[MDEV-14636] Master_SSL_CA_Path does not work - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.2.11, 10.0(EOL), 10.1(EOL), 10.2(EOL)
Fix Version/s: N/A
Component/s: Documentation - Support, SSL
Labels:
- replication
- ssl
- upstream
Environment:
CentOS Linux release 7.4.1708

Description

Following the directions in https://mariadb.com/kb/en/library/replication-with-secure-connections/, after generating keys following the tutorial at https://www.cyberciti.biz/faq/how-to-setup-mariadb-ssl-and-secure-connections-from-clients/ linked from https://mariadb.com/kb/en/library/secure-connections-overview/, results in an error.

Specifically:

CHANGE MASTER TO

  MASTER_HOST='master_host_name',

  MASTER_USER='user_name',

  MASTER_PASSWORD='password',

  MASTER_SSL=1,

  MASTER_SSL_CA = 'ca_file_name',

  MASTER_SSL_CAPATH = 'ca_directory_name',

  MASTER_SSL_CERT = 'cert_file_name',

  MASTER_SSL_KEY = 'key_file_name';

is misleading, because the variable MASTER_SSL_CAPATH does nothing in 10.2.11

MASTER_SSL_CA, MASTER_SSL_CERT, and MASTER_SSL_KEY must contain full path names for each corresponding file, and changing the value of MASTER_SSL_CAPATH has no effect on these variables. When the filenames are not fully qualified, turning on replication results in

Last_IO_Error: error connecting to master 'repl@10.0.0.1:3306' - retry-time: 10  maximum-retries: 86400

message: SSL connection error: SSL_CTX_set_default_verify_paths failed

Attachments

Activity

People

Assignee:: Juan

Reporter:: Juan

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2017-12-12 18:57

Updated:: 2024-07-08 00:24

Resolved:: 2019-12-05 09:57

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.