken from OpenSSL's SSL_CTX_sess_accept() function, which is documented to "return the number of started SSL/TLS handshakes in server mode". Could you double check if the server is linked with OpenSSL and that there are actually started SSL connections? > If a status variable is not supported it should be an empty string instead of the value 0. No, because the value needs to match the type of the status variable. The type of this status variable is integer, not a string. This is long established behavior.
[9 May 2011 11:36]
Davi Arnaut
> And the documentation for Ssl_version doesn't state that it's not only the version, > but also the protocol (e.g. 'TLSv1') The documentation is wrong. SSL_get_version() is used for this, which returns "the protocol version of a connection."
[9 May 2011 12:09]
Daniël van Eeden
Output for MySQL 5.6
Attachment: mysql5.6_ssl.txt (text/plain), 9.71 KiB.
[9 May 2011 12:13]
Daniël van Eeden
Created Bug #61098 for the documentation issue with Ssl_version.
[9 May 2011 12:14]
Davi Arnaut
> Server version: 5.6.3-m5 MySQL Community Server (GPL) Our binaries are compiled with yaSSL. > have_openssl | YES have_openssl is just an alias for have_ssl.
[9 May 2011 12:49]
Daniël van Eeden
SSL 5.6 replication
Attachment: mysql5.6_ssl_rep.txt (text/plain), 13.79 KiB.
[9 May 2011 13:52]
Daniël van Eeden
MySQL 5.6 -DWITH_SSL=system
Attachment: mysql5.6_ssl_openssl.txt (text/plain), 11.74 KiB.
[9 May 2011 13:55]
Daniël van Eeden
If have_openssl=Yes while openssl is not support this is at least confusing. What is the official way to determine if yassl or openssl is used? MySQL compiled with -DWITH_SSL=system then the variables seem to be correct.
[9 May 2011 14:07]
Daniël van Eeden
The Ssl_default_timeout is very different between YaSSL and OpenSSL. Is this something that needs to be configured?
[10 May 2011 13:43]
Davi Arnaut
> What is the official way to determine if yassl or openssl is used? Unfortunately, there isn't one. > The Ssl_default_timeout is very different between YaSSL and OpenSSL. > Is this something that needs to be configured? If you want a specific session timeout, yes.
[14 May 2013 9:47]
Laurynas Biveinis
Is this a duplicate of bug 20040?
[14 May 2013 10:27]
Daniël van Eeden
> Is this a duplicate of bug 20040? I believe it is.
