List:General Discussion« Previous MessageNext Message »
From:Julian C. Dunn Date:February 2 2006 8:53pm
Subject:SSL connection problems with Fedora Core 4
View as plain text  
I'm trying to set up SSL connectivity to a Fedora Core 4 server running
mysql-server-4.1.16-1.FC4.1 and not having much success. I keep getting

ERROR 2026 (HY000): SSL connection error

no matter what I do.

I followed the directions on
http://dev.mysql.com/doc/refman/4.1/en/secure-create-certs.html to the
letter, and I've cranked up all the logging possible on the server. I
don't see any error messages on the server at all, and SHOW STATUS
indicates that mysql is accepting SSL connections ('ssl_accepts'
increments).

In desperation I tried to strace(1) mysqld, but all I see is it handing
the connection to a cloned child thread... and I don't know how to trace
into the child (with '-f' it hangs mysqld presumably b/c the parent is
wait(2)-ing on the child):


select(5, [3 4], NULL, NULL, NULL)      = 1 (in [3])
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
accept(3, {sa_family=AF_INET, sin_port=htons(38973),
sin_addr=inet_addr("192.168.0.182")}, [16]) = 47
fcntl64(3, F_SETFL, O_RDWR)             = 0
getsockname(47, {sa_family=AF_INET, sin_port=htons(3306),
sin_addr=inet_addr("192.168.0.145")}, [16]) = 0
fcntl64(47, F_SETFL, O_RDONLY)          = 0
fcntl64(47, F_GETFL)                    = 0x2 (flags O_RDWR)
fcntl64(47, F_SETFL, O_RDWR|O_NONBLOCK) = 0
setsockopt(47, SOL_IP, IP_TOS, [8], 4)  = 0
setsockopt(47, SOL_TCP, TCP_NODELAY, [1], 4) = 0
time(NULL)                              = 1138854239
clone(child_stack=0xb3c244c4, flags=CLONE_VM|CLONE_FS|CLONE_FILES|
CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|
CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED,
parent_tidptr=0xb3c24bf8, {entry_number:6, base_addr:0xb3c24bb0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1},
child_tidptr=0xb3c24bf8) = 6918
select(5, [3 4], NULL, NULL, NULL 

Here's my relevant my.cnf snippets:

----8<----  cut here ----8<----
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
ssl
ssl-ca=/etc/mysql/cacert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
ssl-cipher=ALL
log
log-error
----8<----  cut here ----8<----

Can anyone help?

- Julian

-- 
Julian C. Dunn
Systems Administrator

e: julian.dunn@stripped
p: 416-363-6316 x292
f: 416-363-6102

Devlin eBusiness Architects
185 Frederick St.
Toronto, ON
M5A 4L4
http://www.devlin.ca/


Thread
SSL connection problems with Fedora Core 4Julian C. Dunn2 Feb