Bug #50075 disabling SSL server cert verification in client has no effect
Submitted: 5 Jan 2010 7:12 Modified: 12 Feb 2010 7:26
Reporter: Arkadiusz Miskiewicz (Basic Quality Contributor) Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.1.42 OS:Any
Assigned to: CPU Architecture:Any
Tags: qc

[5 Jan 2010 7:12] Arkadiusz Miskiewicz 
Description:
My mysql server has currently expired SSL certificate. I'm trying to connect to it using SSL with 5.1.42 client.

I use --ssl-verify-server-cert=false since the cert has expired. Unfortunately this has no effect:

mysql --ssl-verify-server-cert=false -u arekm -p -h somehost
Enter password:
ERROR 2026 (HY000): SSL connection error

How to repeat:
1. Setup mysql server with invalid SSL cert (expired or for wrong domain name).
2. Try to connect to it using --ssl-verify-server-cert=false option

Suggested fix:
Fix that option to allow connection even if cert is invalid (expired/for wrong domain name etc).
[12 Feb 2010 7:26] Sveta Smirnova 
Thank you for the report.

According to http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html#option_general_ssl-verify-server-c...: "It causes the server's Common Name value in the certificate that the server sends to the client to be verified against the host name that the client uses for connecting to the server, and the connection is rejected if there is a mismatch."

So this option has nothing to do with expired certificates. Closing as "Not a Bug"
[8 Jan 2024 9:46] Antonio Bardazzi 
Maybe it's wise to move that on a feature request because is useful to have a client side option to skip date validation.