Bug #11169 SSL certificate problem / server crash?
Submitted: 8 Jun 2005 12:28 Modified: 1 Jul 2005 12:42
Reporter: Joerg Bruehe Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.7-pre OS:FreeBSD (FreeBSD 4.7 + Linux/x86)
Assigned to: Kent Boortz CPU Architecture:Any

[8 Jun 2005 12:28] Joerg Bruehe
Description:
Build of 5.0.7, based on ChangeSet
  1.1940.1.1 05/06/07 08:23:46 igor@rurik.mysql.com +3 -0
  Merge rurik.mysql.com:/home/igor/dev/mysql-4.1-0
  into rurik.mysql.com:/home/igor/dev/mysql-5.0-0

Test "func_encrypt" fails, different symptoms by platform:

=== FreeBSD 4.7, both with its own threads and Linuxthreads ===
func_encrypt                   [ fail ]

Errors are (from /usr/home/mysqldev/cane/test/mysql-max-5.0.7-beta-freebsd4.7-i386/mysql-test/var/log/mysqltest-time) :
Error when connection to server using SSL:Unable to get certificate from '/usr/home/mysqldev/cane/test/mysql-max-5.0.7-beta-freebsd4.7-i386/SSL/client-cert.pem'
/usr/home/mysqldev/cane/test/mysql-max-5.0.7-beta-freebsd4.7-i386/bin/mysqltest: At line 8: unable to execute statement 'insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','The quick red fox jumped over the lazy brown dog'))': Lost connection to MySQL server during query (mysql_stmt_errno=2013 returned=1)
(the last lines may be the most important ones)

Ending Tests

=== Linux / s390 ===
func_encrypt                   [ fail ]

Errors are (from /xspace/mysqldev/etpglb0/test/mysql-max-5.0.7-beta-linux-s390/mysql-test/var/log/mysqltest-time) :
Error when connection to server using SSL:Unable to get certificate from '/xspace/mysqldev/etpglb0/test/mysql-max-5.0.7-beta-linux-s390/SSL/client-cert.pem'
/xspace/mysqldev/etpglb0/test/mysql-max-5.0.7-beta-linux-s390/bin/mysqltest: At line 73: Result length mismatch
(the last lines may be the most important ones)
Below are the diffs between actual and expected results:
-------------------------------------------------------
*** r/func_encrypt.result       Tue Jun  7 20:31:20 2005
--- r/func_encrypt.reject       Wed Jun  8 07:16:39 2005
***************
*** 42,87 ****
  insert into t1 values (des_encrypt('jumped over the lazy brown dog','sabakala'));
  select hex(x), hex(des_decrypt(x,'sabakala')) from t1;
  hex(x)        hex(des_decrypt(x,'sabakala'))
! FFA185A4656D113445E31D7A5B31BB57671A4CA9E21E63FE5D9C801E0CC7AA6190C13E269C2AE8D8060D3FB3FEA94FEC7FB006B9DCAC3E3E41    NULL
! FFC620C3B84E926A54    NULL
.....
! FF8333F3DD21E4488F967E03DD12394813A49F72848BB49473D3CB1C8A1AACF220    6A756D706564206F76657220746865206C617A792062726F776E20646F67
! FF8333F3DD21E4488F967E03DD12394813A49F72848BB49473D3CB1C8A1AACF220    6A756D706564206F76657220746865206C617A792062726F776E20646F67
  select des_decrypt(x,'sabakala') as s from t1 having s like '%dog%';
  s
  The quick red fox jumped over the lazy brown dog
--- 42,87 ----
  insert into t1 values (des_encrypt('jumped over the lazy brown dog','sabakala'));
  select hex(x), hex(des_decrypt(x,'sabakala')) from t1;
  hex(x)        hex(des_decrypt(x,'sabakala'))
! FFF32364F6D5A6B4C0224CE76F4D6C37B5516B6D98FC14DD0F5AD7A08654ABD265A8FF74FFDE41397E3AFED71E2CC1987F3D08E0AB05FC706D    NULL
! FFF7AF6EFDC4C15FF2    NULL
.....
! FFB021F0E18123643A9F4A7910A34473DB7B18E6D9F834322384A8956F6108A677    6A756D706564206F76657220746865206C617A792062726F776E20646F67
! FFB021F0E18123643A9F4A7910A34473DB7B18E6D9F834322384A8956F6108A677    6A756D706564206F76657220746865206C617A792062726F776E20646F67
  select des_decrypt(x,'sabakala') as s from t1 having s like '%dog%';
  s
  The quick red fox jumped over the lazy brown dog
***************
*** 104,110 ****
  drop table t1;
  select hex(des_encrypt("hello")),des_decrypt(des_encrypt("hello"));
  hex(des_encrypt("hello"))     des_decrypt(des_encrypt("hello"))
! 85D6DC8859F9759BBB    hello
  select des_decrypt(des_encrypt("hello",4));
  des_decrypt(des_encrypt("hello",4))
  hello
--- 104,110 ----
  drop table t1;
  select hex(des_encrypt("hello")),des_decrypt(des_encrypt("hello"));
  hex(des_encrypt("hello"))     des_decrypt(des_encrypt("hello"))
! 8549356AB2FBEAEC8B    hello
  select des_decrypt(des_encrypt("hello",4));
  des_decrypt(des_encrypt("hello",4))
  hello
***************
*** 113,119 ****
  hello
  select hex(des_encrypt("hello")),hex(des_encrypt("hello",5)),hex(des_encrypt("hello",'default_password'));
  hex(des_encrypt("hello"))     hex(des_encrypt("hello",5))     hex(des_encrypt("hello",'default_password'))
! 85D6DC8859F9759BBB    85D6DC8859F9759BBB      FFD6DC8859F9759BBB
  select des_decrypt(des_encrypt("hello"),'default_password');
  des_decrypt(des_encrypt("hello"),'default_password')
  hello
--- 113,119 ----
  hello
  select hex(des_encrypt("hello")),hex(des_encrypt("hello",5)),hex(des_encrypt("hello",'default_password'));
  hex(des_encrypt("hello"))     hex(des_encrypt("hello",5))     hex(des_encrypt("hello",'default_password'))
! 8549356AB2FBEAEC8B    8549356AB2FBEAEC8B      FF49356AB2FBEAEC8B
  select des_decrypt(des_encrypt("hello"),'default_password');
  des_decrypt(des_encrypt("hello"),'default_password')
  hello
-------------------------------------------------------

How to repeat:
Build + test.
[8 Jun 2005 12:59] Joerg Bruehe
More similar / related problems in test "rpl000001" on even more platforms (bsd53, cane, s390, hammer, quadita2):

rpl000001                      [ fail ]

Errors are (from /home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/mysql-test/var/log/mysqltest-time) :
Error when connection to server using SSL:Unable to get certificate from '/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/SSL/client-cert.pem'
Error when connection to server using SSL:Unable to get certificate from '/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/SSL/client-cert.pem'
Error when connection to server using SSL:Unable to get certificate from '/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/SSL/client-cert.pem'
Error when connection to server using SSL:Unable to get certificate from '/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/SSL/client-cert.pem'
Error when connection to server using SSL:Unable to get certificate from '/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/SSL/client-cert.pem'
/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/bin/mysqltest: At line 6: query 'load data local infile '/home/mysqldev/quadita2-glibc23/test/mysql-max-5.0.7-beta-linux-ia64-glibc23/mysql-test/std_data/words.dat' into table t1' failed: 1148: The used command is not allowed with this MySQL version
(the last lines may be the most important ones)

Similar problem on the same platforms in "rpl_loaddatalocal" and "rpl_misc_functions".
[10 Jun 2005 9:30] Joerg Bruehe
New build, based on ChangeSet
  1.1950 05/06/09 16:53:08 kent@mysql.com +12 -0
  Many files:
    More yaSSL changes in Visual Studio 6 project files

The certificate files are now present and can be accessed, but we still have crashes on "build" and on "cane" (both native and Linuxthreads):

func_encrypt                   [ fail ]

Errors are (from /build/mysqldev/build/test/mysql-debug-5.0.7-beta-linux-i686/mysql-test/var/log/mysqltest-time) :
/build/mysqldev/build/test/mysql-debug-5.0.7-beta-linux-i686/bin/mysqltest: At line 8: query 'insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','The quick red fox jumped over the lazy brown dog'))' failed: 2013: Lost connection to MySQL server during query
(the last lines may be the most important ones)

Ending Tests

In the '--ps-protocol' test, it happens in the "execute" phase.