Bug #48330 Replication SSL page incorrect refers to using server-cert's on the slave
Submitted: 26 Oct 2009 21:47 Modified: 3 Dec 2009 3:44
Reporter: Harrison Fisk Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: Paul DuBois CPU Architecture:Any

[26 Oct 2009 21:47] Harrison Fisk
Description:
On the replication SSL page at:

http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html

Two options are specified for how to specify the certs for the slave, CHANGE MASTER TO and the my.cnf options.

The my.cnf options are quoted as:

==
On the slave, you have two options available for setting the SSL information. You can either add the slaves certificates to the client section of the slave configuration file, or you can explicitly specify the SSL information using the CHANGE MASTER TO statement.

Using the former option, add the following lines to the client section of the slave configuration file:

[client]
ssl-ca=cacert.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
==

The names "server-cert.pem" and "server-key.pem" are identical to the ones used previously for the master options:

==
To enable SSL on the master you will need to create or obtain suitable certificates and then add the following configuration options to the master's configuration within the mysqld section:

ssl-ca=cacert.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem
==

This implies that they should be identical, whereas the files are actually different.  

How to repeat:
Check out the docs.  Get confused by the options given.

Suggested fix:
Change the slave options to be:

[client]
ssl-ca=cacert.pem
ssl-cert=client-cert.pem
ssl-key=client-key.pem

These names correspond to the same as what is used for the general SSL page:

http://dev.mysql.com/doc/refman/5.1/en/secure-using-ssl.html
[3 Dec 2009 3:44] Paul DuBois
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly, and will be included in the next release of the relevant products.