Description:
Recently, MySQL test cases for openssl_1 began failing on all version of Redhat Enterprise Linux. The issue is exactly the same across the board, and has been verified with both mysql-5.0.67 and mysql-5.0.75. It appears that this issue may be related to a recent security update to the openssl package by Redhat:
https://rhn.redhat.com/errata/RHSA-2009-0004.html
These are the same builds that had no issue before the openssl update. I imagine that the openssl functionality is fine, and just the test case is not functional but I'm not familiar enough with MySQL OpenSSL Support to be able to fully verify that.
Systems Failing:
EL3 64bit (stock) w/ openssl-0.9.7a-33.24
EL4 32bit (stock) w/ openssl-0.9.7a-43.17.el4_7.2
EL5 64bit (stock) w/ openssl-0.9.8e-7.el5
Failure Output:
openssl_1 [ fail ]
mysqltest: At line 19: query 'connect con1,localhost,ssl_user1,,,,,SSL' failed: 2026: SSL connection error
The result from queries just before the failure was:
drop table if exists t1;
create table t1(f1 int);
insert into t1 values (5);
grant select on test.* to ssl_user1@localhost require SSL;
grant select on test.* to ssl_user2@localhost require cipher "DHE-RSA-AES256-SHA";
grant select on test.* to ssl_user3@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com";
grant select on test.* to ssl_user4@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB/emailAddress=abstract.mysql.developer@mysql.com" ISSUER "/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB";
grant select on test.* to ssl_user5@localhost require cipher "DHE-RSA-AES256-SHA" AND SUBJECT "xxx";
flush privileges;
More results from queries before failure can be found in /home/wdierkes/buildroot/BUILD/mysql-5.0.75/mysql-test/var/log/openssl_1.log
Aborting: openssl_1 failed in default mode.
To continue, re-run with '--force'.
Stopping All Servers
make: *** [test-ns] Error 1
How to repeat:
./configure --with-openssl && make && make test
As a side note, my full configure line is as follows:
./configure --host=x86_64-redhat-linux-gnu --build=x86_64-redhat-linux-gnu -
-target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/u
sr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --locals
tatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/sh
are/info --with-readline --with-openssl --without-debug --enable-shared --with-b
ench --localstatedir=/var/lib/mysql --with-unix-socket-path=/var/lib/mysql/mysql
.sock --with-mysqld-user=mysql --with-extra-charsets=all --with-innodb --with-be
rkeley-db --enable-local-infile --enable-largefile --enable-thread-safe-client -
-disable-dependency-tracking --with-archive-storage-engine --with-federated-stor
age-engine --with-blackhole-storage-engine --with-csv-storage-engine --with-name
d-thread-libs=-lpthread
Suggested fix:
Uncertain.