Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
11.4.4
-
Linux/GoogleCloud/Alpine/Ubuntu
Description
I have noticed that my new machines using
mariadb from 11.4.4-MariaDB, client 15.2 for Linux (aarch64) using readline 5.1
|
fail while trying to connect to a Google Cloud MySQL 8.0 SSL enabled server
mariadb Ver 15.1 Distrib 10.11.10-MariaDB, for Linux (aarch64) using readline 5.1
|
was working fine. This can be easily tested with `alpine:latest` and the previous `alpine:3.20.3` or an `ubuntu:latest` and `ubuntu:latest` with mariadb repositories
Google configures the host of the database as `localhost`
my.cnf (paths are generated dynamically and not relative)
[client]
|
password=xxx
|
ssl-ca=/tmp/tmp.bllnig
|
ssl-cert=/tmp/tmp.mCJAkg
|
ssl-key=/tmp/tmp.Pdepkg
|
SSL on server
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| Variable_name | Value |
|
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| force_ssl_for_tcp | ANY |
|
| have_openssl | YES |
|
| have_ssl | YES |
|
| ssl_ca | /mysql/datadir/client_ca_cert.pem |
|
| ssl_capath | |
|
| ssl_cert | /mysql/datadir/server_cert.pem |
|
| ssl_cipher | ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA:AES256-SHA |
|
| ssl_crl | |
|
| ssl_crlpath | |
|
| ssl_fips_mode | ON |
|
| ssl_key | /mysql/datadir/server_pkey.pem |
|
|
|
|
Client sertificate
Certificate:
|
Data:
|
Version: 3 (0x2)
|
Serial Number:xxx (0xxxx)
|
Signature Algorithm: sha256WithRSAEncryption
|
Issuer: dnQualifier=xxx CN=Google Cloud SQL Client CA staging, O=Google, Inc, C=US
|
Validity
|
Not Before: Oct 1 08:26:05 2024 GMT
|
Not After : Sep 29 08:27:05 2034 GMT
|
Subject: CN=NAME_OF_CERT, O=Google, Inc, C=US
|
Subject Public Key Info:
|
Public Key Algorithm: rsaEncryption
|
Public-Key: (2048 bit)
|
Modulus:
|
xxx
|
|
|
Exponent: 65537 (0x10001)
|
X509v3 extensions:
|
X509v3 Basic Constraints:
|
CA:FALSE
|
X509v3 Subject Alternative Name:
|
email:email-of-user-logged-in-to-gcp@domain.com
|
Signature Algorithm: sha256WithRSAEncryption
|
Signature Value:
|
xxx
|
SSL
/tmp # openssl s_client -connect XXX.XXX.XXX.XXX:3306 -showcerts
|
Connecting to XXX.XXX.XXX.XXX
|
CONNECTED(00000003)
|
284B18EC717B0000:error:0A00010B:SSL routines:tls_validate_record_header:wrong version number:ssl/record/methods/tlsany_meth.c:80:
|
---
|
no peer certificate available
|
---
|
No client certificate CA names sent
|
---
|
SSL handshake has read 5 bytes and written 299 bytes
|
Verification: OK
|
---
|
New, (NONE), Cipher is (NONE)
|
This TLS version forbids renegotiation.
|
No ALPN negotiated
|
Early data was not sent
|
Verify return code: 0 (ok)
|
---
|
Attachments
Activity
| Transition | Time In Source Status | Execution Times |
|---|
|
8h 39m | 1 |
