Bug #13164 yassl: "SSL connection error" on several platforms
Submitted: 14 Sep 2005 6:36 Modified: 21 Dec 2005 12:59
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version: OS:HP/UX (HPUX 11, Solaris 8)
Assigned to: Magnus Blåudd CPU Architecture:Any

[14 Sep 2005 6:36] Magnus Blåudd
Description:
All tests fail with error "SSL connection error" when running mysql-test-run on QNX 6.2 compiled with yassl and the --with-openssl flag.

How to repeat:
10368: alias                           [ fail ]
10369: Errors are (from /home/mysqldev/buildqnx2/test/mysql-standard-5.0.13-beta-yassl-nto-qnx6.2.1-i386/mysql-test/var/log/mysqltest-time) :
10370: mysqltest: At line 0: Failed in mysql_real_connect(): SSL connection error
10371: (the last lines may be the most important ones)
10372: 
10373: Ending Tests
10374: Shutting-down MySQL daemon
10375: 
10376: Master(s) shutdown finished
10377: Slave(s) shutdown finished
10378: Resuming Tests
[14 Sep 2005 12:20] Magnus Blåudd
This problem is caused by missing "/dev/urandom" on some platforms.

Will add better error message to indicate the problem.

For example HP UX 11 have a "strong random number generator" called KRNG11 that can be installed to fix this problem.
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
[22 Sep 2005 7:23] Magnus Blåudd
There is also a patch for Solaris
http://sunsolve6.sun.com/search/document.do?assetkey=112438
[22 Sep 2005 10:19] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/30197
[22 Sep 2005 10:31] Magnus Blåudd
Added a fix that tries to open /dev/random if /dev/urandom is not available. This fixes the problem on QNX but pacthes are still required for the other platforms.
[21 Oct 2005 8:44] Magnus Blåudd
The "HP-UX Strong Random Number Generator" can be retrieved from 
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
Overview

The Strong Random Number Generator provides a secure, non-reproducible source of true random numbers for applications with strong security requirements, such as for generating encryption keys. Generating encryption keys from a non-random source constitutes a security risk that can be removed with this product. The /dev/random and /dev/urandom special files are created during product installation. When configured to use these special files, applications such as SSH will have a more secure environment for perfoming cryptographic computations.
[21 Oct 2005 8:53] Magnus Blåudd
For Solaris versions that does not have /dev/urandom installed please use this patch
http://sunsolve6.sun.com/search/document.do?assetkey=112438
[21 Dec 2005 12:59] Jon Stephens
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

mented bugfix in 5.0.16 changelog. Updated Manual as suggested. Bug closed.