Bug #98303 Sanity check of ssl-* configuration
Submitted: 21 Jan 2020 10:47 Modified: 21 Jan 2020 11:43
Reporter: Iwo P Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Logging Severity:S3 (Non-critical)
Version:8.0.19 OS:Any
Assigned to: CPU Architecture:Any

[21 Jan 2020 10:47] Iwo P
If MySQL is started with:

ssl-ca = /var/lib/mysql/non-existent.pem 
ssl-cert = /var/lib/mysql/server-cert.pem 
ssl-key = /var/lib/mysql/server-key.pem 

while the file `/var/lib/mysql/non-existent.pem` does not exist.

MySQL will start and will log:
[Warning] [MY-011302] [Server] Plugin mysqlx reported: 'Failed at SSL configuration: "SSL context is not usable without certificate and private key"'

which might be a bit misleading.

When MySQL is started with `mysqlx=0`, it logs:

[Warning] [MY-010069] [Server] Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed

which is a bit more informative, but it still would be nice to include what parts are missing.

By any chances, that's a minor bug.

How to repeat:

Suggested fix:
Make the error message a bit more clear.
[21 Jan 2020 11:43] MySQL Verification Team
Hello Iwo P,

Thank you for the report and feedback.