Bug #108929 SSL Connection error using SslMode=VerifyCA
Submitted: 29 Oct 2022 17:56 Modified: 2 Dec 2022 12:18
Reporter: William Chiquito Email Updates:
Status: Duplicate Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:8.0.31 OS:Ubuntu
Assigned to: CPU Architecture:Any
Tags: SSL connection error

[29 Oct 2022 17:56] William Chiquito
Description:
From a PowerShell script when trying to establish a connection using SslMode=VerifyCA option, an error is generated.

Certificates: Created automatically by the server (self-signed).

How to repeat:
* MySQL Server 8.0.31

[mysqld]
...
ssl
ssl-ca                   = /path/to/certs/ca.pem
ssl-cert                 = /path/to/certs/server-cert.pem
ssl-key                  = /path/to/certs/server-key.pem
require-secure-transport = on
...

* Connector/NET 8.0.31 from PowerShell

File: /path/to/script/test.ps1

Add-Type -Path '/path/to/dll/MySql.Data.dll'

$Query="SELECT VARIABLE_NAME, VARIABLE_VALUE FROM performance_schema.session_status WHERE VARIABLE_NAME IN ('Ssl_version','Ssl_cipher');"

$Connection = [MySql.Data.MySqlClient.MySqlConnection]@{ConnectionString='server=127.0.0.1;port=8031;uid=sslclient;pwd=sslclient;SslMode=VerifyCA;SslCa=/path/to/certs/ca.pem'}

$Connection.Open()

$Command = New-Object MySql.Data.MySqlClient.MySqlCommand($Query, $Connection)
$DataAdapter = New-Object MySql.Data.MySqlClient.MySqlDataAdapter($Command)
$DataSet = New-Object System.Data.DataSet
$RecordCount = $dataAdapter.Fill($dataSet, "data")
$DataSet.Tables[0]

$Connection.Close()

* PowerShell:

PS /path/to/script>./test.ps1
MethodInvocationException: /path/to/script/test.ps1:7
Line |
   7 |  $Connection.Open()
     |  ~~~~~~~~~~~~~~~~~~
     | Exception calling "Open" with "0" argument(s): "SSL Connection error."

MethodInvocationException: /path/to/script/test.ps1:12
Line |
  12 |  $RecordCount = $dataAdapter.Fill($dataSet, "data")
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling "Fill" with "2" argument(s): "SSL Connection error."

* Bash:

$ mysql -h 127.0.0.1 -P 8031 -u sslclient -psslclient --ssl-mode=VERIFY_CA --ssl-ca=/path/to/certs/ca.pem
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 8.0.31 MySQL Community Server - GPL

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
[2 Dec 2022 12:18] MySQL Verification Team
Hello William Chiquito,

Thank you for the bug report.
Imho this is duplicate of Bug #95436, please see Bug #95436.

Regards,
Ashwini Patil