MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Israel Fernández Cabrera Date:October 17 2005 8:18pm
Subject:SSL connection error
View as plain text  
Hi all

I'm back with a new subject may be the last one was not attractive :)
I'm using mysql 4.1.11-2 in Fedora Core 4. I need to set up mysql
connections over SLL I follow the mysql manual instructions, create
certificates and keys for the CA, the client and the server and modify
the /etc/my.cnf file with the ssl-ca, ssl-cert and ssl-key for the
client and the mysqld sections of the my.cnf file.
My problem is that mysqld log an error describing that it has no
permission to read the certificate file, I've been with this for more
than 3 days.
I'm attaching ls output, my.cnf file, mysqld.log file and a fragment
of the mysqld strace output with the open syscall returning error.

Thanks in advance for your time and interest

best regards

--
____________________
Israel Fdez. Cabrera
iferca@stripped

#>ls / | grep etc
drwxr-xr-x   83 root root   12288 Oct 15 16:50 etc

#>ls /etc | grep pki
drwxr-xr-x   7 root root    4096 Oct 14 17:51 pki

#>ls /etc/pki
total 104
drwxr-xr-x  3 root root 4096 Oct 14 21:46 CA
drwxr-xr-x  3 root root 4096 Oct  8 16:54 dovecot
-rwxr-xr-x  1 root root 1088 Oct  8 16:54 gencert.sh
-rwxr-xr-x  1 root root 1056 Oct  8 16:54 gencert.sh~
-rw-r--r--  1 root root  236 Oct  8 16:54 index.txt
-rw-r--r--  1 root root   21 Oct  8 16:54 index.txt.attr
-rw-r--r--  1 root root   21 Oct  8 16:54 index.txt.attr.old
-rw-r--r--  1 root root  118 Oct  8 16:54 index.txt.old
drwxr-xr-x  2 root root 4096 Oct  8 16:54 newcerts
drwxr-xr-x  2 root root 4096 Oct  8 16:54 rpm-gpg
-rw-r--r--  1 root root    3 Oct  8 16:54 serial
-rw-r--r--  1 root root    3 Oct  8 16:54 serial.old
drwxr-xr-x  5 root root 4096 Oct 14 17:51 tls

#>ls /etc/pki/tls
total 40
lrwxrwxrwx  1 root root   19 Oct  8 16:54 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x  2 root root 4096 Oct 15 14:18 certs
drwxr-xr-x  2 root root 4096 Oct  8 16:54 misc
-r--r--r--  1 root root 7998 Oct 14 17:59 openssl.cnf
drwxr-xr-x  2 root root 4096 Oct  8 16:54 private

#>ls /etc/pki/tls/certs
total 492
-rw-r--r--  1 root root  427833 Oct  8 16:54 ca-bundle.crt
-rw-r--r--  1 root root    3617 Oct 14 21:46 client-cert.pem
-rw-r--r--  1 root mysql    887 Oct  8 16:54 client-key.pem
-rw-r--r--  1 root mysql    769 Oct  8 16:54 client-req.pem
-rw-r--r--  1 root root     610 Oct  8 16:54 make-dummy-cert
-rw-r--r--  1 root root    2240 Oct  8 16:54 Makefile
-rw-r--r--  1 root root    3617 Oct 14 21:46 server-cert.pem
-rw-r--r--  1 root root     887 Oct 14 21:46 server-key.pem
-rw-r--r--  1 root mysql    769 Oct  8 16:54 server-req.pem


open("/etc/pki/tls/certs/server-cert.pem", O_RDONLY) = -1 EACCES (Permission denied)
write(2, "Error when connection to server "..., 42) = 42
write(2, "1872:error:0200100D:system libra"..., 122) = 122
write(2, "1872:error:20074002:BIO routines"..., 70) = 70
write(2, "1872:error:140AD002:SSL routines"..., 88) = 88
write(2, "Unable to get certificate from \'"..., 68) = 68
open("/etc/pki/CA/cacert.pem", O_RDONLY) = -1 EACCES (Permission denied)
open("/etc/pki/tls/cert.pem", O_RDONLY) = -1 EACCES (Permission denied)
time([1129246383])                      = 1129246383
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission denied)
open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission denied)
open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file or directory)
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT (No such file or
directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3

Thread
SSL connection errorIsrael Fernández Cabrera17 Oct
  • Re: SSL connection errorGleb Paharenko18 Oct
    • Re: SSL connection errorIsrael Fernández Cabrera18 Oct
      • Re: SSL connection errorGleb Paharenko18 Oct