Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
11.4.4
-
Linux/GoogleCloud/Alpine/Ubuntu
Description
I have noticed that my new machines using
mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1
|
fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server
mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1
|
was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` or an `ubuntu:latest` and `ubuntu:latest` with mariadb repositories
Google configures the host of the database as `localhost`
my.cnf (paths are generated dynamically and not relative)
[client]
|
password=xxx
|
ssl-ca=/tmp/tmp.bllnig
|
ssl-cert=/tmp/tmp.mCJAkg
|
ssl-key=/tmp/tmp.Pdepkg
|
SSL on server
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| Variable_name | Value |
|
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| force_ssl_for_tcp | ANY |
|
| have_openssl | YES |
|
| have_ssl | YES |
|
| ssl_ca | /mysql/datadir/client_ca_cert.pem |
|
| ssl_capath | |
|
| ssl_cert | /mysql/datadir/server_cert.pem |
|
| ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA |
|
| ssl_crl | |
|
| ssl_crlpath | |
|
| ssl_fips_mode | ON |
|
| ssl_key | /mysql/datadir/server_pkey.pem |
|
|
|
|
Client sertificate
Certificate:
|
Data:
|
Version: 3 (0x2)
|
Serial Number:xxx (0xxxx)
|
Signature Algorithm: sha256WithRSAEncryption
|
Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US
|
Validity
|
Not Before: Oct 1 08:26:05 2024 GMT
|
Not After : Sep 29 08:27:05 2034 GMT
|
Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US
|
Subject Public Key Info:
|
Public Key Algorithm: rsaEncryption
|
Public-Key: (2048 bit)
|
Modulus:
|
xxx
|
|
|
Exponent: 65537 (0x10001)
|
X509v3 extensions:
|
X509v3 Basic Constraints:
|
CA:FALSE
|
X509v3 Subject Alternative Name:
|
email:email-of-user-logged-in-to-gcp@domain.com
|
Signature Algorithm: sha256WithRSAEncryption
|
Signature Value:
|
xxx
|
SSL
/tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts
|
Connecting to XXX.XXX.XXX.XXX
|
CONNECTED(00000003)
|
284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80:
|
---
|
no peer certificate available
|
---
|
No client certificate CA names sent
|
---
|
SSL handshake has read 5 bytes and written 299 bytes
|
Verification: OK
|
---
|
New, (NONE), Cipher is (NONE)
|
This TLS version forbids renegotiation.
|
No ALPN negotiated
|
Early data was not sent
|
Verify return code: 0 (ok)
|
---
|
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
I have noticed that my new machines using
{code}mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1{code} fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server {code}mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1` works fine{code} Google configures the host of the database as `localhost` my.cnf (paths are generated dynamically and not relative) {code} [client] password=xxx ssl-ca=/tmp/tmp.bllnig ssl-cert=/tmp/tmp.mCJAkg ssl-key=/tmp/tmp.Pdepkg {code} SSL on server {code} +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | force_ssl_for_tcp | ANY | | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/datadir/client_ca_cert.pem | | ssl_capath | | | ssl_cert | /mysql/datadir/server_cert.pem | | ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | ON | | ssl_key | /mysql/datadir/server_pkey.pem | {code} Client sertificate {code} Certificate: Data: Version: 3 (0x2) Serial Number:xxx (0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US Validity Not Before: Oct 1 08:26:05 2024 GMT Not After : Sep 29 08:27:05 2034 GMT Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: xxx Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:email-of-user-logged-in-to-gcp@domain.com Signature Algorithm: sha256WithRSAEncryption Signature Value: xxx {code} SSL {code} /tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts Connecting to XXX.XXX.XXX.XXX CONNECTED(00000003) 284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 299 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- {code} |
I have noticed that my new machines using
{code}mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1{code} fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server {code}mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1{code} was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` Google configures the host of the database as `localhost` my.cnf (paths are generated dynamically and not relative) {code} [client] password=xxx ssl-ca=/tmp/tmp.bllnig ssl-cert=/tmp/tmp.mCJAkg ssl-key=/tmp/tmp.Pdepkg {code} SSL on server {code} +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | force_ssl_for_tcp | ANY | | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/datadir/client_ca_cert.pem | | ssl_capath | | | ssl_cert | /mysql/datadir/server_cert.pem | | ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | ON | | ssl_key | /mysql/datadir/server_pkey.pem | {code} Client sertificate {code} Certificate: Data: Version: 3 (0x2) Serial Number:xxx (0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US Validity Not Before: Oct 1 08:26:05 2024 GMT Not After : Sep 29 08:27:05 2034 GMT Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: xxx Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:email-of-user-logged-in-to-gcp@domain.com Signature Algorithm: sha256WithRSAEncryption Signature Value: xxx {code} SSL {code} /tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts Connecting to XXX.XXX.XXX.XXX CONNECTED(00000003) 284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 299 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- {code} |
| Description |
I have noticed that my new machines using
{code}mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1{code} fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server {code}mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1{code} was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` Google configures the host of the database as `localhost` my.cnf (paths are generated dynamically and not relative) {code} [client] password=xxx ssl-ca=/tmp/tmp.bllnig ssl-cert=/tmp/tmp.mCJAkg ssl-key=/tmp/tmp.Pdepkg {code} SSL on server {code} +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | force_ssl_for_tcp | ANY | | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/datadir/client_ca_cert.pem | | ssl_capath | | | ssl_cert | /mysql/datadir/server_cert.pem | | ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | ON | | ssl_key | /mysql/datadir/server_pkey.pem | {code} Client sertificate {code} Certificate: Data: Version: 3 (0x2) Serial Number:xxx (0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US Validity Not Before: Oct 1 08:26:05 2024 GMT Not After : Sep 29 08:27:05 2034 GMT Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: xxx Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:email-of-user-logged-in-to-gcp@domain.com Signature Algorithm: sha256WithRSAEncryption Signature Value: xxx {code} SSL {code} /tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts Connecting to XXX.XXX.XXX.XXX CONNECTED(00000003) 284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 299 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- {code} |
I have noticed that my new machines using
{code}mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1{code} fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server {code}mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1{code} was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` or an `ubuntu:latest` and an `ubuntu:latest` with[ mariadb repositories|https://mariadb.com/kb/en/mariadb-package-repository-setup-and-usage/] Google configures the host of the database as `localhost` my.cnf (paths are generated dynamically and not relative) {code} [client] password=xxx ssl-ca=/tmp/tmp.bllnig ssl-cert=/tmp/tmp.mCJAkg ssl-key=/tmp/tmp.Pdepkg {code} SSL on server {code} +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | force_ssl_for_tcp | ANY | | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/datadir/client_ca_cert.pem | | ssl_capath | | | ssl_cert | /mysql/datadir/server_cert.pem | | ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | ON | | ssl_key | /mysql/datadir/server_pkey.pem | {code} Client sertificate {code} Certificate: Data: Version: 3 (0x2) Serial Number:xxx (0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US Validity Not Before: Oct 1 08:26:05 2024 GMT Not After : Sep 29 08:27:05 2034 GMT Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: xxx Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:email-of-user-logged-in-to-gcp@domain.com Signature Algorithm: sha256WithRSAEncryption Signature Value: xxx {code} SSL {code} /tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts Connecting to XXX.XXX.XXX.XXX CONNECTED(00000003) 284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 299 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- {code} |
| Description |
I have noticed that my new machines using
{code}mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1{code} fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server {code}mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1{code} was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` or an `ubuntu:latest` and an `ubuntu:latest` with[ mariadb repositories|https://mariadb.com/kb/en/mariadb-package-repository-setup-and-usage/] Google configures the host of the database as `localhost` my.cnf (paths are generated dynamically and not relative) {code} [client] password=xxx ssl-ca=/tmp/tmp.bllnig ssl-cert=/tmp/tmp.mCJAkg ssl-key=/tmp/tmp.Pdepkg {code} SSL on server {code} +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | force_ssl_for_tcp | ANY | | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/datadir/client_ca_cert.pem | | ssl_capath | | | ssl_cert | /mysql/datadir/server_cert.pem | | ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | ON | | ssl_key | /mysql/datadir/server_pkey.pem | {code} Client sertificate {code} Certificate: Data: Version: 3 (0x2) Serial Number:xxx (0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US Validity Not Before: Oct 1 08:26:05 2024 GMT Not After : Sep 29 08:27:05 2034 GMT Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: xxx Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:email-of-user-logged-in-to-gcp@domain.com Signature Algorithm: sha256WithRSAEncryption Signature Value: xxx {code} SSL {code} /tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts Connecting to XXX.XXX.XXX.XXX CONNECTED(00000003) 284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 299 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- {code} |
I have noticed that my new machines using
{code}mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1{code} fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server {code}mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1{code} was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` or an `ubuntu:latest` and `ubuntu:latest` with [mariadb repositories|https://mariadb.com/kb/en/mariadb-package-repository-setup-and-usage/] Google configures the host of the database as `localhost` my.cnf (paths are generated dynamically and not relative) {code} [client] password=xxx ssl-ca=/tmp/tmp.bllnig ssl-cert=/tmp/tmp.mCJAkg ssl-key=/tmp/tmp.Pdepkg {code} SSL on server {code} +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | force_ssl_for_tcp | ANY | | have_openssl | YES | | have_ssl | YES | | ssl_ca | /mysql/datadir/client_ca_cert.pem | | ssl_capath | | | ssl_cert | /mysql/datadir/server_cert.pem | | ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA | | ssl_crl | | | ssl_crlpath | | | ssl_fips_mode | ON | | ssl_key | /mysql/datadir/server_pkey.pem | {code} Client sertificate {code} Certificate: Data: Version: 3 (0x2) Serial Number:xxx (0xxxx) Signature Algorithm: sha256WithRSAEncryption Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US Validity Not Before: Oct 1 08:26:05 2024 GMT Not After : Sep 29 08:27:05 2034 GMT Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: xxx Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: email:email-of-user-logged-in-to-gcp@domain.com Signature Algorithm: sha256WithRSAEncryption Signature Value: xxx {code} SSL {code} /tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts Connecting to XXX.XXX.XXX.XXX CONNECTED(00000003) 284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 299 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- {code} |
| Fix Version/s | N/A [ 14700 ] | |
| Resolution | Not a Bug [ 6 ] | |
| Status | Open [ 1 ] | Closed [ 6 ] |