Bug #77109 Access denied using SSL (mysql_ssl_rsa_setup)
Submitted: 21 May 2015 5:27 Modified: 21 May 2015 7:51
Reporter: Ted Wennmark Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.7.7 OS:Linux (Ubuntu 14_04)
Assigned to: CPU Architecture:Any
Tags: access denied, client, MySQL, mysql_ssl_rsa_setup, SSL

[21 May 2015 5:27] Ted Wennmark 
Description:
Can not connect mysql client using SSL, get error: ERROR 1045 (28000): Access denied
If I use old client from 5.7.5 all works as expected.
Have read the documentation but must have missed something or there is a bug in 5.7.7.

How to repeat:
Download MySQL 5.7.7 generic tar package.

1 Install MySQL:
/home/ted/src/5.7.7/bin/mysqld --basedir=/home/ted/src/5.7.7 --datadir=/home/ted/slabb/data --initialize --user=ted

2 Create SSL keys:
/home/ted/src/5.7.7/bin/mysql_ssl_rsa_setup --datadir=/home/ted/slabb/data

3 Start MySQL (see configuration my.cnf below):
/home/ted/src/5.7.7/bin/mysqld_safe --defaults-file=/home/ted/slabb/my.cnf &

4 Try to connect:
ted@ted-PORTEGE-Z30-A:~/slabb$ /home/ted/src/5.7.7/bin/mysql -uroot -proot -S/tmp/mysql4000.sock
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

When adding option --ssl=0 it works but then we are not using SSL
(From \s: SSL:	Not in use)

Using old client (5.7.5) it works with SSL:
/home/ted/src/5.7.5/bin/mysql -uroot -proot -S/tmp/mysql4000.sock --ssl-ca=ca.pem
ysql> \s
--------------
/home/ted/src/5.7.5/bin/mysql  Ver 14.14 Distrib 5.7.5-m15, for linux-glibc2.5 (x86_64) using  EditLine wrapper

Connection id:		41
Current database:	
Current user:		root@localhost
SSL:			Cipher in use is DHE-RSA-AES256-SHA
......

Configuration file (my.cnf):
> [client]
> user               = root
> password           = root
> port               = 4000
> socket             = /tmp/mysql4000.sock
>
> [mysqld_safe]
> basedir            = /home/ted/src/5.7.7/
> ledir              = /home/ted/src/5.7.7/bin
> datadir            = /home/ted/slabb/data
> 
> [mysqld]
> user               = ted
> port               = 4000
> socket             = /tmp/mysql4000.sock
> basedir            = /home/ted/src/5.7.7/
> datadir            = /home/ted/slabb/data
[21 May 2015 5:36] Ted Wennmark 
Looks like this might be a duplicate of bug #76830, sorry for not seeing this earlier.
[21 May 2015 7:51] MySQL Verification Team 
Hello Ted,

Thank you for the report.
Marking this as duplicate of Bug #76830

Thanks,
Umesh
[18 Feb 2016 22:20] Tobias Lindgren 
Hi,

Having the exact same issue with the latest Connector/C, 6.1.6 on Linux. 6.1.5 works well.

I noticed the referred bug above, #76830, is locked. How do I find information around where this has been fixed?

Thanks
/Tobias