List:Sydney MySQL Users Group« Previous MessageNext Message »
From:Naveen Rawat Date:April 23 2007 4:16pm
Subject:SSL error: Unable to get certificate from
View as plain text  
Hi there,

 

 

 

My system configuration is 

            Red Hat Enterprise Linux ES 4 update 4 (kernel release :
2.6.9-42.ELsmp)

 

I am working to have a basic http/s user authentication implementation being
provided by one MySQL supportive mod_myauth third party apache module. The
opensource configuration being used for obtaining this is as here.

            - Apache 2.0.59 (--enable-so)           : which loads my
authentication (mod_myauth) module

            - openssl 0.9.8d (shared compilation)   : For ssl encoded
transaction with database

            - MySQL 5.0.37                                     : SSL enabled
database

            - mod_myauth 1.4                                  : third party
authentication module

 

            [All these have been compiled out of the source provided.]

 

 

 

The mod_myauth module uses MySQL C APIs that does a sort of a handshake with
openssl libraries to provide ssl-encryption of the validation data/response
being sent/received to/from the database. This handshake is being performed
through a test-purpose generated set of keys, and certificate files for both
the module client and the MySQL database and also one for dummy Certificate
Authority. The user account used in the module is equipped with "Require
X509". 

 

The problem is that these keys and certificates are working well when they
are being used from a standalone database client application (not a module)
and also when provided while connecting with "mysql" client tool. But the
same set of key/certificates are not identified when used within the module
in mysql_ssl_set(). The module when used for unencrypted communication is
working fine.

 

 

 

 

The apache error log shows

 

SSL error: Unable to get certificate from
'/root/DIGI_DEPS/newcerts/client-cert.pem'

[Mon Apr 23 19:41:35 2007] [error] myauth: connection failed: SSL connection
error

[Mon Apr 23 19:41:35 2007] [error] [client 192.168.1.17] myauth: user
'authtest' not found: /

 

.

.

.

 

I had even tried to change the grant to "Require SSL", with needed
mysql_ssl_Set() api alterations, but get the error

 

[Mon Apr 23 20:52:35 2007] [error] myauth: connection failed: SSL connection
error

[Mon Apr 23 20:52:35 2007] [error] [client 192.168.1.17] myauth: user
'authtest' not found: /

 

 

 

 

 

I was confused about where to post my issue, but as it seems more like a one
related to database I am giving it here. 

 

Please help soon as I have to sort this out at the earlies.

 

 

Thanks in advance,

 

 

Naveen Rawat

 

 

 

 

 

 


Thread
SSL error: Unable to get certificate fromNaveen Rawat23 Apr