Description:
We updated our mysql server from 5.5.52 to 5.5.53 today and it has broken the SSL connectivity.  The MYOB log shows:

161028 12:32:44 [Warning] Failed to setup SSL
161028 12:32:44 [Warning] SSL error: SSL_CTX_set_default_verify_paths failed

We have also tried generating new certificates and the same error continues.  The OpenSSL Verify validates the certificate chains ok.

How to repeat:
The server involved is running Apache 2.4.10 on Ubuntu 14.04.1. We have tried setting up a clean server using Ubuntu 16.04.1 and Apache 2.4.18 and the same issue happens.  As soon as 5.5.53 is loaded the SSL stops working.

Suggested fix:
Not sure, but assume it is related to the yaSSL upgrade in 5.5.53

Which 5.5.3 have you installed and from where you got it?. Thanks.

Ver 14.14 Distrib 5.5.53, for debian-linux-gnu (x86_64) using readline 6.3

Mysql Updates were just loaded using the apt-get update / apt-get upgrade from the command line.

Hit:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:2 http://nz.archive.ubuntu.com/ubuntu xenial InRelease
Get:3 http://nz.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB]
Get:4 http://nz.archive.ubuntu.com/ubuntu xenial-backports InRelease [92.2 kB]
Ign:5 http://software.virtualmin.com/gpl/ubuntu virtualmin-xenial InRelease
Ign:6 http://software.virtualmin.com/gpl/ubuntu virtualmin-universal InRelease
Hit:7 http://software.virtualmin.com/gpl/ubuntu virtualmin-xenial Release
Hit:9 http://software.virtualmin.com/gpl/ubuntu virtualmin-universal Release

Could you please confirm the files in dir /var/ssl/ ?

ls -l /var/ssl/*.pem

This issue even observed on 5.5.52 if file name of ssl-ca is set to ca-cert.pem instead of ca.pem

root@localhost [(none)]> \! ls -l newcerts
total 32
-rw-r--r-- 1 umshastr common 1679 Jan 19 10:07 ca-key.pem
-rw-r--r-- 1 umshastr common 1436 Jan 19 10:09 ca.pem
-rw-r--r-- 1 umshastr common 1314 Jan 19 10:13 client-cert.pem
-rw-r--r-- 1 umshastr common 1679 Jan 19 10:13 client-key.pem
-rw-r--r-- 1 umshastr common 1098 Jan 19 10:13 client-req.pem
-rw-r--r-- 1 umshastr common 1314 Jan 19 10:12 server-cert.pem
-rw-r--r-- 1 umshastr common 1679 Jan 19 10:12 server-key.pem
-rw-r--r-- 1 umshastr common 1098 Jan 19 10:10 server-req.pem
root@localhost [(none)]> \q

-- with below conf

[umshastr@hod03]/export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64: cat my.cnf
[client]
port                    = 3306
ssl-ca                  = /export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64/newcerts/ca-cert.pem
ssl-cert                = /export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64/newcerts/client-cert.pem
ssl-key                 = /export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64/newcerts/client-key.pem

[mysqld]
ssl
ssl-ca                  = /export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64/newcerts/ca-cert.pem
ssl-cert                = /export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64/newcerts/server-cert.pem
ssl-key                 = /export/umesh/server/binaries/GABuilds/83592/mysql-5.5.52-linux2.6-x86_64/newcerts/server-key.pem

After bringing up mysql server I see similar warnings in the error log as reported :

170119 10:24:19  InnoDB: Waiting for the background threads to start
170119 10:24:20 InnoDB: 5.5.52 started; log sequence number 0
170119 10:24:20 [Warning] Failed to setup SSL
170119 10:24:20 [Warning] SSL error: SSL_CTX_set_default_verify_paths failed
170119 10:24:20 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
170119 10:24:20 [Note]   - '0.0.0.0' resolves to '0.0.0.0';
170119 10:24:20 [Note] Server socket created on IP: '0.0.0.0'.
170119 10:24:20 [Note] Event Scheduler: Loaded 0 events
170119 10:24:20 [Note] bin/mysqld: ready for connections.
Version: '5.5.52'  socket: '/tmp/mysql.sock'  port: 3306  MySQL Community Server (GPL)

After correcting the ca-cert.pem with ca.pem, I'm not seeing any warnings etc..

170119 10:36:29 [Note] Plugin 'FEDERATED' is disabled.
170119 10:36:29 InnoDB: The InnoDB memory heap is disabled
170119 10:36:29 InnoDB: Mutexes and rw_locks use GCC atomic builtins
170119 10:36:29 InnoDB: Compressed tables use zlib 1.2.3
170119 10:36:29 InnoDB: Using Linux native AIO
170119 10:36:29 InnoDB: Initializing buffer pool, size = 128.0M
170119 10:36:29 InnoDB: Completed initialization of buffer pool
170119 10:36:29 InnoDB: highest supported file format is Barracuda.
170119 10:36:29  InnoDB: Waiting for the background threads to start
170119 10:36:30 InnoDB: 5.5.52 started; log sequence number 1595675
170119 10:36:30 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
170119 10:36:30 [Note]   - '0.0.0.0' resolves to '0.0.0.0';
170119 10:36:30 [Note] Server socket created on IP: '0.0.0.0'.
170119 10:36:30 [Note] Event Scheduler: Loaded 0 events
170119 10:36:30 [Note] bin/mysqld: ready for connections.
Version: '5.5.52'  socket: '/tmp/mysql.sock'  port: 3306  MySQL Community Server (GPL)

-rw-r--r-- 1 mysql mysql 1265 May 23  2013 /var/ssl/ca-cert.pem
-rw-r--r-- 1 mysql mysql 1679 May 23  2013 /var/ssl/ca-key.pem
-rw-r--r-- 1 mysql mysql 1135 May 23  2013 /var/ssl/client-cert.pem
-rw-r--r-- 1 mysql mysql 1679 May 23  2013 /var/ssl/client-key.pem
-rw-r--r-- 1 mysql mysql 1009 May 23  2013 /var/ssl/client-req.pem
-rw-r--r-- 1 mysql mysql 1262 May 24  2013 /var/ssl/gs_root.pem
-rw-r--r-- 1 mysql mysql 1441 May 24  2013 /var/ssl/intermediate.pem
-rwxrwxrwx 1 mysql mysql 1139 May 23  2013 /var/ssl/server-cert.pem
-rwxrwxrwx 1 mysql mysql 1679 May 23  2013 /var/ssl/server-key.pem
-rwxrwxrwx 1 mysql mysql 1013 May 23  2013 /var/ssl/server-req.pem

I'm not seeing this issue even on latest builds.
If you are still seeing on latest GA builds then and you can provide more information, feel free to add it to this bug and change the status back to 'Open'.

Thank you for your interest in MySQL.