Bug #86912 MySQL Workbench SSL error with SSL CA File more than one level deep
Submitted: 3 Jul 2017 16:01 Modified: 31 Jul 2017 12:26
Reporter: Jason Miele Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Workbench Severity:S3 (Non-critical)
Version:6.3.9 OS:Windows (10)
Assigned to: CPU Architecture:Any
Tags: SSL

[3 Jul 2017 16:01] Jason Miele 
Description:
MySQL Workbench SSL error with SSL CA File more than one level deep.  When trying to connect with MySQL Workbench Enterprise 6.3.9 on Windows to a MySQL Server Enterprise on Linux Generic we receive the following error

ERROR 2026 (HY000): SSL connection error: ASN: bad other signature confirmation

This error could be caused by the MySQL Workbench not supporting a SSL CA File more than one level deep or caused by the MySQL Workbench not supporting TLS 1.2 (https://bugs.mysql.com/bug.php?id=86816).  

How to repeat:
1) Create a SSL CA File with two levels with a newer ECDHE cipher.  Create the server and client certificates.  
2) Setup MySQL Server with SSL=On
3) Create a user in MySQL Server with 'REQUIRE SSL'.
4) Connect to the MySQL Server 5.7.18 Enterprise on Linux with the MySQL Workbench 6.3.9 Enterprise on Windows (the MySQL Server has the server certificates and the Workbench has the client certificates, both have the same CA Trust at two or more levels deep).  
5) MySQL Workstation displays the following error: 
   ERROR 2026 (HY000): SSL connection error: ASN: bad other signature confirmation
[31 Jul 2017 12:26] Chiranjeevi Battula 
Hello  Jason Miele,

Thank you for the bug report and steps.
Verified this behavior on MySQL Workbench in 6.3.9 version

Thanks,
Chiranjeevi.
[31 Jul 2017 12:26] Chiranjeevi Battula 
Screenshot

Attachment: 86912.JPG (image/jpeg, text), 86.79 KiB.
[17 Feb 2018 12:57] GRACE ROGON 
NOT CONNECTED

Attachment: 1.sql (application/octet-stream, text), 535 bytes.