Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13706

MariaDB compiled with Openssl is not compatiable with old mysql yaSSL client

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Not a Bug
    • 10.2.8
    • N/A
    • SSL
    • None
    • Linux 2.6.23
      openSSL 1.0.1e
      MariaDB 10.2.8

    Description

      Hi, pretty guys.

      I want to improve our product environment security level, then I compiled MariaDB10.2.8 with openSSL1.0.1e. but when I use old yaSSL client connection server, it failed. But the openSSL compiled client is ok.

      [my.cnf]
      ssl-cert=/home/server-cert.pem
      ssl-key=/home/server-key.pem
      

      mysql> show global variables like '%ssl%';
      +---------------------+--------------------------------------------+
      | Variable_name       | Value                                      |
      +---------------------+--------------------------------------------+
      | have_openssl        | YES                                        |
      | have_ssl            | YES                                        |
      | ssl_ca              |                                            |
      | ssl_capath          |                                            |
      | ssl_cert            | /home/server-cert.pem |
      | ssl_cipher          |                                            |
      | ssl_crl             |                                            |
      | ssl_crlpath         |                                            |
      | ssl_key             | /home/server-key.pem  |
      | version_ssl_library | OpenSSL 1.0.1e-fips 11 Feb 2013            |
      +---------------------+--------------------------------------------+
      

      when I used MariaDB10.2.8 openSSL compiled client to connect server, it successed:

      $ /u01/jianwei.zhao/mariadb/bin/mysql -h127.0.0.1 -usu -P3306 --ssl-ca=/home/ca.pem -psu
       
      MariaDB [(none)]> show status like '%ssl_version%';
      +---------------+---------+
      | Variable_name | Value   |
      +---------------+---------+
      | Ssl_version   | TLSv1.2 |
      +---------------+---------+
      1 row in set (0.00 sec)
      

      But when I used MySQL 5.6 , before client or yaSSL compiled mariaDB client to connect server, it all failed:

      #mysql_5616/bin/mysql -h127.0.0.1 -usu -P3306 --ssl-ca=/home/ca.pem  -psu
      ERROR 2026 (HY000): SSL connection error: unknown error number
      

      so, does it mean that MariaDB server compiled with openSSL is not compatible with old yaSSL client?

      Attachments

        1. ca.pem
          1 kB
        2. server-cert.pem
          1 kB
        3. server-key.pem
          2 kB

        Activity

          People

            serg Sergei Golubchik
            jianwei zhao jianwei zhao
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.