Description:
Background innformation provided by Facebook:
Abstract:

This fixes how OpenSSL error codes are returned to the application.

The client library was not using OpenSSL error codes correctly; it was using the return value of SSL_get_error rather than ERR_get_error, which made for nonsensical errors.

Before this patch, with a cert signed by an unknown CA, this was the error:

ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

after:

ERROR 2026 (HY000): SSL connection error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Repo: https://github.com/mysql/mysql-server
Patch on top of 8.0.4: https://github.com/mysql/mysql-server/commit/577fbcf856cd693434d554545d499559bcdd3695
Facebook commits: https://github.com/facebook/mysql-5.6/commit/3555caa

How to repeat:
See description

Suggested fix:
See contribution code attached

Fix OpenSSL error codes 
(*) This code is contributed under the Facebook agreement

Contribution: fb_patch_41.txt (text/plain), 1.72 KiB.

Posted by developer:
 
FYI, I get the following on the client when trying to do --ssl-mode=verify-ca with the wrong ca cert (before the fix):
Openssl 1.0 and 1.1: 
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
wolfssl 3.14:
ERROR 2026 (HY000): SSL connection error: ASN no signer error to confirm failure

Posted by developer:
 
After the fix:
openssl 1.1: ERROR 2026 (HY000): SSL connection error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
openssl 1.0: ERROR 2026 (HY000): SSL connection error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
wolfssl 3.14: ERROR 2026 (HY000): SSL connection error: ASN no signer error to confirm failure

Posted by developer:
 
Fixed in 8.0.13.

The MySQL client library now returns better error messages for
OpenSSL errors. Thanks to Facebook for the patch.

Duplicate bug 75311 ?