| Bug #90895 | SSL connection error reports bad Date Size | ||
|---|---|---|---|
| Submitted: | 16 May 2018 20:46 | Modified: | 20 Jun 2018 15:04 |
| Reporter: | Santiago Acosta | Email Updates: | |
| Status: | Unsupported | Impact on me: | |
| Category: | MySQL Workbench | Severity: | S2 (Serious) |
| Version: | 6.3.10 build 12092614 CE | OS: | Linux (Mint 18 Sarah) |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | certificates, Connection, secure, ssh, SSL | ||
[16 May 2018 21:48]
MySQL Verification Team
Please try version 6.3.10 or the development release version 8.0.11 rc. Thanks.
[22 May 2018 15:30]
Santiago Acosta
@G.M.S > Please try version 6.3.10 or the development release version 8.0.11 rc. Thanks. I've tried with 6.3.10 and it puts out the same error. SSL connection error:ASN: bad Date size. I cannot use 8.0.11rc, my OS is not supported (Mint 18 Sarah => Ubuntu 16.04 < 17.04) Is it possible that I need my client certificates in DER format instead of PEM?
[22 May 2018 15:38]
Santiago Acosta
I forgot to add that MySQL WB 8.0.1rc cannot be installed due to an unsatisfiable dependency on libgcrypt20 >= 1.7.0 I am currently stuck on libgcrypt20 1.6.5
[20 Jun 2018 15:03]
MySQL Verification Team
OS unsupported
Attachment: unsupported.png (image/png, text), 559.12 KiB.
[20 Jun 2018 15:04]
MySQL Verification Team
Thank you for the feedback. OS unsupported see prior attached picture.
Description: What I want to do is to connect to a remote server using certificates created and signed outside of the Workbench application Server version: mysqld Ver 5.6.39-83.1-56 for debian-linux-gnu on x86_64 MySQL client library: libmysqlclient20:amd64 5.7.21-0ubuntu0.16.04.1 amd64 Mysql Workbench: 6.3.6 build 511 CE What I expect to happen is to open a secure connection to the remote service. What actually happens is that I'm being summarily dismissed with the following. Failed to Connect to MySQL at localhost:3306 through SSH tunnel at user_name@server:22 with user user_name SSL connection error: ASN: bad Date Size What I've done. - Create the key, request signature, get it signed all through OpenSSL (OpenSSL 1.0.2g 1 Mar 2016). - Setup the server to accept SSL. Testing locally shows that it works, status reports cipher as ECDHE-RSA-AES128-GCM-SHA256. - The client followed the same SSL process and recieved the ca-chain file alongside its own certificate. - Transformed the key file to RSA with OpenSSL (by pass "Unable to get private key" issue) - Configured an SSH connection through Workbench with the SSL files - Cannot test or connect to it due to the error - Scour the internets looking for a way to fix "ASN: bad Date Size", maybe my certificate generation process is faulty? What I've tried - Local secure connection works, server does not complain a single time - Switching TCP/IP over SSH to simple TCP/IP - Re-issuing certificates with weaker signature algo (down to sha256) - Making new full privileged user on '%' and repeated all the steps How to repeat: I don't know how to repeat this other than uninstalling the remote service and the local client. This is a redacted chunk of my x509 certificate as outputted by OpenSSL Certificate: Data: Version: 3 (0x2) Serial Number: ...num... (...hex...) Signature Algorithm: sha384WithRSAEncryption Issuer: C=ES, ...details... , CN=SubCA Validity Not Before: May 16 18:29:30 2018 GMT Not After : Jan 15 00:00:00 2028 GMT Subject: C=ES, ...details..., CN=user_name Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: CA:FALSE X509v3 Extended Key Usage: critical TLS Web Client Authentication, E-mail Protection X509v3 Subject Key Identifier: ... X509v3 Authority Key Identifier: ... Signature Algorithm: sha384WithRSAEncryption ... Suggested fix: I have no idea