commit 2c100432d1d595d80c751d4bce7ace2ee61158b8
Author: Laurynas Biveinis <laurynas.biveinis@gmail.com>
Date:   Tue Feb 7 09:28:10 2017 +0200

    Fix bug 75311 / PS-1779 (Error for SSL cipher is unhelpful)
    
    Make sure to only pass ERR_get_error and not SSL_get_error result to
    ERR_error_string and ERR_error_string_n functions.

diff --git a/mysql-test/r/ssl_bug75311.result b/mysql-test/r/ssl_bug75311.result
new file mode 100644
index 00000000000..b60609952f2
--- /dev/null
+++ b/mysql-test/r/ssl_bug75311.result
@@ -0,0 +1,7 @@
+#
+# Bug 75311: Error for SSL cipher is unhelpful
+#
+SHOW STATUS LIKE 'Ssl_cipher_list';
+Variable_name	Value
+Ssl_cipher_list	DHE-RSA-AES256-SHA
+ERROR 2026 (HY000): SSL connection error: ERROR
diff --git a/mysql-test/t/ssl_bug75311-master.opt b/mysql-test/t/ssl_bug75311-master.opt
new file mode 100644
index 00000000000..458a43a9bb5
--- /dev/null
+++ b/mysql-test/t/ssl_bug75311-master.opt
@@ -0,0 +1 @@
+--ssl-cipher=DHE-RSA-AES256-SHA
diff --git a/mysql-test/t/ssl_bug75311.test b/mysql-test/t/ssl_bug75311.test
new file mode 100644
index 00000000000..beb246cae74
--- /dev/null
+++ b/mysql-test/t/ssl_bug75311.test
@@ -0,0 +1,21 @@
+--source include/have_ssl.inc
+
+--echo #
+--echo # Bug 75311: Error for SSL cipher is unhelpful
+--echo #
+
+--source include/count_sessions.inc
+
+--connect(con1,localhost,root,,,,,SSL)
+
+SHOW STATUS LIKE 'Ssl_cipher_list';
+
+--disconnect con1
+--connection default
+
+# The first error string is returned by YaSSL, the second one by OpenSSL, the third one by OpenSSL on Debian Stretch
+--replace_result "Failed to set ciphers to use" ERROR "error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure" ERROR "error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure" ERROR
+--error 1
+--exec $MYSQL -uroot --ssl-mode=REQUIRED --ssl-cipher='AES128-SHA256' -e "SHOW STATUS LIKE 'Ssl_cipher'" 2>&1
+
+--source include/wait_until_count_sessions.inc
diff --git a/rapid/plugin/x/tests/mtr/include/connection_tls_version.inc b/rapid/plugin/x/tests/mtr/include/connection_tls_version.inc
index 5eb8210cd75..4d4710ead25 100644
--- a/rapid/plugin/x/tests/mtr/include/connection_tls_version.inc
+++ b/rapid/plugin/x/tests/mtr/include/connection_tls_version.inc
@@ -25,8 +25,14 @@ EOF
 --exec $MYSQLXTEST -ux_root --file=$xtest_file 2>&1
 
 --let $XTESTPARAMS= -u user5_mysqlx --password='auth_string' --file=$xtest_file --ssl-cipher='DHE-RSA-AES256-SHA'
---let $ERROR1= /in main, line 0:ERROR: error:00000001:lib\(0\):func\(0\):reason\(1\)/Application terminated with expected error: protocol version mismatch/
---let $ERROR5= /in main, line 0:ERROR: error:00000005:lib\(0\):func\(0\):DH lib/Application terminated with expected error: socket layer receive error/ /in main, line 0:ERROR: error:00000001:lib\(0\):func\(0\):reason\(1\)/Application terminated with expected error: socket layer receive error/
+
+# In ERROR1, the first two regexes handle general OpenSSL, the next two handle OpenSSL on Debian Stretch,
+# the last one YaSSL.
+# In ERROR5, the first regex handles general OpenSSL, the second one OpenSSL on Debian Stretch, the last one YaSSL.
+
+--let $ERROR1= /in main, line 0:ERROR: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:socket layer receive error/Application terminated with expected error/ /in main, line 0:ERROR: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol/Application terminated with expected error/ /in main, line 0:ERROR: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version/Application terminated with expected error/ /in main, line 0:ERROR: error:14171102:SSL routines:tls_process_server_hello:unsupported protocol/Application terminated with expected error/ /in main, line 0:ERROR: not in error state /Application terminated with expected error /
+
+--let $ERROR5= /in main, line 0:ERROR: error:00000000:lib\(0\):func\(0\):reason\(0\)/Application terminated with expected error: socket layer receive error/ /in main, line 0:ERROR: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version/Application terminated with expected error: socket layer receive error/ /in main, line 0:ERROR: not in error state /Application terminated with expected error: socket layer receive error /
 
 --exec $MYSQLXTEST                                     $XTESTPARAMS 2>&1
 --exec $MYSQLXTEST --tls-version=TLSv1,TLSv1.1,TLSv1.2 $XTESTPARAMS 2>&1
@@ -50,14 +56,14 @@ EOF
 --exec $MYSQLXTEST --tls-version=TLSv1,TLSv1.2         $XTESTPARAMS 2>&1
 
 --let $expected_error_extra= $ERROR1
---let $expected_error_msg= protocol version mismatch \(code 2026\)
+--let $expected_error_msg= unsupported protocol \(code 2026\)
 --source ../include/mysqlxtest_expected_error.inc
 --exec $MYSQLXTEST --tls-version=TLSv1.1,TLSv1.2       $XTESTPARAMS 2>&1
 
 --exec $MYSQLXTEST --tls-version=TLSv1                 $XTESTPARAMS 2>&1
 
 --let $expected_error_extra= $ERROR1
---let $expected_error_msg= protocol version mismatch \(code 2026\)
+--let $expected_error_msg= unsupported protocol \(code 2026\)
 --source ../include/mysqlxtest_expected_error.inc
 --exec $MYSQLXTEST --tls-version=TLSv1.1               $XTESTPARAMS 2>&1
 
diff --git a/rapid/plugin/x/tests/mtr/r/connection_tls_version.result b/rapid/plugin/x/tests/mtr/r/connection_tls_version.result
index ed0864dc839..c08035cd903 100644
--- a/rapid/plugin/x/tests/mtr/r/connection_tls_version.result
+++ b/rapid/plugin/x/tests/mtr/r/connection_tls_version.result
@@ -167,7 +167,7 @@ Mysqlx.Ok {
   msg: "bye!"
 }
 ok
-Application terminated with expected error: protocol version mismatch (code 2026)
+Application terminated with expected error (code 2026)
 not ok
 CONNECTION_TYPE
 SSL/TLS
@@ -182,7 +182,7 @@ Mysqlx.Ok {
   msg: "bye!"
 }
 ok
-Application terminated with expected error: protocol version mismatch (code 2026)
+Application terminated with expected error (code 2026)
 not ok
 Application terminated with expected error: TLS version is invalid (code 2026)
 not ok
@@ -424,7 +424,7 @@ Mysqlx.Ok {
   msg: "bye!"
 }
 ok
-Application terminated with expected error: protocol version mismatch (code 2026)
+Application terminated with expected error (code 2026)
 not ok
 CONNECTION_TYPE
 SSL/TLS
@@ -439,7 +439,7 @@ Mysqlx.Ok {
   msg: "bye!"
 }
 ok
-Application terminated with expected error: protocol version mismatch (code 2026)
+Application terminated with expected error (code 2026)
 not ok
 Application terminated with expected error: TLS version is invalid (code 2026)
 not ok
diff --git a/vio/viossl.cc b/vio/viossl.cc
index 54f7de3237a..1424a37468a 100644
--- a/vio/viossl.cc
+++ b/vio/viossl.cc
@@ -62,8 +62,7 @@ report_errors(SSL* ssl)
   }
 
   if (ssl)
-    DBUG_PRINT("error", ("error: %s",
-                         ERR_error_string(SSL_get_error(ssl, l), buf)));
+    DBUG_PRINT("error", ("SSL_get_error: %d", SSL_get_error(ssl, l)));
 
   DBUG_PRINT("info", ("socket_errno: %d", socket_errno));
   DBUG_VOID_RETURN;
@@ -150,6 +149,8 @@ static bool ssl_should_retry(Vio *vio, int ret,
   /* Retrieve the result for the SSL I/O operation. */
   ssl_error= SSL_get_error(ssl, ret);
 
+  *ssl_errno_holder= ERR_peek_error();
+
   /* Retrieve the result for the SSL I/O operation. */
   switch (ssl_error)
   {
@@ -174,8 +175,6 @@ static bool ssl_should_retry(Vio *vio, int ret,
     break;
   }
 
-  *ssl_errno_holder= ssl_error;
-
   return should_retry;
 }