Comments - SSL with other Clients than the original MariaDB-client?
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
Could you please specify the exact versions of MySQL client, Connector/J, MySQL server and MariaDB server that you used for your test, and also the OS and SSL?
I tried a few combinations of client/server and got essentially different results.
I could connect with 5.1.60 MySQL client to MariaDB 5.2.10 without a problem, as long as both were pointing at the right certificate/keys. I did, however, see "ERROR 2026 (HY000): SSL connection error" when I tried to use a wrong certificate; please double-check your configuration files for MySQL and MariaDB, maybe the client and server sections point at different ssl-*.
With connector/J 5.1.18, I got the same "Unsupported record version Unknown-0.0" connecting to MySQL 5.1.60 and MariaDB 5.2.10; MySQL 5.5.20 worked fine.
I have used for the test the following versions:
I have used the same SSL-certificates (CA,Server) for MySQL-Server, MariaDB-Server in this scenario and for all clients. So it is strange, that Mysql-Server can correctly communicate with this SSL-certificates.
I think in this case, the certificates are not the problem. "Unsupported record version" is imho (between the states ClientHello and ServerHello of the SSL-handshake) prior the exchange of certificates.
Server-perspective:
MySQL-Server <--> (Connector/J, MySQL-Client, Drizzle)
vs. (the same certificate-config)
It only works in this scenario between: MariaDB-Server <---> MariaDB-Client
I was able to reproduce the problem with Connector/J and filed a bug report https://bugs.launchpad.net/maria/+bug/930145 about it.
The part with MySQL client might be a different issue. I still can connect fine using MySQL client to MariaDB server, as long as both use the same SSL implementation (openssl or yassl). If you are using MySQL client and MariaDB server from Ubuntu deb packages, it should be the case for you too. However, I am wondering if you really have both MariaDB and MySQL deb packages installed on the same machine at the same time; installation of one conflicts with another, so you probably have a rather complicated setup on your box to use them both at once. Could it be that you are trying to connect to MariaDB server from a deb package (openssl) using a client from, lets say, MySQL generic tarball package (or any other version that uses yassl)? In this case, you might be facing an old problem described here http://blog.swwomm.com/2011/09/mysql-ssl-implementation.html; there are also open bugs in MySQL bug database about it. Please let us know if this is the case.
The used Mysql-Server was not at the same machine (we use MariaDB in a network, the Mysql-Server was on my local machine for comparison, both machines uses Ubuntu). I know that MariaDB is a drop-in-replacement.
Both Ubuntu-Packages should use openssl (the variables had show the use of openssl).
It could be possible, that the switch from the MariaDB Server + Client to Mysql-Server + Client on my local machine (at first it was a comparison between another MariaDB-Server and the used MariaDB-Server in the network - later it was a comparison between MariaDB-Server in the network and the local Mysql-Server) lead to a conflict (configuration files). For a fresh install for rechecking this aspect I need some time.
Interesting for me was using the Connector/J over SSL with MariaDB. The other client and server programs was only for getting the scope of occuring an error.
Please note that have_openssl server variable is just a synonym of have_ssl, it does not really show whether the server uses openssl or yassl (see MySQL Manual). Running ldd on the server or client binary would be more reliable.