| Bug #79969 | mysql client connection using SSL breaks on CentOS after yum update | ||
|---|---|---|---|
| Submitted: | 14 Jan 2016 0:33 | Modified: | 16 May 2019 13:39 |
| Reporter: | JE Harrington | Email Updates: | |
| Status: | No Feedback | Impact on me: | |
| Category: | MySQL Server: Command-line Clients | Severity: | S1 (Critical) |
| Version: | mysql Ver 14.14 Distrib 5.1.73 | OS: | CentOS (6.7) |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | SSL | ||
[18 Jan 2016 15:53]
JE Harrington
Problem appears to happen regardless of the version of the MySQL server. I tried with an AWS RDS instance, managed by Amazon, that is suppose to have the most current version. Wireshark shows the string '08S01 Bad handshake' coming from the server. If others have not reported this problem, I suspect there is something in the certificates that causes a previously working SSL connection to now fail with the latest version of the MySQL client running on the latest version of CentOS 6 (as of 2016-01-17 version after 'yum update' is 6.7).
[16 Apr 2019 13:39]
MySQL Verification Team
Sorry for the delay. This issue is still valid with most recent versions. Thanks.
[17 May 2019 1:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
Description: After creating an AWS EC2 instance for CentOS 6.5 (CentOS-6.5-GA-03.3-f4325b48-37b0-405a-9847-236c64622e3e-ami-6be4dc02.2), mysql is installed and client connections using SSL work just fine. After updating to CentOS 6.7, the same mysql client commands attempting SSL connections now fail. The same problem happens to proprietary clients written in C using the MySQL client library. How to repeat: 1. Create an AWS EC2 instance for CentOS 6.5 (CentOS-6.5-GA-03.3-f4325b48-37b0-405a-9847-236c64622e3e-ami-6be4dc02.2), then log on and check release: # cat /etc/issue CentOS release 6.5 (Final) Kernel \r on an \m 2. Install mysql: # yum install mysql.x86_64 { install completes, output deleted for brevity } 3. Run client connection test with SSL (use valid certification, host and user credentials): # mysql --ssl-verify-server-cert --ssl-ca={server_cert} \ -h {domain_name} -u {user_name} -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 18251 Server version: 5.5.20-log MySQL Community Server (GPL) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> exit Bye 4. Update to CentOS 6.7: # yum update { update completes, output deleted for brevity } 5. Check release: # cat /etc/issue CentOS release 6.7 (Final) Kernel \r on an \m 6. Run same client connection test with SSL as before: # mysql --ssl-verify-server-cert --ssl-ca={server_cert} \ -h {domain_name} -u {user_name} -p Enter password: ERROR 2026 (HY000): SSL connection error Suggested fix: Get mysql client connections on CentOS 6.7 working.