Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14636

Master_SSL_CA_Path does not work

    XMLWordPrintable

    Details

      Description

      Following the directions in https://mariadb.com/kb/en/library/replication-with-secure-connections/, after generating keys following the tutorial at https://www.cyberciti.biz/faq/how-to-setup-mariadb-ssl-and-secure-connections-from-clients/ linked from https://mariadb.com/kb/en/library/secure-connections-overview/, results in an error.

      Specifically:

      CHANGE MASTER TO
        MASTER_HOST='master_host_name',
        MASTER_USER='user_name',
        MASTER_PASSWORD='password',
        MASTER_SSL=1,
        MASTER_SSL_CA = 'ca_file_name',
        MASTER_SSL_CAPATH = 'ca_directory_name',
        MASTER_SSL_CERT = 'cert_file_name',
        MASTER_SSL_KEY = 'key_file_name';
      

      is misleading, because the variable MASTER_SSL_CAPATH does nothing in 10.2.11

      MASTER_SSL_CA, MASTER_SSL_CERT, and MASTER_SSL_KEY must contain full path names for each corresponding file, and changing the value of MASTER_SSL_CAPATH has no effect on these variables. When the filenames are not fully qualified, turning on replication results in

      Last_IO_Error: error connecting to master 'repl@10.0.0.1:3306' - retry-time: 10  maximum-retries: 86400
      message: SSL connection error: SSL_CTX_set_default_verify_paths failed
      

        Attachments

          Activity

            People

            Assignee:
            juan.vera Juan
            Reporter:
            juan.vera Juan
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: