MySQL Bugs: #77036: auto-generated SSL certs have no CN

Bug #77036	auto-generated SSL certs have no CN
Submitted:	14 May 2015 4:38	Modified:	8 Jul 2015 22:45
Reporter:	Andrew Dalgleish	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Security: Encryption	Severity:	S2 (Serious)
Version:		OS:	Any
Assigned to:		CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
The 5.7.8 server auto-generated SSL certs have no CN.

How to repeat:
$ /path/to/mysql --ssl-ca=data/ca.pem
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

$ for X in ca.pem server-cert.pem client-cert.pem ; do \
echo $X; openssl x509 -in data/$X -noout -subject; \
done
ca.pem
subject= 
server-cert.pem
subject= 
client-cert.pem
subject= 

Suggested fix:
Set the CN the same as mysql_ssl_rsa_setup does

Noted in 5.7.8, 5.8.0 changelogs.

SSL certificates autogenerated by the server could have CN values
that exceeded 64 characters. In that case, the server now omits the
_server_version part of the CN values so the length falls within 64
characters.