Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
N/A
-
None
Description
With SSL changes targeted for 11.3, MariaBackup has become more complicated to run. If no certificates are provided to MariaBackup call, it fails to run both with and without --skip-ssl. It makes no difference whether the server is run with --skip-ssl or not, and whether the connection is made through TCP or socket. --disable-ssl-verify-server-cert helps in all cases (TCP or socket, server with skip-ssl or not).
If MariaBackup is called with certificates from MTR, the results are different, but also confusing. I cannot meaningfully summarize it.
--disable_abort_on_error
|
|
|
--echo #
|
--echo # Attempt 1: TCP, no special options
|
--exec $XTRABACKUP --backup -uroot --target-dir=$MYSQL_TMP_DIR/backup1 --port=$MASTER_MYPORT --protocol=tcp > $MYSQL_TMP_DIR/backup1.out 2>&1
|
--let $err= $sys_errno
|
if ($err) |
{
|
--cat_file $MYSQL_TMP_DIR/backup1.out |
}
|
if ($err==0) |
{
|
--echo # All good |
}
|
--echo #
|
--echo # Attempt 2: TCP, skip-ssl
|
--exec $XTRABACKUP --backup -uroot --target-dir=$MYSQL_TMP_DIR/backup2 --port=$MASTER_MYPORT --protocol=tcp --skip-ssl > $MYSQL_TMP_DIR/backup2.out 2>&1
|
--let $err= $sys_errno
|
if ($err) |
{
|
--cat_file $MYSQL_TMP_DIR/backup2.out |
}
|
if ($err==0) |
{
|
--echo # All good |
}
|
--echo #
|
--echo # Attempt 3: TCP, disable-ssl-verify-server-cert
|
--exec $XTRABACKUP --backup -uroot --target-dir=$MYSQL_TMP_DIR/backup3 --port=$MASTER_MYPORT --protocol=tcp --disable-ssl-verify-server-cert > $MYSQL_TMP_DIR/backup3.out 2>&1
|
--let $err= $sys_errno
|
if ($err) |
{
|
--cat_file $MYSQL_TMP_DIR/backup3.out |
}
|
if ($err==0) |
{
|
--echo # All good |
}
|
|
|
--echo #
|
--echo # Attempt 4: Socket, no special options
|
--exec $XTRABACKUP --backup -uroot --target-dir=$MYSQL_TMP_DIR/backup4 --socket=$MASTER_MYSOCK --protocol=socket > $MYSQL_TMP_DIR/backup4.out 2>&1
|
--let $err= $sys_errno
|
if ($err) |
{
|
--cat_file $MYSQL_TMP_DIR/backup4.out |
}
|
if ($err==0) |
{
|
--echo # All good |
}
|
--echo #
|
--echo # Attempt 5: Socket, skip-ssl
|
--exec $XTRABACKUP --backup -uroot --target-dir=$MYSQL_TMP_DIR/backup5 --socket=$MASTER_MYSOCK --protocol=socket --skip-ssl > $MYSQL_TMP_DIR/backup5.out 2>&1
|
--let $err= $sys_errno
|
if ($err) |
{
|
--cat_file $MYSQL_TMP_DIR/backup5.out |
}
|
if ($err==0) |
{
|
--echo # All good |
}
|
--echo #
|
--echo # Attempt 6: Socket, disable-ssl-verify-server-cert
|
--exec $XTRABACKUP --backup -uroot --target-dir=$MYSQL_TMP_DIR/backup6 --socket=$MASTER_MYSOCK --protocol=socket --disable-ssl-verify-server-cert > $MYSQL_TMP_DIR/backup6.out 2>&1
|
--let $err= $sys_errno
|
if ($err) |
{
|
--cat_file $MYSQL_TMP_DIR/backup6.out |
}
|
if ($err==0) |
{
|
--echo # All good |
}
|
|
bb-11.3-serg 9c96b8f5d48a181386807b1f3151154d21cc059c |
# Attempt 1: TCP, no special options
|
[00] 2023-10-13 20:49:27 Connecting to MariaDB server host: localhost, user: root, password: not set, port: 16000, socket: /run/mysqld/mysqld.sock
|
[00] 2023-10-13 20:49:27 Failed to connect to MariaDB server: SSL connection error: SSL certificate is self-signed.
|
#
|
# Attempt 2: TCP, skip-ssl
|
[00] 2023-10-13 20:49:27 Connecting to MariaDB server host: localhost, user: root, password: not set, port: 16000, socket: /run/mysqld/mysqld.sock
|
[00] 2023-10-13 20:49:27 Failed to connect to MariaDB server: SSL connection error: SSL certificate is self-signed.
|
#
|
# Attempt 3: TCP, disable-ssl-verify-server-cert
|
# All good
|
#
|
# Attempt 4: Socket, no special options
|
[00] 2023-10-13 20:49:29 Connecting to MariaDB server host: localhost, user: root, password: not set, port: not set, socket: /mnt8t/src/bb-11.3-serg/mysql-test/var/tmp/mysqld.1.sock
|
[00] 2023-10-13 20:49:29 Failed to connect to MariaDB server: SSL connection error: SSL certificate is self-signed.
|
#
|
# Attempt 5: Socket, skip-ssl
|
[00] 2023-10-13 20:49:29 Connecting to MariaDB server host: localhost, user: root, password: not set, port: not set, socket: /mnt8t/src/bb-11.3-serg/mysql-test/var/tmp/mysqld.1.sock
|
[00] 2023-10-13 20:49:29 Failed to connect to MariaDB server: SSL connection error: SSL certificate is self-signed.
|
#
|
# Attempt 6: Socket, disable-ssl-verify-server-cert
|
# All good
|
Attachments
Issue Links
- is caused by
-
MDEV-31857 enable --ssl-verify-server-cert by default
-
- Closed
-