Bug #42366 server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT"
Submitted: 27 Jan 2009 10:23 Modified: 6 Feb 2009 20:55
Reporter: Luis Soares Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0, 5.1, 6.0 OS:Any
Assigned to: Georgi Kodinov
Tags: certificate, SSL
Triage: Triaged: D3 (Medium)

[27 Jan 2009 10:23] Luis Soares
Description:
The SSL certificate expired today. You can verify by issuing:

mysql-test$ openssl x509 -text < std_data/server-cert.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB
        Validity
            Not Before: May  3 08:54:13 2006 GMT
            Not After : Jan 27 08:54:13 2009 GMT
        Subject: C=SE, ST=Uppsala, L=Uppsala, O=MySQL AB, CN=localhost/emailAddress=abstract.mysql.developer@mysql.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:d9:fd:da:b3:fb:7c:e0:b0:03:be:97:c6:a4:36:
                    ac:71:af:bb:2d:e5:84:ed:f3:8f:2b:eb:11:e5:aa:
                    66:ed:bf:62:6b:e3:ce:fa:80:ed:90:ff:b9:4a:39:
                    20:40:b6:f2:99:bf:2f:33:b5:f2:ec:3a:90:60:1d:
                    9e:94:7e:a4:1b
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
(...)

Note the validity section above.

How to repeat:
mysql-test$ openssl x509 -text < std_data/server-cert.pem
[27 Jan 2009 10:59] Sveta Smirnova
Thank you for the report.

Verified as described. Version 4.1 contains certificate till 2013
[27 Jan 2009 14:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/64141

2722 Magnus Svensson	2009-01-27
      Bug#42366 server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT
[27 Jan 2009 14:56] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/64155

2801 Jonas Oreland	2009-01-27
      ndb - bug#42366 - disable ssl also in telco-trees until certificate fixed
[27 Jan 2009 15:05] Bugs System
Pushed into 5.1.31-ndb-6.2.17 (revid:jonas@mysql.com-20090127145543-3h31xza6bpejc2wu) (version source revid:jonas@mysql.com-20090127145543-3h31xza6bpejc2wu) (merge vers: 5.1.31-ndb-6.2.17) (pib:6)
[27 Jan 2009 15:06] Bugs System
Pushed into 5.1.31-ndb-6.3.22 (revid:jonas@mysql.com-20090127145937-krvmboln0bpt9ygq) (version source revid:jonas@mysql.com-20090127145937-krvmboln0bpt9ygq) (merge vers: 5.1.31-ndb-6.3.22) (pib:6)
[27 Jan 2009 15:08] Bugs System
Pushed into 5.1.31-ndb-6.4.2 (revid:jonas@mysql.com-20090127150314-k9cxqznugatfphbq) (version source revid:jonas@mysql.com-20090127150314-k9cxqznugatfphbq) (merge vers: 5.1.31-ndb-6.4.2) (pib:6)
[27 Jan 2009 16:16] Magnus BlÄudd
only patches for disabling ssl* tests so far.
[28 Jan 2009 13:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/64284

2730 Georgi Kodinov	2009-01-28
      Bug #42366: server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT"
      
      Re-generated the PKI files needed.
      Removed the ones that are not needed.
[28 Jan 2009 13:21] Chad MILLER
Approved joro#2730
[28 Jan 2009 14:19] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/64296

2730 Georgi Kodinov	2009-01-28
      Bug #42366: server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT"
            
      Re-generated the PKI files needed.
      Removed the ones that are not needed.
      Updated the tests to reference the correct SSL subject.
[28 Jan 2009 14:30] Matthias Leich
./mysql-test-run.pl --mem --big --do-test=ssl
passed after applying using the last changeset.

OK to push
[28 Jan 2009 16:34] Georgi Kodinov
Bug #42428 is a duplicate of this bug
[29 Jan 2009 9:26] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/64425

2974 Jorgen Loland	2009-01-29
      Bug #42366: server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT"
                  
      Re-generated the PKI files needed.
      Removed the ones that are not needed.
      Updated the tests to reference the correct SSL subject.
      
      Note: This patch is written by Joro. It is applied to 6.0-backup-merge branch to quickly fix PB errors in mysql-6.0 since 6.0-bugteam branch is not ready for merge into main.
[29 Jan 2009 13:26] Norbert Tretkowski
Unfortunately the patch for the mysql-5.0 branch does not apply to an up-to-date bzr checkout.
[30 Jan 2009 13:28] Bugs System
Pushed into 6.0.10-alpha (revid:luis.soares@sun.com-20090129165607-wiskabxm948yx463) (version source revid:luis.soares@sun.com-20090129163120-e2ntks4wgpqde6zt) (merge vers: 6.0.10-alpha) (pib:6)
[30 Jan 2009 15:08] Bugs System
Pushed into 5.1.32 (revid:luis.soares@sun.com-20090129165946-d6jnnfqfokuzr09y) (version source revid:luis.soares@sun.com-20090127162115-pm1vzxczm1jj66w3) (merge vers: 5.1.32) (pib:6)
[2 Feb 2009 16:06] Bugs System
Pushed into 6.0.10-alpha (revid:sergefp@mysql.com-20090202090240-dlkxhmc1asrar5rl) (version source revid:sergefp@mysql.com-20090129100938-qvke7a9krg24l8pl) (merge vers: 6.0.10-alpha) (pib:6)
[3 Feb 2009 9:11] Bugs System
Pushed into 5.0.78 (revid:joro@sun.com-20090203090422-v91rh3gmx2ulhbu9) (version source revid:joro@sun.com-20090128141850-n68cj7rfx7rmywk5) (merge vers: 5.0.77) (pib:6)
[3 Feb 2009 9:41] Bugs System
Pushed into 5.1.32 (revid:joro@sun.com-20090203090549-gos3v4320vimrzg6) (version source revid:sergefp@mysql.com-20090128192114-jm5r3gezr59oki5x) (merge vers: 5.1.32) (pib:6)
[4 Feb 2009 11:16] Bugs System
Pushed into 6.0.10-alpha (revid:kostja@sun.com-20090204104420-mw1i2u9lum4bxjo6) (version source revid:joro@sun.com-20090128151745-pfmwvldqshy3ia5y) (merge vers: 6.0.10-alpha) (pib:6)
[6 Feb 2009 14:09] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/65483

2790 Magnus Svensson	2009-02-06
      Bug#42366 server-cert.pem expired: "Not After : Jan 27 08:54:13 2009 GMT
      - remove the disbling of all ssl_* tests now when certs are fixed.
[6 Feb 2009 20:55] Paul Dubois
Noted in 5.0.78, 5.1.32, 6.0.10 changelogs.

The SSL certficates included with MySQL distributions were
regenerated because the previous ones had expired.
[9 Feb 2009 22:34] Bugs System
Pushed into 5.1.32 (revid:davi.arnaut@sun.com-20090209214102-gj3sb3ujpnvpiy4c) (version source revid:davi.arnaut@sun.com-20090209214102-gj3sb3ujpnvpiy4c) (merge vers: 5.1.32) (pib:6)
[10 Feb 2009 20:13] Bugs System
Pushed into 6.0.10-alpha (revid:alik@sun.com-20090210194937-s7xshv5l3m1v7wi9) (version source revid:tomas.ulin@sun.com-20090127161149-9npj9dxe7yw5arca) (merge vers: 6.0.10-alpha) (pib:6)
[14 Feb 2009 13:01] Bugs System
Pushed into 6.0.10-alpha (revid:matthias.leich@sun.com-20090212211028-y72faag15q3z3szy) (version source revid:msvensson@mysql.com-20090206141057-brocl1nod7402x3t) (merge vers: 6.0.10-alpha) (pib:6)
[17 Feb 2009 14:55] Bugs System
Pushed into 5.1.32-ndb-6.3.23 (revid:tomas.ulin@sun.com-20090217131017-6u8qz1edkjfiobef) (version source revid:tomas.ulin@sun.com-20090216083408-rmvyaxjt6mk8sg1y) (merge vers: 5.1.32-ndb-6.3.23) (pib:6)
[17 Feb 2009 16:42] Bugs System
Pushed into 5.1.32-ndb-6.4.3 (revid:tomas.ulin@sun.com-20090217134419-5ha6xg4dpedrbmau) (version source revid:tomas.ulin@sun.com-20090216083646-m8st11oj1hhfuuh5) (merge vers: 5.1.32-ndb-6.4.3) (pib:6)
[17 Feb 2009 18:19] Bugs System
Pushed into 5.1.32-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090217134216-5699eq74ws4oxa0j) (version source revid:tomas.ulin@sun.com-20090211111208-wf0acl7c1vl5653e) (merge vers: 5.1.32-ndb-6.2.17) (pib:6)
[9 Jun 2009 19:05] Paul Dubois
Noted in 5.0.74sp1 changelog.