MySQL Bugs: #100055: SSL tests are failing because of an expired certificate

Bug #100055	SSL tests are failing because of an expired certificate
Submitted:	1 Jul 2020 6:06	Modified:	1 Jul 2020 13:15
Reporter:	Erlend Dahl	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Security: Encryption	Severity:	S3 (Non-critical)
Version:	8.0	OS:	Any
Assigned to:		CPU Architecture:	Any

Description:
CURRENT_TEST: auth_sec.admin_ssl_crl_crlpath
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2026 (HY000): SSL connection error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
mysqltest: At line 6: Command "$MYSQL --host=127.0.0.1 --port=$MASTER_ADMINPORT -uadmin_user -pabcd --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SELECT 1;"" failed.

How to repeat:
Run tests:

auth_sec.admin_ssl_crl_crlpath
auth_sec.admin_ssl_crl
auth_sec.server_withssl_client_withssl
main.ssl_crl_clients_valid
main.ssl_crl
main.ssl_crl_crlpath
main.ssl_ca

A31 > grep 2020 mysql-test/std_data/*.pem
mysql-test/std_data/crl-client-cert.pem:            Not After : Jun 30 12:14:10 2020 GMT
mysql-test/std_data/crl-client-revoked-cert.pem:            Not After : Jun 30 12:18:02 2020 GMT
mysql-test/std_data/crl-server-cert.pem:            Not After : Jun 30 12:10:59 2020 GMT

Suggested fix:
Upgrade the certificate

Posted by developer:
 
Fixed in 5.6.50, 5.7.32, 8.0.22.

Work was done for test suite. No changelog entry required.

Bug#100765 Test cases of ssl failed because of expired certificates

was marked as a duplicate.

Bug#101098 main.ssl_crl and tests using the crl certificates are failing

was marked as a duplicate.