Bug #68500 ERROR 2026 (HY000): SSL connection error: unknown error number
Submitted: 26 Feb 2013 22:39 Modified: 29 May 2013 18:22
Reporter: Denis Shaposhnikov Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server: General Severity:S1 (Critical)
Version:5.5.30 OS:FreeBSD (9.1)
Assigned to: CPU Architecture:Any
Tags: SSL

[26 Feb 2013 22:39] Denis Shaposhnikov 
Description:
I've builded mysql-5.5.30 with system openssl and now I can't connect to it using mysql client:

% mysql --ssl --ssl-cipher=DHE-RSA-AES128-SHA -h 127.0.0.1    
ERROR 2026 (HY000): SSL connection error: unknown error number

And I can't understand what does this error message mean.

How to repeat:
Build mysql on FreeBSD 9.1 with

CMAKE_ARGS+=    -DWITH_SSL=system

and try to connect to it using mysql client.
[28 Feb 2013 18:37] Sveta Smirnova 
Thank you for the report.

Please send your server configuration file, output of SHOW VARIABLES LIKE '%ssl%'; and full server error log file.
[1 Mar 2013 17:53] Denis Shaposhnikov 
The server log:

130226 14:30:11 mysqld_safe Starting mysqld daemon with databases from /var/db/mysql
130226 14:30:11 InnoDB: The InnoDB memory heap is disabled
130226 14:30:11 InnoDB: Mutexes and rw_locks use GCC atomic builtins
130226 14:30:11 InnoDB: Compressed tables use zlib 1.2.7
130226 14:30:11 InnoDB: Initializing buffer pool, size = 60.0G
130226 14:30:17 InnoDB: Completed initialization of buffer pool
130226 14:30:17 InnoDB: highest supported file format is Barracuda.
130226 14:30:23  InnoDB: Waiting for the background threads to start
130226 14:30:24 InnoDB: 5.5.30 started; log sequence number 157222643254
130226 14:30:24 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
130226 14:30:24 [Note]   - '0.0.0.0' resolves to '0.0.0.0';
130226 14:30:24 [Note] Server socket created on IP: '0.0.0.0'.
130226 14:30:24 [Note] Slave SQL thread initialized, starting replication in log 'mysql-bin.000029' at position 391040946, relay log './db4-relay-bin.000024' position: 1397018
130226 14:30:24 [Note] Event Scheduler: Loaded 0 events
130226 14:30:24 [Note] /usr/local/libexec/mysqld: ready for connections.
Version: '5.5.30-log'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
130226 14:30:24 [Note] Slave I/O thread: connected to master 'replication@96.46.150.136:3306',replication started in log 'mysql-bin.000029' at position 391040946

mysql> SHOW VARIABLES LIKE '%ssl%';
+---------------+------------+
| Variable_name | Value      |
+---------------+------------+
| have_openssl  | YES        |
| have_ssl      | YES        |
| ssl_ca        | cacert.pem |
| ssl_capath    |            |
| ssl_cert      | server.pem |
| ssl_cipher    |            |
| ssl_key       | server.pem |
+---------------+------------+

The server configuration file:

[client]
port            = 3306
socket          = /tmp/mysql.sock
ssl-ca          = cacert.pem
ssl-cert        = server.pem
ssl-key         = server.pem

[mysqld]
port            = 3306
socket          = /tmp/mysql.sock
tmpdir          = /var/tmp
ssl-ca          = cacert.pem
ssl-cert        = server.pem
ssl-key         = server.pem
character-set-server = utf8
back_log = 50
max_connections = 200
max_connect_errors = 100
table_open_cache = 8192
max_allowed_packet = 32M
server-id = 7
slave-skip-errors = 1007,1008,1017,1051,1053,1062,1067,1396
key_buffer_size = 32M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover
innodb_additional_mem_pool_size = 16M
innodb_buffer_pool_size = 60G
innodb_data_file_path = ibdata1:10M:autoextend
innodb_file_per_table
innodb_file_format = barracuda
innodb_thread_concurrency = 0
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 8M
innodb_log_file_size = 1G
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120

[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash

[myisamchk]
key_buffer_size = 512M
sort_buffer_size = 512M
read_buffer = 8M
write_buffer = 8M

[mysqlhotcopy]
interactive-timeout

[mysqld_safe]
open-files-limit = 25000
[26 Apr 2013 12:38] MySQL Verification Team 
Hello Denis,

Are you still having this issue?

Recently during one off testing I followed the steps outlined in manual for generating MySQL server and client certificate and key files - see, http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

What observed during testing is - If you generate the client/server key with the same common name then end up with this error when trying to use. 

Please try with different common names while generating MySQL server and client certificate and key files.

e.g

Common Name (eg, your name or your server's hostname) []:onetwothree
Common Name (eg, your name or your server's hostname) []:twothreefour
[30 May 2013 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".