[CONC-340] ssl-* options in config have no effect without calling mysql_ssl_set() Created: 2018-06-07  Updated: 2020-08-25  Resolved: 2018-07-11

Status: Closed
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: None
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Georg Richter
Resolution: Not a Bug Votes: 1
Labels: None

Attachments: File test.c    
Issue Links:
Relates
relates to MDEV-10246 ssl-* have no effect without mysql_ss... Closed
relates to MDEV-16396 Perl's DBD::MySQL does not read SSL s... Closed

 Description   

This is the corresponding MariaDB Connector/C bug for the following MDEV issues:

MDEV-10246
MDEV-16396

Basically, if the application doesn't call mysql_ssl_set(), but there are SSL options defined for the client in the configuration file, SSL still gets enabled when using MySQL's connector, but it does not when using MariaDB Connector/C. The steps on MDEV-16396 can reproduce this problem with MariaDB 10.2.15 using Perl's DBD::MySQL and innotop.

 Comments   
Comment by Georg Richter [ 2018-06-08 ]

Geoff,

can you please provide the version number of Connector/C?
We fixed several configuration file bugs in the past, so likely dbd-mysql is linked against an older version of Connector/C.

The bug is not reproducable with latest C/C 3.0.5.

Comment by Geoff Montee (Inactive) [ 2018-06-08 ]

I didn't explicitly install any MariaDB Connector/C package when I reproduced this. I reproduced the issue with the libmysqlclient.so from the MariaDB-compat 10.2.15 package on RHEL 7. Wlad said that libmysqlclient.so in MariaDB 10.2 is actually MariaDB Connector/C. I'm not sure what version of C/C is included in that version of the server though.

Comment by Geoff Montee (Inactive) [ 2018-06-08 ]

Since it isn't entirely obvious from the documentation or release notes which version of Connector/C is bundled with MariaDB Server 10.2.15, I submitted MDEV-16449 to request that kind of information in the future.

Comment by Georg Richter [ 2018-06-09 ]

Can't reproduce issue with attached test case:

Output:

georg@mozart:~/work/test$ ./test
 
Cipher in use: ECDHE-RSA-AES256-GCM-SHA384

Comment by Geoff Montee (Inactive) [ 2018-06-11 ]

I modified your test program to work in my test environment:

[ec2-user@ip-172-30-0-136 ~]$ cat test.c
 
#include <mysql.h>
 
#include <stdio.h>
 
#include <stdlib.h>
 
#include <errno.h>
 
 
 
 
 
int main(void)
 
{
 
  FILE *fp;
 
  MYSQL *mysql= mysql_init(NULL);
 
  mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, NULL);
 
 
 
  fp= fopen("/home/ec2-user/.my.cnf", "w");
 
 
 
  if (!fp)
 
  {
 
    printf("cannot create configuration file\n");
 
    return(-1);
 
  }
 
 
 
  fprintf(fp, "[client]\nssl-ca=/home/ec2-user/ca.pem\nssl-cert=/home/ec2-user/server-cert.pem\nssl-key=/home/ec2-user/server-key.pem");
 
  fclose(fp);
 
 
 
  if (!mysql_real_connect(mysql, "172.30.0.249", "maxscale", "password", NULL, 0, NULL, 0))
 
  {
 
    printf("Error: %s\n", mysql_error(mysql));
 
    mysql_close(mysql);
 
    return(-1);
 
  }
 
  printf("Cipher in use: %s\n", mysql_get_ssl_cipher(mysql));
 
  mysql_close(mysql);
 
  return 0;
 
}

And it also works properly:

[ec2-user@ip-172-30-0-136 ~]$ gcc $(mysql_config --include)  $(mysql_config --libs) ./test.c
 
[ec2-user@ip-172-30-0-136 ~]$ ./a.out
 
Cipher in use: DHE-RSA-AES256-GCM-SHA384
 
[ec2-user@ip-172-30-0-136 ~]$ rpm -qa | grep -i maria
 
mariadb-5.5.56-2.el7.x86_64
 
MariaDB-devel-10.2.15-1.el7.centos.x86_64
 
MariaDB-compat-10.2.15-1.el7.centos.x86_64
 
MariaDB-shared-10.2.15-1.el7.centos.x86_64
 
MariaDB-common-10.2.15-1.el7.centos.x86_64

But the resulting binary is linked to /lib64/libmariadb.so.3:

[ec2-user@ip-172-30-0-136 ~]$ ldd ./a.out
 
        linux-vdso.so.1 =>  (0x00007ffd0caeb000)
 
        libmariadb.so.3 => /lib64/libmariadb.so.3 (0x00007f29ef78e000)
 
        libz.so.1 => /lib64/libz.so.1 (0x00007f29ef578000)
 
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f29ef374000)
 
        libm.so.6 => /lib64/libm.so.6 (0x00007f29ef072000)
 
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f29eee56000)
 
        libssl.so.10 => /lib64/libssl.so.10 (0x00007f29eebe5000)
 
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f29ee784000)
 
        libc.so.6 => /lib64/libc.so.6 (0x00007f29ee3b7000)
 
        /lib64/ld-linux-x86-64.so.2 (0x00007f29ef9e7000)
 
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f29ee16a000)
 
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f29ede82000)
 
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f29edc7e000)
 
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f29eda4b000)
 
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f29ed83d000)
 
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f29ed639000)
 
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f29ed420000)
 
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f29ed1f9000)
 
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f29ecf97000)

While perl-DBD-MySQL requires libmysqlclient.so.18:

[ec2-user@ip-172-30-0-136 ~]$ rpm -qR perl-DBD-MySQL
 
libc.so.6()(64bit)
 
libc.so.6(GLIBC_2.2.5)(64bit)
 
libc.so.6(GLIBC_2.3)(64bit)
 
libc.so.6(GLIBC_2.3.4)(64bit)
 
libc.so.6(GLIBC_2.4)(64bit)
 
libcrypto.so.10()(64bit)
 
libdl.so.2()(64bit)
 
libm.so.6()(64bit)
 
libmysqlclient.so.18()(64bit)
 
libmysqlclient.so.18(libmysqlclient_18)(64bit)
 
libpthread.so.0()(64bit)
 
libpthread.so.0(GLIBC_2.2.5)(64bit)
 
libssl.so.10()(64bit)
 
libz.so.1()(64bit)
 
perl >= 0:5.005
 
perl(:MODULE_COMPAT_5.16.3)
 
perl(Carp)
 
perl(DBD::mysql)
 
perl(DBI)
 
perl(DBI::Const::GetInfoType)
 
perl(DynaLoader)
 
perl(strict)
 
perl(vars)
 
rpmlib(CompressedFileNames) <= 3.0.4-1
 
rpmlib(FileDigests) <= 4.6.0-1
 
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
 
rtld(GNU_HASH)
 
rpmlib(PayloadIsXz) <= 5.2-1
 
[ec2-user@ip-172-30-0-136 ~]$ rpm -ql perl-DBD-MySQL | grep ".so"
 
/usr/lib64/perl5/vendor_perl/auto/DBD/mysql/mysql.so
 
[ec2-user@ip-172-30-0-136 ~]$ ldd /usr/lib64/perl5/vendor_perl/auto/DBD/mysql/mysql.so
 
        linux-vdso.so.1 =>  (0x00007ffc00768000)
 
        libmysqlclient.so.18 => /lib64/libmysqlclient.so.18 (0x00007ff5646f6000)
 
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ff5644da000)
 
        libz.so.1 => /lib64/libz.so.1 (0x00007ff5642c4000)
 
        libm.so.6 => /lib64/libm.so.6 (0x00007ff563fc2000)
 
        libssl.so.10 => /lib64/libssl.so.10 (0x00007ff563d51000)
 
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007ff5638f0000)
 
        libdl.so.2 => /lib64/libdl.so.2 (0x00007ff5636ec000)
 
        libc.so.6 => /lib64/libc.so.6 (0x00007ff56331f000)
 
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007ff563018000)
 
        /lib64/ld-linux-x86-64.so.2 (0x00007ff564eb6000)
 
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007ff562dcb000)
 
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007ff562ae3000)
 
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007ff5628df000)
 
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007ff5626ac000)
 
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007ff562496000)
 
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007ff562288000)
 
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007ff562084000)
 
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007ff561e6b000)
 
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007ff561c44000)
 
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007ff5619e2000)
 
[ec2-user@ip-172-30-0-136 ~]$ rpm -qf /lib64/libmysqlclient.so.18
 
MariaDB-compat-10.2.15-1.el7.centos.x86_64

Would libmariadb.so.3 behave differently than libmysqlclient.so.18 in this context?

Comment by Geoff Montee (Inactive) [ 2018-06-26 ]

georg,

Do you have any feedback on my question above?

Would libmariadb.so.3 behave differently than libmysqlclient.so.18 in this context?

Is libmysqlclient.so.18 from the 10.2 MariaDB-compat package actually using MariaDB Connector/C, just like libmariadb.so.3 from 10.2, or is that libmysqlclient.so.18 still some version of libmysqlclient?

Thanks!

Comment by Julien Fritsch [ 2018-07-03 ]

georg ?

Comment by Georg Richter [ 2018-07-04 ]

MariaDB Connector/C doesn't provide a libmysql.so.18.

List of shared objects (without plugins) after build with cmake option -DWITH_MYSQL_COMPAT=ON:

-rw-rw-r-- 1 georg georg 2073834 Jul  4 08:01 libmariadbclient.a
 
lrwxrwxrwx 1 georg georg      15 Jul  4 08:01 libmariadb.so -> libmariadb.so.3
 
lrwxrwxrwx 1 georg georg      18 Jul  4 08:01 libmysqlclient.a -> libmariadbclient.a
 
lrwxrwxrwx 1 georg georg      18 Jul  4 08:01 libmysqlclient_r.a -> libmariadbclient.a
 
lrwxrwxrwx 1 georg georg      15 Jul  4 08:01 libmysqlclient_r.so -> libmariadb.so.3
 
lrwxrwxrwx 1 georg georg      15 Jul  4 08:01 libmysqlclient.so -> libmariadb.so.3

Comment by Geoff Montee (Inactive) [ 2018-07-11 ]

According to the comments on MDEV-16396, libmysqlclient.so.18 from 10.2's MariaDB-compat on RHEL 7 is just MariaDB 10.1's libmysqlclient, so this issue is not related to MariaDB Connector/C. I'm closing this one as "Not a Bug."

Generated at Thu Feb 08 03:04:36 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.