Bug #39998 SSL support is missing from MySQL-pro 4.1.24 for rhel4
Submitted: 13 Oct 2008 12:35 Modified: 24 Oct 2008 8:02
Reporter: Darragh Bailey Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server: Packaging Severity:S2 (Serious)
Version:4.1.24 OS:Linux (RHEL4)
Assigned to: CPU Architecture:Any
Tags: regression

[13 Oct 2008 12:35] Darragh Bailey 
Description:
After installing MySQL-*-pro 4.1.24 (server, client and shared) packages for rhel 4, attempted to start mysqld server with SSL enabled.

Once it failed initially I disabled the config settings in my.cnf and started it without ssl and looked to see if it had been built with openssl support.

mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | NO    |
+---------------+-------+
1 row in set (0.00 sec)

How to repeat:

Install MySQL-*-pro rpms for 4.1.24
Start mysql server (if not automatically started)
Connect with client
run query "show variables like '%ssl%';"

Suggested fix:

MySQL-*-pro packages 4.1.24 should be built with openssl enabled.
[14 Oct 2008 8:07] Sveta Smirnova 
Thank you for the report.

Verified as described. Same problem with mysql-pro-4.1.24-redhat-linux-gnu-i686-glibc23.tar.gz package:

$./bin/mysql --ssl
./bin/mysql: unknown option '--ssl'

See also bug #39776
[14 Oct 2008 19:40] Sveta Smirnova 
Please note MySQL 4.1 is in Extended Support stage. This means maintenance releases are only provided on a when-needed basis, and only to fix Security and Severity Level 1 incidents opened by MySQL paying customers.
[24 Oct 2008 8:02] Darragh Bailey 
I assume that this must not impact the shared-compat package of MySQL 5 for RHEL4?

As I've also noticed since the compatibility libraries in that package that are present for applications built against MySQL 4, also appear to be missing SSL support. Is that definitely a separate bug or linked to existing MySQL builds missing SSL support?
[25 Nov 2008 20:58] Joerg Bruehe 
"shared-compat" RPMs combine the latest client libraries of all preceding release families into one RPM package. They are not built anew but rather taken from that previous build.

Example: The "shared-compat" RPM of 5.0.72 contains the shared libraries built with 5.0.72, 4.1.24, 4.0.30, and 3.23.58 (if the respective platform was already supported in that version).

We are currently working on the SSL issues in some 5.0 and 5.1 platforms,
but fixes in 5.0 and 5.1 will not affect the 4.1 client library contained in the 5.0 (or 5.1) "shared-compat" RPM.