| Bug #20040 | SSL connections do not affect SSL statistics in STATUS output | ||
|---|---|---|---|
| Submitted: | 24 May 2006 10:46 | Modified: | 28 Feb 2007 22:25 |
| Reporter: | Domas Mituzas | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Options | Severity: | S3 (Non-critical) |
| Version: | 5.1-bk, 5.0.38 | OS: | Any (*) |
| Assigned to: | CPU Architecture: | Any | |
[24 May 2006 10:46]
Domas Mituzas
[25 Feb 2007 21:48]
MySQL Verification Team
searching the source code, I don't see any place where void yaSSL::SSL_CTX::IncrementStats method is called.
[17 Dec 2009 21:55]
Michael Weck
This is also an issue with openssl mysql version 5.0.51a-24+lenny2-log (debian lenny distribution) All ssl_* stats in status are 0
[14 May 2013 9:47]
Laurynas Biveinis
Is bug 59635 a duplicate?
[12 Jan 2017 10:02]
Daniël van Eeden
This also affects 5.6, 5.7, 8.0. Monitoring for (almost) expiring SSL certificates is diffucult because the Ssl_server_not_after status variable remains empty.
[12 Jan 2017 15:32]
Daniël van Eeden
5.7 w/ YaSSL actually does show Ssl_server_not_after and Ssl_server_not_before.
Related commit:
commit 18ce7f96b21c2be1beb38e6835567e1780f2a6f5
Author: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
Date: Tue Mar 29 11:01:07 2011 +0300
Bug #11764778: server feature request - expose ssl certificate details
in show global st
There was no easy way to get the expiration dates of the server's
certificate.
Implemented two session status variables (Ssl_server_not_before and
Ssl_server_not_after) with the same scope as e.g. Ssl_verify_depth to
return the two dates in a format similar to OpenSSL's ASN1_TIME_print.
Since yaSSL doesn't preserve the parsed server certificate beyond
reading it, the diff extends yaSSL to preserve it and return it
through SSL_get_certificate(). Also fixed the storage of the
certificate expiration dates to have the ASN1_TIME subtype.
Implemented an yaSSL specific extension function
yaSSL_ASN1_TIME_to_string() to return the string representation of the
date in an ASN1_TIME in a format similar to OpenSSL's format.
Created a wrapper in MySQL to call either ASN1_TIME_print() or
yaSSL_ASN1_TIME_to_string() depending on the library type.
Did some type cleanups of some of the internal yaSSL functions.
Test case added.
This commit was around 5.6.3-m5.
commit 1ffd2ad62219dd24a54542f8b98a1cd9be96fbb5
Author: Georgi Kodinov <georgi.kodinov@oracle.com>
Date: Fri Mar 27 15:08:03 2015 +0200
Bug #20648276 SSL-RELATED GLOBAL STATUS INFORMATION ONLY AVAILABLE
WHEN CONNECTED USING --SSL
* Created a read-only SSL context to allow reading of the
SSL attributes for the server SSL Context
* Used the new read-only SSL context instead of the connected
SSL context in Ssl_server_not_before/Ssl_server_not_after.
* Test case added.
* Fixed a non-unix line ending in ha_federated.cc
This commit was around 5.7.8-rc.
So that's why this doesn't work with 5.6.x unless using SSL to connect.
