Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18019

Default test certificate key too small, incompatible with OpenSSL 1.1.0

    XMLWordPrintable

    Details

      Description

      After uploading MariaDB 10.3 to Debian experimental I noticed all builds were failing. One of the reasons was the inability of the mysqld process to serve any connections due to this:

      SSL error: Unable to get certificate from '/tmp/build/source/mysql-test/std_data/server-cert.pem'
      2018-12-16 15:56:57 0 [Warning] Failed to setup SSL
      2018-12-16 15:56:57 0 [Warning] SSL error: Unable to get certificate
      2018-12-16 15:56:57 0 [Warning] SSL error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
      2018-12-16 15:56:57 0 [Note] Server socket created on IP: '127.0.0.1'.
      2018-12-16 15:56:57 0 [Note] Reading of all Master_info entries succeded
      2018-12-16 15:56:57 0 [Note] Added new Master_info '' to hash table
      2018-12-16 15:56:57 0 [Note] /tmp/build/source/builddir/sql/mysqld: ready for connections.
      Version: '10.3.11-MariaDB-1~exp1-log'  socket: '/tmp/build/source/builddir/mysql-test/var/tmp/4/mysqld.1.sock'  port: 16060  Debian unstable
      

      Reports online suggest that the new OpenSSL (available in Debian unstable) does not accept the small keysize in our test certificate. See https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_security_level.html

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              otto Otto Kekäläinen
              Reporter:
              otto Otto Kekäläinen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: