Description:
Page: https://dev.mysql.com/doc/refman/5.6/en/server-status-variables.html#statvar_Ssl_server_no...
Between 5.6.3-m5 and 5.7.8-rc this variable is only shown if connected via SSL.
Monitoring might connect over a UNIX socket and not use SSL, so it is important information.
Related commits:
commit 18ce7f96b21c2be1beb38e6835567e1780f2a6f5
Author: Georgi Kodinov <Georgi.Kodinov@Oracle.com>
Date: Tue Mar 29 11:01:07 2011 +0300
Bug #11764778: server feature request - expose ssl certificate details
in show global st
There was no easy way to get the expiration dates of the server's
certificate.
Implemented two session status variables (Ssl_server_not_before and
Ssl_server_not_after) with the same scope as e.g. Ssl_verify_depth to
return the two dates in a format similar to OpenSSL's ASN1_TIME_print.
Since yaSSL doesn't preserve the parsed server certificate beyond
reading it, the diff extends yaSSL to preserve it and return it
through SSL_get_certificate(). Also fixed the storage of the
certificate expiration dates to have the ASN1_TIME subtype.
Implemented an yaSSL specific extension function
yaSSL_ASN1_TIME_to_string() to return the string representation of the
date in an ASN1_TIME in a format similar to OpenSSL's format.
Created a wrapper in MySQL to call either ASN1_TIME_print() or
yaSSL_ASN1_TIME_to_string() depending on the library type.
Did some type cleanups of some of the internal yaSSL functions.
Test case added.
commit 1ffd2ad62219dd24a54542f8b98a1cd9be96fbb5
Author: Georgi Kodinov <georgi.kodinov@oracle.com>
Date: Fri Mar 27 15:08:03 2015 +0200
Bug #20648276 SSL-RELATED GLOBAL STATUS INFORMATION ONLY AVAILABLE
WHEN CONNECTED USING --SSL
* Created a read-only SSL context to allow reading of the
SSL attributes for the server SSL Context
* Used the new read-only SSL context instead of the connected
SSL context in Ssl_server_not_before/Ssl_server_not_after.
* Test case added.
* Fixed a non-unix line ending in ha_federated.cc
How to repeat:
Check the variables over a non-SSL and over an SSL connection.
Suggested fix:
Add note to the 5.6 documentation