[CONC-95] Not able to connect to mySql server from mariadb client with SSL user Created: 2014-05-08  Updated: 2014-06-23  Resolved: 2014-06-23

Status: Closed
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Mangala Assignee: Georg Richter
Resolution: Fixed Votes: 1
Labels: None


 Description   

We are trying to connect to mySql server with mariadb client library

  • Run both mysql server and mariadb client in linux boxes.
  • mysql Ver 14.14 Distrib 5.1.73.
  • using MariaDB Client Library for C 2.0 Series.
  • tried same certificate in both client and server
  • tried different certificates in both client and server
  • tried both dynamic and static library in mariadb client downloads
  • We also downloaded the source code for mariadb client and compiled our own library and tried that.

None of the above worked for client connection.

We are able to connect through mysql command line with ssl certificate.

Just on the sidenote I was able to do ssl connect to the mysql server with mysqlclient library for c. But not with mariadb client library.

 Comments   
Comment by Georg Richter [ 2014-05-08 ]

Can you please provide some more detailed information:

  • e.g. short sample code, containing mysql_ssl_set and mysql_real_connect parameters
  • error messages

Thanks!

Comment by Mangala [ 2014-05-08 ]

This is the connection function

In this case we had different certificates for server and client. 

bool MySqlClient::connect(const std::string& server, const std::string& user, const std::string& password, const std::string& database, std::string& err_string)
 
{		
	connectionCtx = mysql_init(NULL); 
	mysql_ssl_set(connectionCtx, "/u/mpatil/rutgers-v9-certs/client-key.pem", "/u/mpatil/rutgers-v9-certs/client-cert.pem", "/u/mpatil/rutgers-v9-certs/ca-cert.pem", NULL, NULL);
 
	if (NULL == mysql_real_connect(connectionCtx, server.c_str(), user.c_str(), password.c_str(), database.c_str(), 0, NULL, 0)) 
	{ 
		err_string= std::string("Failed to execute sql: Error: ");
 
		err_string.append(std::string(mysql_error(connectionCtx)));
 
		printf("Error Connecting to database: %s", err_string.c_str());
 
		return false;
 
	} 
	else
 
	{
 
		
		printf("Connected to database Successfully\n");
 
	}
 
	return true;
 
}

Mysql command line connect is successful.

	
mysql -udscwriterinst --password="9c6871e8-e890-4fec-817e-bc5c11119dff" --ssl-cert=/u/mpatil/rutgers-v9-certs/client-cert.pem --ssl-ca=/u/mpatil/rutgers-v9-certs/ca-cert.pem --ssl-key=/u/mpatil/rutgers-v9-certs/client-key.pem dscmondb -h rutgers-v9

In case of only one certificate the following is the connect function. This is also failing.

bool MySqlClient::connect(const std::string& server, const std::string& user, const std::string& password, const std::string& database, std::string& err_string)
 
{		
	connectionCtx = mysql_init(NULL); 
	mysql_ssl_set(connectionCtx, NULL, "/opt/adc/adc/bin/dscweb.pem", NULL, NULL, NULL); //version 2.0.0
 
	if (NULL == mysql_real_connect(connectionCtx, server.c_str(), user.c_str(), password.c_str(), database.c_str(), 0, NULL, 0)) 
	{ 
		err_string= std::string("Failed to execute sql: Error: ");
 
		err_string.append(std::string(mysql_error(connectionCtx)));
 
		printf("Error Connecting to database: %s", err_string.c_str());
 
		return false;
 
	} 
	else
 
	{
 
		
		printf("Connected to database Successfully\n");
 
	}
 
	return true;
 
}

In both scenario we are getting the following error.

Error Connecting to database: Failed to execute sql: Error: Access denied for user 'dscwriterinst'@'memphis.ulticom.com' (using password: YES)Could not connect to database: dscmondb

Comment by Georg Richter [ 2014-05-09 ]

Can you please try latest version from bzr tree?
Checkout sources with

bzr branch lp:mariadb-native-client

Comment by Mangala [ 2014-05-09 ]

I created new login in code.LaunchPad.netI get this error while downloading the Mariadb client.

In
https://code.launchpad.net/mariadb-native-client/+new-import

I entered the following in Bazaar

bzr branch lp:mariadb-native-client

Get this error.
"bzr branch lp:mariadb-native-client" is not a valid URI

Comment by Georg Richter [ 2014-05-09 ]

You need to install bzr (bazaar) and excute it from your shell prompt.

Comment by Mangala [ 2014-05-09 ]

Still get the same error. Passing all three certificates(using /opt/newcerts/client-key.pem /opt/newcerts/client-cert.pem /opt/newcerts/ca-cert.pem)

Error Connecting to database: Failed to execute sql: Error: Access denied for user 'dscwriterinst'@'rutgers-v9' (using password: YES)Could not connect to database: dscmondb

Comment by Mangala [ 2014-05-09 ]

And also using libmariadbclient.a library that is built with your source code.

Comment by Mangala [ 2014-05-13 ]

Any update on this issue??

Comment by Georg Richter [ 2014-05-13 ]

Can you please post the output of 

shell> ldd libmariadb.so

Comment by Mangala [ 2014-05-13 ]

$ ldd libmariadb.so
linux-vdso.so.1 => (0x00007fff6fbfc000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b37dc7a9000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002b37dc9c5000)
libc.so.6 => /lib64/libc.so.6 (0x00002b37dcbc9000)
libssl.so.6 => /lib64/libssl.so.6 (0x00002b37dcf21000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002b37dd170000)
libm.so.6 => /lib64/libm.so.6 (0x00002b37dd4c1000)
/lib64/ld-linux-x86-64.so.2 (0x0000003306000000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002b37dd744000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002b37dd973000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b37ddc08000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002b37dde0a000)
libz.so.1 => /usr/lib64/libz.so.1 (0x00002b37de030000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002b37de244000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b37de44c000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b37de64f000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b37de864000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002b37dea7d000)

Comment by Mangala [ 2014-05-19 ]

ssl client login worked with mariadb client library when mysql server database was set with SSL GRANTS.

With X509 GRANTS set in mysql server database, we still have ssl connection issue.

Comment by denis [ 2014-06-09 ]

I have the same problem under windows. There are any news on this issue?

Comment by Mangala [ 2014-06-09 ]

The SSL client connection with mariadb client library still didn’t work when we used X509 certificate. When we used SSL certificate we were able to connect with mariadb client library. But this is under Linux.

Comment by Georg Richter [ 2014-06-23 ]

Fixed in rev. 145

Generated at Thu Feb 08 03:02:51 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.