Bug #70956 Setting Up Replication Using SSL witrh my.cnf dont work
Submitted: 19 Nov 2013 19:34 Modified: 22 Nov 2013 21:56
Reporter: Luis A S Junior Camargo Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Replication Severity:S3 (Non-critical)
Version:5.6.14 OS:Windows
Assigned to: CPU Architecture:Any

[19 Nov 2013 19:34] Luis A S Junior Camargo
Description:
I have a replication with one master and one slave.

I need active SSL between this servers.

After configure Slave with method my.cnf dont work, using CHANGE MASTER TO with complete informations are working fine.

How to repeat:
Follow MySQL documentation at:
http://dev.mysql.com/doc/refman/5.6/en/replication-solutions-ssl.html

"On the slave, you have two options available for setting the SSL information. You can either add the slave certificates to the [client] section of the slave's my.cnf file, or you can explicitly specify the SSL information using the CHANGE MASTER TO statement"

But, when i follow instructions under slave:

a) setup my.cnf section client with:
[client]
ssl-ca=cacert.pem
ssl-cert=client-cert.pem
ssl-key=client-key.pem

b) Restart the slave server, using the --skip-slave-start

c) Run 'change master to' command:
 CHANGE MASTER TO
    -> MASTER_HOST='master_hostname',
    -> MASTER_USER='replicate',
    -> MASTER_PASSWORD='password',
    -> MASTER_SSL=1;

d) Start the slave proccess:
START SLAVE;

After this, the slave dont connect with master.

==============================================

Using the SSL with commands method are working fine:

a) CHANGE MASTER TO
    -> MASTER_HOST='master_hostname',
    -> MASTER_USER='replicate',
    -> MASTER_PASSWORD='password',
    -> MASTER_SSL=1,
    -> MASTER_SSL_CA = 'ca_file_name',
    -> MASTER_SSL_CAPATH = 'ca_directory_name',
    -> MASTER_SSL_CERT = 'cert_file_name',
    -> MASTER_SSL_KEY = 'key_file_name';
b) START SLAVE;

Suggested fix:
Change MySQL to upgrade master.info with data from my.cnf at replication startup or remove this option in documentation.
[19 Nov 2013 19:41] Sveta Smirnova
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/ and the instructions on
how to report a bug at http://bugs.mysql.com/how-to-report.php

Please read at http://dev.mysql.com/doc/refman/5.6/en/replication-options-slave.html#option_mysqld_master...:

Obsolete options.  The following options are removed in MySQL 5.6. If you attempt to start mysqld with any of these options in MySQL 5.6, the server aborts with an unknown variable error. To set the replication parameters formerly associated with these options, you must use the CHANGE MASTER TO ... statement (see Section 13.4.2.1, “CHANGE MASTER TO Syntax”).

The options affected are shown in this list:

    --master-host

    --master-user

    --master-password

    --master-port

    --master-connect-retry

    --master-ssl

    --master-ssl-ca

    --master-ssl-capath

    --master-ssl-cert

    --master-ssl-cipher

    --master-ssl-key
[19 Nov 2013 22:30] Luis A S Junior Camargo
Hi Sveta,

Thank you for the rapid response.

In this case, please update MySQL Documentation for 5.6 with correct information:
http://dev.mysql.com/doc/refman/5.6/en/replication-solutions-ssl.html
[22 Nov 2013 21:56] Sveta Smirnova
Thank you for the feedback.

You are correct: we still have these instructions in the user manual. Verified as described.