[MDEV-10246] ssl-* have no effect without mysql_ssl_set() Created: 2016-06-17 Updated: 2018-06-07 Resolved: 2018-06-06 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Scripts & Clients |
| Affects Version/s: | 10.1.14 |
| Fix Version/s: | 5.5.61, 10.0.36, 10.1.34 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Igor Pashev | Assignee: | Vladislav Vaintroub |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | upstream-fixed | ||
| Issue Links: |
|
||||||||||||||||||||
| Description |
|
Preamble. mysql cli was known for "ignoring" --ssl option on its own. If someone needed to enable SSL on client side they had to specify any other ssl option, e. g. --ssl-cipher=AES128-SHA. This was fixed in MariaDB, I guess by mysql_ssl_set() setting use_ssl = TRUE unconditionally. Thus we now can use mysql --ssl with MariaDB (and maybe with latest MySQL). Recently I discovered another difference in behavior of MariaDB's and MySQL's libmysqlclient: If I don't call mysql_ssl_set(), but have SSL options in the configuration file, SSL gets enabled with MySQL's, but does not with MariaDB's. It feels like use_ssl = TRUE should be executed in one more place. E. i. let's have this file:
And do
I'd expect SSL enabled if any SSL option is set. |
| Comments |
| Comment by Elena Stepanova [ 2016-06-17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
wlad, could you please take a look? I'm not exactly sure if it's supposed to work or not, but it does indeed work with MySQL 5.6+ (and with libmysqlclient18:amd64 5.5.49-0+deb8u1 provided by Debian), but does not work with vanilla MySQL 5.5 and with MariaDB. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Geoff Montee (Inactive) [ 2018-06-07 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I assume the 10.2 and 10.3 fix versions for this will be 10.2.16 and 10.3.8 based on the estimated release dates. Is that correct? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Vladislav Vaintroub [ 2018-06-07 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
you know how it works GeoffMontee. It is pushed into version X, whenever X,Y,or Z are released, the patch is merged up, so the next 5.5, 10.0,10.1 will have it. The "next" release is the one where last number component is incremented. And BTW, there is no fix for 10.2 and 10.3. If the problem exist there (which I did not bother tp check) it is not the server problem anymore, but C/Cs | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Geoff Montee (Inactive) [ 2018-06-07 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Yeah, I understand how the merge process works. Thanks! I just wanted to make sure I wasn't missing any important details specific to this case in case 10.2 and 10.3 were intentionally left out of "Fix Versions". It sounds like 10.2 and 10.3 were left out because of the the switch to Connector/C in 10.2 and above. From my understanding though, libmysqlclient.so was not entirely replaced with C/C in 10.2. You can see that some of the child tasks of MDEV-9055 are still open. I think it is true that client tools like "mysql" and "mysqldump" use C/C now, but it looks like libmysqlclient.so is still built with 10.2 and many tools not built by us (such as perl's DBD::MySQL) still link to that. For example, it looks like libmysqlclient.so is included in 10.2's MariaDB-compat package on RHEL 7:
This is still the old libmysqlclient.so, not Connector/C, right? It looks like the perl DBD::MySQL package on RHEL 7 still depends on this libmysqlclient.so, rather than the libmariadb.so from MariaDB-shared:
It does look like sql-common/client.c from 10.2 has the problematic change: If I understood the circumstances correctly, then it seems like this fix for libmysqlclient.so is not completely irrelevant for 10.2 and 10.3. I'll go ahead and assume that the fix for this issue and | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Vladislav Vaintroub [ 2018-06-07 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
there are 3 clients in 10.2+ 1)libmariadbclient, used by all command line clients, and APIs Only 1) is very much visible, and others are obscure more or less. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Geoff Montee (Inactive) [ 2018-06-07 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
So libmysqlclient.so from the MariaDB 10.2 packages actually refers to libmariadbclient (i.e. MariaDB Connector/C). Thanks, wlad. |