Bug #45770 errors reading server SSL files are printed, but not logged
Submitted: 25 Jun 2009 21:44 Modified: 8 Aug 2009 0:52
Reporter: Jess Balint Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Errors Severity:S3 (Non-critical)
Version:5.1.35, 4.1, 5.0, 5.1, 5.4 bzr OS:Any (MS Windows, Linux)
Assigned to: Staale Smedseng CPU Architecture:Any
Tags: SSL

[25 Jun 2009 21:44] Jess Balint
Description:
when the config file points to an SSL key/cert that doesnt exist, it prints in the console during startup, but not the error log

How to repeat:
set the config file with an ssl variable to a file that doesnt exist:

D:\SW\inst\mysql-5.1.35-win32\bin>mysqld
SSL error: Unable to get certificate from 'server-cert.pem'
090625 16:36:36 [Warning] Failed to setup SSL

Nothing is logged in the error log.

Suggested fix:
print something in the error log, the console will not always be visible
[25 Jun 2009 21:57] Sveta Smirnova
Thank you for the report.

Verified as described.
[17 Jul 2009 11:09] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/78931

2787 Staale Smedseng	2009-07-17
      Bug #45770 errors reading server SSL files are printed, but
      not logged
        
      Errors encountered during initialization of the SSL subsystem
      are printed to stderr, rather than to the error log.
        
      This patch adds a parameter to several SSL init functions to
      report the error (if any) out to the caller. The function
      init_ssl() in mysqld.cc is moved after the initialization of
      the log subsystem, so that any error messages can be logged to
      the error log. Printing of messages to stderr has been 
      retained to get diagnostic output in a client context.
     @ include/violite.h
        Adding an enumeration for the various errors that can
        occur during initialization of the SSL module.
     @ sql/mysqld.cc
        Adding more logging of SSL init errors, and moving
        init_ssl() till after initialization of logging 
        subsystem.
     @ vio/viosslfactories.c
        Define error strings, provide an access method for these
        strings, and maintain an error parameter in several funcs
        to return the error (if any) to the caller.
[18 Jul 2009 7:57] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/78963

3022 Staale Smedseng	2009-07-16
      Bug #45770 errors reading server SSL files are printed, but
      not logged
      
      Errors encountered during initialization of the SSL subsystem
      are printed to stderr, rather than to the error log.
      
      This patch adds a parameter to several SSL init functions to
      report the error (if any) out to the caller. The function
      init_ssl() in mysqld.cc is moved after the initialization of
      the log subsystem, so that any error messages can be logged to
      the error log.
     @ include/violite.h
        Adding an enumeration for the various errors that can
        occur during initialization of the SSL module.
     @ sql/mysqld.cc
        Adding more logging of SSL init errors, and moving
        init_ssl() till after initialization of logging 
        subsystem.
     @ vio/viosslfactories.c
        Define error strings, provide an access method for these
        strings, and maintain an error parameter in several funcs
        to return the error (if any) to the caller
[23 Jul 2009 11:39] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/79143

2789 Staale Smedseng	2009-07-23
      Bug #45770 errors reading server SSL files are printed, but
      not logged
              
      Errors encountered during initialization of the SSL subsystem
      are printed to stderr, rather than to the error log.
              
      This patch adds a parameter to several SSL init functions to
      report the error (if any) out to the caller. The function
      init_ssl() in mysqld.cc is moved after the initialization of
      the log subsystem, so that any error messages can be logged to
      the error log. Printing of messages to stderr has been 
      retained to get diagnostic output in a client context.
     @ include/violite.h
        Adding an enumeration for the various errors that can
        occur during initialization of the SSL module.
     @ sql/mysqld.cc
        Adding more logging of SSL init errors, and moving
        init_ssl() till after initialization of logging 
        subsystem.
     @ vio/viosslfactories.c
        Define error strings, provide an access method for these
        strings, and maintain an error parameter in several funcs
        to return the error (if any) to the caller.
[4 Aug 2009 13:56] Bugs System
Pushed into 5.0.85 (revid:davi.arnaut@sun.com-20090804135315-6lfdnk4zjwk7kn7r) (version source revid:davi.arnaut@sun.com-20090804135315-6lfdnk4zjwk7kn7r) (merge vers: 5.0.85) (pib:11)
[4 Aug 2009 19:51] Bugs System
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090804194615-h40sa098mx4z49qg) (version source revid:staale.smedseng@sun.com-20090723130741-omprvp0hi4ttyohx) (merge vers: 5.4.4-alpha) (pib:11)
[4 Aug 2009 20:45] Bugs System
Pushed into 5.1.38 (revid:davi.arnaut@sun.com-20090804204317-ggodqkik7de6nfpz) (version source revid:davi.arnaut@sun.com-20090804204317-ggodqkik7de6nfpz) (merge vers: 5.1.38) (pib:11)
[8 Aug 2009 0:52] Paul DuBois
Noted in 5.0.85, 5.1.38, 5.4.4 changelogs.

For problems reading SSL files during SSL initialization, the server
wrote error messages to stderr rather than to the error log.
[12 Aug 2009 22:13] Paul DuBois
Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.
[14 Aug 2009 23:04] Paul DuBois
Ignore previous comment about 5.4.2.
[1 Oct 2009 5:59] Bugs System
Pushed into 5.1.39-ndb-6.3.28 (revid:jonas@mysql.com-20091001055605-ap2kiaarr7p40mmv) (version source revid:jonas@mysql.com-20091001055605-ap2kiaarr7p40mmv) (merge vers: 5.1.39-ndb-6.3.28) (pib:11)
[1 Oct 2009 7:25] Bugs System
Pushed into 5.1.39-ndb-7.0.9 (revid:jonas@mysql.com-20091001072547-kv17uu06hfjhgjay) (version source revid:jonas@mysql.com-20091001071652-irejtnumzbpsbgk2) (merge vers: 5.1.39-ndb-7.0.9) (pib:11)
[1 Oct 2009 13:25] Bugs System
Pushed into 5.1.39-ndb-7.1.0 (revid:jonas@mysql.com-20091001123013-g9ob2tsyctpw6zs0) (version source revid:jonas@mysql.com-20091001123013-g9ob2tsyctpw6zs0) (merge vers: 5.1.39-ndb-7.1.0) (pib:11)
[5 Oct 2009 10:50] Bugs System
Pushed into 5.1.39-ndb-6.2.19 (revid:jonas@mysql.com-20091005103850-dwij2dojwpvf5hi6) (version source revid:jonas@mysql.com-20090930185117-bhud4ek1y0hsj1nv) (merge vers: 5.1.39-ndb-6.2.19) (pib:11)
[7 Oct 2009 18:27] Paul DuBois
The 5.4 fix has been pushed to 5.4.2.