Daniel Black added a comment - 2024-10-02 04:53 Note Debian sid on OpenSSL 3.3.2 unaffects on this test case - https://buildbot.mariadb.org/#/builders/172/builds/19445/steps/5/logs/stdio 11.4-cbe13e9ec087489aa9268d6c879a87af7fa0cc77 test (about a month old) $ alias | grep bbw alias bbw='podman run --rm -ti -v "$PWD":/source:z --mount=type=tmpfs,tmpfs-size=10G,dst=/build --shm-size=10g --workdir /build --entrypoint /bin/bash --user buildbot --cap-add=SYS_PTRACE $ bbw --user root fedora:rawhide   [root@3e167764566b build]# dnf builddep mariadb   [root@3e167764566b build]# cmake /source/ -DPLUGIN_{ROCKSDB,MROONGA,OQGRAPH,CONNECT}=NO .. -- Found OpenSSL: /usr/lib64/libcrypto.so (found version "3.2.2") -- OPENSSL_INCLUDE_DIR = /usr/include -- OPENSSL_SSL_LIBRARY = /usr/lib64/libssl.so -- OPENSSL_CRYPTO_LIBRARY = /usr/lib64/libcrypto.so -- OPENSSL_VERSION = 3.2.2 -- SSL_LIBRARIES = /usr/lib64/libssl.so;/usr/lib64/libcrypto.so;dl .. [root@3e167764566b build]# cmake --build . --parallel 32 [root@3e167764566b build]# mysql-test/mtr main.ssl_autoverify Logging: /source/mysql-test/mariadb-test-run.pl main.ssl_autoverify VS config: vardir: /build/mysql-test/var Removing old var directory... Creating var directory '/build/mysql-test/var'... Checking supported features... Can't exec "patch": No such file or directory at /source/mysql-test/mariadb-test-run.pl line 1931. MariaDB Version 11.4.4-MariaDB - SSL connections supported - binaries built with wsrep patch Collecting tests... Installing system database...   ==============================================================================   TEST RESULT TIME (ms) or COMMENT --------------------------------------------------------------------------   worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 worker[01] mysql-test-run: WARNING: running this script as _root_ will cause some tests to be skipped main.ssl_autoverify 'auto,unix' [ fail ] Test ended at 2024-10-02 04:35:40   CURRENT_TEST: main.ssl_autoverify Can't locate autodie.pm in @INC (you may need to install the autodie module) (@INC entries checked: /usr/local/lib64/perl5/5.40 /usr/local/share/perl5/5.40 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at lib/ssl-mitm.pl line 7. BEGIN failed--compilation aborted at lib/ssl-mitm.pl line 7. mysqltest: At line 106: exec of 'perl lib/ssl-mitm.pl --listen-on 19001 --connect-to 19000 --ssl-ca std_data/cacert.pem --ssl-key std_data/server-new-key.pem --ssl-cert std_data/server-new-cert.pem' failed, error: 512, status: 2, errno: 0 Output from before failure: test.have_ssl() yes       The result from queries just before the failure was: < snip > # mysql --protocol tcp --host 127.0.0.1 -uroot --ssl-verify-server-cert -e "select test.have_ssl()" test.have_ssl() yes # mysql -unative -pfoo --ssl-verify-server-cert -e "select test.have_ssl()" test.have_ssl() yes # mysql -ued -pbar --ssl-verify-server-cert -e "select test.have_ssl()" test.have_ssl() yes # mysql -unohash -ponetwothree --disable-ssl-verify-server-cert -e "select test.have_ssl()" test.have_ssl() yes # mysql -unohash -ponetwothree --ssl-verify-server-cert -e "select test.have_ssl()" ERROR 2026 (HY000): TLS/SSL error: Failed to verify the server certificate # mysql -umulti -ppw1 --ssl-verify-server-cert -e "select test.have_ssl()" test.have_ssl() yes # mysql -umulti -ppw2 --ssl-verify-server-cert -e "select test.have_ssl()" test.have_ssl() yes   More results from queries before failure can be found in /build/mysql-test/var/log/ssl_autoverify.log   - saving '/build/mysql-test/var/log/main.ssl_autoverify-auto,unix/' to '/build/mysql-test/var/log/main.ssl_autoverify-auto,unix/'   Only 1 of 2 completed. -------------------------------------------------------------------------- The servers were restarted 0 times Spent 0.000 of 2 seconds executing testcases   Failure: Failed 1/1 tests, 0.00% were successful.   Failing test(s): main.ssl_autoverify   [root@3e167764566b build]# dnf install perl-autodie   .. [root@3e167764566b build]# mysql-test/mtr main.ssl_autoverify Logging: /source/mysql-test/mariadb-test-run.pl main.ssl_autoverify VS config: vardir: /build/mysql-test/var Checking leftover processes... Removing old var directory... Creating var directory '/build/mysql-test/var'... Checking supported features... Can't exec "patch": No such file or directory at /source/mysql-test/mariadb-test-run.pl line 1931. MariaDB Version 11.4.4-MariaDB - SSL connections supported - binaries built with wsrep patch Collecting tests... Installing system database...   ==============================================================================   TEST RESULT TIME (ms) or COMMENT --------------------------------------------------------------------------   worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 worker[01] mysql-test-run: WARNING: running this script as _root_ will cause some tests to be skipped main.ssl_autoverify 'auto,unix' [ pass ] 511 main.ssl_autoverify 'pem,unix' [ pass ] 497     [root@3e167764566b build]# cat /etc/os-release NAME="Fedora Linux" VERSION="42 (Container Image Prerelease)" ID=fedora VERSION_ID=42 VERSION_CODENAME="" PLATFORM_ID="platform:f42" PRETTY_NAME="Fedora Linux 42 (Container Image Prerelease)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:42" DEFAULT_HOSTNAME="fedora" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=rawhide REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=rawhide SUPPORT_END=2025-05-13 VARIANT="Container Image" VARIANT_ID=container So, working for me currently.

Daniel Black added a comment - 2024-10-02 05:58 tested 11.4-d8d80bd5039d1353ba5908137c4eefbd85b6f7f1 and passes all TLS tests.