Bug #353 replication permissions fail using stunnel
Submitted: 30 Apr 2003 22:21 Modified: 2 May 2003 9:03
Reporter: Zebee Johnstone Email Updates:
Status: Not a Bug Impact on me:
Category:MySQL Server: Replication Severity:S2 (Serious)
Version:4.0.12 OS:Linux (Linux clone 2.4.18-27.7.x)
Assigned to: CPU Architecture:Any

[30 Apr 2003 22:21] Zebee Johnstone
   I had replication working well over standard TCP/IP  but am getting permission problems 
using stunnel to encrypt traffic which appears to be weird handling of localhost permission.

slave log says
Error on COM_REGISTER_SLAVE: 1045 'Access denied for user: 'repl@' (Using password: YES)'

This appears to be some permission  problem with replication  I got that same message with non-stunnel replication if I used "%" when granting file perms, if I granted using IP address of slave, it worked. (reported as separate doc bug)

user setup:
Set up the repl user with on master and slave:
gives on master:
Master user info:|    | repl          | 2c1cd098482d3ea1 | N           | N           | N           | N           | N           | N         | N           | N             | N            | Y         | N          | N               | N          | N
Slave replication setup:
CHANGE MASTER TO MASTER_HOST='slave.mighty.com.au', MASTER_PORT=3307, MASTER_USER='repl', MASTER_PASSWORD='trupw', MASTER_LOG_FILE='master-binlog-mysqld.006', MASTER_LOG_POS=79;

If I use "localhost" as the master_host, then no traffic goes through the stunnel, if I use the name of the slave, it goes through the tunnel to the master, which sees it as localhost traffic. stunnel on master directs master port 3306 to port 3307, stunnel on slave connects slave port 3307 to 3307 on master.  so traffic from slave 3307 goes to master 3307 then to master 3306.  Traffic is definitely flowing as per debugging in stunnel.  So master and slave are communicating.

stunnel on master: stunnel -D 6 -f -p /usr/local/ssl/certs/74d20f41.0 -d 3307 -r localhost:3306
stunnel on slave: stunnel -D 6 -f -c -d 3307 -r master.mighty.com.au:3307

How to repeat:
[2 May 2003 9:03] Guilhem Bichot
Thank you for taking the time to report a problem.  Unfortunately
you are not using a current version of the product your reported a
problem with -- the problem might already be fixed. Please download
a new version from http://www.mysql.com/downloads/

If you are able to reproduce the bug with one of the latest versions,
please change the version on this bug report to the version you
tested and change the status back to "Open".  Again, thank you for
your continued support of MySQL.


On Unix boxes, connecting to 'localhost' always ignores the port you specify. If a mysqld is listening on port 3306 and another one is listening on port 3307,
mysql --port=3307 (localhost is used by default if you don't specify the host)
will silently direct you to 3306!! This is because when MySQL sees localhost it uses Unix sockets, not TCP/IP (this is why the TCP port is ignored).
You should use (or the real IP in this case, instead of localhost; this will force the use of TCP/IP and not Unix sockets. mysql -h127.0.0.1 --port=3307,

As regards stunnel, it is supposed to be a wrapper. A wrapper's job is to act behind the scene and be invisible to apps. So if replication works without stunnel and does not with stunnel, this is not a MySQL bug.
But what you experienced is probably the "ignored port" problem mentioned above.
If you still get problems, I suggest you upgrade to 4.0 and see if the problems still exist.