Description:
It appears that the MySQL community utilities cannot connect to a MySQL Enterprise 5.6.x server with SSL configured.  This is not an issue when connecting to a 5.5.x Enterprise server with SSL configured.  The client must also be at version 5.6.x for SSL connections to succeed.

This will cause issues if the standard Red Hat packages are installed on a system and SSL connection attempts are made to a MySQL Enterprise 5.6.x server.

I hope that this is an oversight and not the intended design.

How to repeat:
This can be repeated by attempting to connect to a MySQL Enterprise 5.6.x server with SSL configured using a pre-5.6.x MySQL client or a community 5.6.x MySQL client using the "--ssl-ca" parameter.

For clarification in the line "The client must also be at version 5.6.x for SSL connections to succeed", the client that succeeds connecting to an SSL enabled server is the Enterprise client.

I am changing this to a critical issue because I feel it is warranted.

Hello Jonathan,

Thank you for the report.
Verified as described.

Thanks,
Umesh

Test case..

Attachment: 68788.txt (text/plain), 14.01 KiB.

http://bugs.mysql.com/bug.php?id=68787 marked as duplicate of this one.

Noted in 5.5.37, 5.6.17, 5.7.4 changelogs.

MySQL client programs from a Community Edition distribution could not
connect using SSL to a MySQL server from an Enterprise Edition. This
was due to a difference in certificate handling by yaSSL and OpenSSL
(used for Community and Enterprise, respectively). OpenSSL expected a
blank certificate to be sent when not all of the --ssl-ca,
--ssl-cert, and --ssl-key options were specified, and yaSSL did not
do so. To resolve this, yaSSL has been modified to send a blank
certificate when an option is missing.

Noted in Connector/C 6.1.4 changelog.

5.5$ bzr log -r 4574
------------------------------------------------------------
revno: 4574
committer: Anirudh Mangipudi <anirudh.mangipudi@oracle.com>
branch nick: yassl-5.5
timestamp: Wed 2014-01-08 18:31:42 +0530
message:
  Bug#16715064 MYSQL COMMUNITY UTILITIES CANNOT CONNECT TO MYSQL ENTERPRISE
  WITH SSL ENABLED
  Problem:
  It was reported that MySQL community utilities cannot connect to a MySQL
  Enterprise 5.6.x server with SSL configured. We can reproduce the issue
  when we try to connect an MySQL Enterprise Server with a MySQL Client with
  --ssl-ca parameter enabled.
  We get an ERROR 2026 (HY000): SSL connection error: unknown error number.
  
  Solution:
  The root cause of the problem was determined to be the difference in handling
  of the certificates by OpenSSL(Enterprise) and yaSSL(Community). OpenSSL expects
  a blank certificate to be sent when a parameter (ssl-ca, or ssl-cert or ssl-key)
  has not been specified.On the other hand yaSSL doesn't send any certificate and 
  since OpenSSL does not expect this behaviour it returns an Unknown SSL error.
  The issue was resolved by yaSSL adding capability to send blank certificate when
  any of the parameter is missing.

I upgraded to 5.6.17 on a test database server and attempted to connect with the following client versions.  Are there any additional tasks that must be completed after the upgrade to support older clients or is this the expected result?

MYSQL COMMAND
---------------------------------------------------------------------
mysql.exe --host=<host> --port=<port> --user=<user> --ssl-ca=<ssl-ca> -p

VERSION  PLATFORM   BITNESS  RESULT
-------  ---------  -------  ----------------------------------------
5.1.73   win        64       ERROR 2026 (HY000): SSL connection error
5.5.8    win        64       ERROR 2026 (HY000): SSL connection error
5.5.37   win        64       Connected Successfully
5.6.13   win        32       Connected Successfully

I am closing this again.  Oracle support confirmed that this is the expected behavior.  Client versions older than 5.5.37 will not include this bug fix.

Problem seen with WB 6.1.4 and MySQL 5.6.17 enterprise.