Bug #100055 SSL tests are failing because of an expired certificate
Submitted: 1 Jul 2020 6:06 Modified: 1 Jul 2020 13:15
Reporter: Erlend Dahl Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Security: Encryption Severity:S3 (Non-critical)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[1 Jul 2020 6:06] Erlend Dahl
CURRENT_TEST: auth_sec.admin_ssl_crl_crlpath
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2026 (HY000): SSL connection error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
mysqltest: At line 6: Command "$MYSQL --host= --port=$MASTER_ADMINPORT -uadmin_user -pabcd --ssl-mode=VERIFY_CA --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SELECT 1;"" failed.

How to repeat:
Run tests:


A31 > grep 2020 mysql-test/std_data/*.pem
mysql-test/std_data/crl-client-cert.pem:            Not After : Jun 30 12:14:10 2020 GMT
mysql-test/std_data/crl-client-revoked-cert.pem:            Not After : Jun 30 12:18:02 2020 GMT
mysql-test/std_data/crl-server-cert.pem:            Not After : Jun 30 12:10:59 2020 GMT

Suggested fix:
Upgrade the certificate
[1 Jul 2020 13:15] Paul DuBois
Posted by developer:
Fixed in 5.6.50, 5.7.32, 8.0.22.

Work was done for test suite. No changelog entry required.
[10 Sep 2020 8:33] Erlend Dahl
Bug#100765 Test cases of ssl failed because of expired certificates

was marked as a duplicate.
[1 Nov 2020 9:26] Erlend Dahl
Bug#101098 main.ssl_crl and tests using the crl certificates are failing

was marked as a duplicate.