Hi,

After switching from Mysql to MariaDB ( Server version: 5.5.31-MariaDB-1squeeze-log ) we lost the ability to connect via SSL to the server.

We were using self signed certificates generated via the method described here and they worked well before the switch to MariaDB : http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

We get the following error messages when trying to connect on the same machine having bot the client and the server.

mysql -v -u user -p database --ssl-ca /etc/mysql/newcerts/ca-cert.pem --ssl-cert /etc/mysql/newcerts/client-cert.pem --ssl-key /etc/mysql/newcerts/client-key.pem Enter password: ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

Any hint is appreciated.

Thanks.

Answer

MariaDB uses OpenSSL and lets it verify certificates. MySQL either uses YaSSL or OpenSSL and is sloppy about error checking. That's why your certificates used to work with MySQL and stopped working when you upgraded.

The core of the issue, you've used exactly the same information both for the client and the server certificate (same country, organization, locality, etc). And OpenSSL doesn't like that. Recreating certificates with different description should solve this problem.

Just for the reference, here's how you can verify whether your certificates are valid:

openssl verify -CAfile /etc/mysql/newcerts/ca-cert.pem /etc/mysql/newcerts/server-cert.pem /etc/mysql/newcerts/client-cert.pem

Comments

Comments loading...