MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Gleb Paharenko Date:October 17 2005 8:48pm
Subject:Re: SSL connection error
View as plain text  
Hello.

It is a bit confusing for me. Really, MySQL has all permissions for
reading those files. Do you have SELinux enabled? Sometimes it is
the source of the problems, you should have it properly configured.


Israel Fern$ndez Cabrera <iferca@stripped> wrote:
>List:	MySQL General Discussion	« Previous Message
>From:	Israel Fernández Cabrera 	Date:	October 17 2005 10:18pm
>Subject:	SSL connection error
>Get Plain Text  
>
>Hi all
>
>I'm back with a new subject may be the last one was not attractive :)
>I'm using mysql 4.1.11-2 in Fedora Core 4. I need to set up mysql
>connections over SLL I follow the mysql manual instructions, create
>certificates and keys for the CA, the client and the server and modify
>the /etc/my.cnf file with the ssl-ca, ssl-cert and ssl-key for the
>client and the mysqld sections of the my.cnf file.
>My problem is that mysqld log an error describing that it has no
>permission to read the certificate file, I've been with this for more
>than 3 days.
>I'm attaching ls output, my.cnf file, mysqld.log file and a fragment
>of the mysqld strace output with the open syscall returning error.
>
>Thanks in advance for your time and interest
>
>best regards
>
>--
>____________________
>Israel Fdez. Cabrera
>iferca@stripped
>
>#>ls / | grep etc
>drwxr-xr-x   83 root root   12288 Oct 15 16:50 etc
>
>#>ls /etc | grep pki
>drwxr-xr-x   7 root root    4096 Oct 14 17:51 pki
>
>#>ls /etc/pki
>total 104
>drwxr-xr-x  3 root root 4096 Oct 14 21:46 CA
>drwxr-xr-x  3 root root 4096 Oct  8 16:54 dovecot
>-rwxr-xr-x  1 root root 1088 Oct  8 16:54 gencert.sh
>-rwxr-xr-x  1 root root 1056 Oct  8 16:54 gencert.sh~
>-rw-r--r--  1 root root  236 Oct  8 16:54 index.txt
>-rw-r--r--  1 root root   21 Oct  8 16:54 index.txt.attr
>-rw-r--r--  1 root root   21 Oct  8 16:54 index.txt.attr.old
>-rw-r--r--  1 root root  118 Oct  8 16:54 index.txt.old
>drwxr-xr-x  2 root root 4096 Oct  8 16:54 newcerts
>drwxr-xr-x  2 root root 4096 Oct  8 16:54 rpm-gpg
>-rw-r--r--  1 root root    3 Oct  8 16:54 serial
>-rw-r--r--  1 root root    3 Oct  8 16:54 serial.old
>drwxr-xr-x  5 root root 4096 Oct 14 17:51 tls
>
>#>ls /etc/pki/tls
>total 40
>lrwxrwxrwx  1 root root   19 Oct  8 16:54 cert.pem -> certs/ca-bundle.crt
>drwxr-xr-x  2 root root 4096 Oct 15 14:18 certs
>drwxr-xr-x  2 root root 4096 Oct  8 16:54 misc
>-r--r--r--  1 root root 7998 Oct 14 17:59 openssl.cnf
>drwxr-xr-x  2 root root 4096 Oct  8 16:54 private
>
>#>ls /etc/pki/tls/certs
>total 492
>-rw-r--r--  1 root root  427833 Oct  8 16:54 ca-bundle.crt
>-rw-r--r--  1 root root    3617 Oct 14 21:46 client-cert.pem
>-rw-r--r--  1 root mysql    887 Oct  8 16:54 client-key.pem
>-rw-r--r--  1 root mysql    769 Oct  8 16:54 client-req.pem
>-rw-r--r--  1 root root     610 Oct  8 16:54 make-dummy-cert
>-rw-r--r--  1 root root    2240 Oct  8 16:54 Makefile
>-rw-r--r--  1 root root    3617 Oct 14 21:46 server-cert.pem
>-rw-r--r--  1 root root     887 Oct 14 21:46 server-key.pem
>-rw-r--r--  1 root mysql    769 Oct  8 16:54 server-req.pem
>
>
>open("/etc/pki/tls/certs/server-cert.pem", O_RDONLY) = -1 EACCES (Permission denied)
>write(2, "Error when connection to server "..., 42) = 42
>write(2, "1872:error:0200100D:system libra"..., 122) = 122
>write(2, "1872:error:20074002:BIO routines"..., 70) = 70
>write(2, "1872:error:140AD002:SSL routines"..., 88) = 88
>write(2, "Unable to get certificate from \'"..., 68) = 68
>open("/etc/pki/CA/cacert.pem", O_RDONLY) = -1 EACCES (Permission denied)
>open("/etc/pki/tls/cert.pem", O_RDONLY) = -1 EACCES (Permission denied)
>time([1129246383])                      = 1129246383
>open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission denied)
>open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission denied)
>open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file or
> directory)
>socket(PF_FILE, SOCK_STREAM, 0)         = 3
>connect(3, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT (No such
> file or
>directory)
>close(3)                                = 0
>socket(PF_FILE, SOCK_STREAM, 0)         = 3
>
>
>Thread
>
>    * SSL connection error - Israel Fernández Cabrera, October 17 2005
> 10:17pm
>
>
>© 1995-2004 MySQL AB. All rights reserved.
>
>    * MySQL.com Home
>    * Site Map
>    * Contact Us
>    * Privacy Policy
>    * Trademark Info
>
>
>


-- 
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.NET http://www.ensita.net/
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /    Gleb Paharenko
 / /|_/ / // /\ \/ /_/ / /__   Gleb.Paharenko@stripped
/_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.NET
       <___/   www.mysql.com



Thread
SSL connection errorIsrael Fern├índez Cabrera17 Oct
  • Re: SSL connection errorGleb Paharenko18 Oct
    • Re: SSL connection errorIsrael Fern├índez Cabrera18 Oct
      • Re: SSL connection errorGleb Paharenko18 Oct