MySQL Forums
Forum List  »  Security

Client connection through SSL
Posted by: Iain Campbell
Date: August 24, 2006 11:11AM

I'm running 5.0.24 server & client on RHEL.

I've followed the instructions for generating certificates end enabling SSL.

Although the server reports that SSL is enabled, I'm unable to connect the client from the command line.

My my.cnf includes sections for both the server & client.

When I try to connect, I get the following error:

ERROR 2026 (HY000): SSL connection error

I've checked that the certs are not corrupted, and that they haven't expired.

Can anyone shed any light please? An straceof the client connection process is below, starting from straight after the password is entered.

Thanks.

write(3, "\n", 1) = 1
ioctl(3, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon echo ...}) = 0
close(3) = 0
munmap(0xb7fff000, 4096) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1623, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1623
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fff000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=19545, ...}) = 0
old_mmap(NULL, 19545, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ffb000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\32"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=45800, ...}) = 0
old_mmap(NULL, 41604, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
old_mmap(0x11a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x11a000
close(3) = 0
munmap(0xb7ffb000, 19545) = 0
open("/etc/services", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=20373, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(3, "# /etc/services:\n# $Id: services"..., 4096) = 4096
read(3, "123/tcp\nntp\t\t123/udp\t\t\t\t# Networ"..., 4096) = 4096
read(3, "\t\t873/tcp\t\t\t\t# rsync\nrsync\t\t873/"..., 4096) = 4096
read(3, "pserver\t2401/tcp\t\t\t# CVS client/"..., 4096) = 4096
close(3) = 0
munmap(0xb7fff000, 4096) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_SETFL, O_RDONLY) = 0
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
connect(3, {sa_family=AF_FILE, path="/var/lib/mysql/mysql.sock"}, 110) = 0
setsockopt(3, SOL_IP, IP_TOS, [8], 4) = -1 EOPNOTSUPP (Operation not supported)
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
read(3, "=\0\0\0\n5.0.24-standard\0m\0\0\0aVk8pQ$"..., 16384) = 65
stat64("/usr/share/mysql/charsets/Index.xml", {st_mode=S_IFREG|0755, st_size=18221, ...}) = 0
open("/usr/share/mysql/charsets/Index.xml", O_RDONLY|O_LARGEFILE) = 4
read(4, "<?xml version=\'1.0\' encoding=\"ut"..., 18221) = 18221
close(4) = 0
write(3, " \0\0\1\205\256\3\0\0\0\0\1\10\0\0\0\0\0\0\0\0\0\0\0\0"..., 36) = 36
open("cacert.pem", O_RDONLY|O_LARGEFILE) = 4
open("cacert.pem", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=1151, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(5, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1151
_llseek(5, 0, [1151], SEEK_CUR) = 0
_llseek(5, 1151, [1151], SEEK_SET) = 0
close(5) = 0
munmap(0xb7fff000, 4096) = 0
close(4) = 0
open("client-cert.pem", O_RDONLY|O_LARGEFILE) = 4
open("client-cert.pem", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=3432, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(5, "Certificate:\n Data:\n V"..., 4096) = 3432
_llseek(5, 0, [3432], SEEK_CUR) = 0
_llseek(5, 3432, [3432], SEEK_SET) = 0
close(5) = 0
munmap(0xb7fff000, 4096) = 0
close(4) = 0
open("client-key.pem", O_RDONLY|O_LARGEFILE) = 4
open("client-key.pem", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=887, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(5, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 887
_llseek(5, 0, [887], SEEK_CUR) = 0
_llseek(5, 887, [887], SEEK_SET) = 0
close(5) = 0
munmap(0xb7fff000, 4096) = 0
close(4) = 0
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 4
read(4, "L\245\1\317,\313\5}@\236Sx\260]\2004H\17\214\np\334R\37"..., 32) = 32
time(NULL) = 1156437432
open("/etc/localtime", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=1323, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
read(5, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0"..., 4096) = 1323
close(5) = 0
munmap(0xb7fff000, 4096) = 0
time(NULL) = 1156437432
time(NULL) = 1156437432
time(NULL) = 1156437432
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 5
read(5, "b^i\276?\251\tY\237\361\367*}\3\273\333w!N\346|\256\t\314"..., 32) = 32
send(3, "\26\3\1\0Y\1\0\0U\3\1\330I\256\207\274\327\340\v\274\213"..., 94, 0) = 94
recv(3, "\26", 1, MSG_PEEK) = 1
ioctl(3, FIONREAD, [1243]) = 0
recv(3, "\26\3\1\0J\2\0\0F\3\1z\207\200\366\246]\207n\227!\272\240"..., 1243, 0) = 1243
time(NULL) = 1156437432
time(NULL) = 1156437432
gettimeofday({1156437432, 664613}, NULL) = 0
send(3, "\26\3\1\3\\\v\0\3X\0\3U\0\3R0\202\3N0\202\2\267\240\3\2"..., 1138, 0) = 1138
recv(3, "", 1, MSG_PEEK) = 0
close(3) = 0
close(4) = 0
shutdown(3, 2 /* send and receive */) = -1 EBADF (Bad file descriptor)
close(3) = -1 EBADF (Bad file descriptor)
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fff000
write(2, "ERROR 2026 (HY000): ", 20) = 20
write(2, "SSL connection error", 20) = 20
write(2, "\n", 1) = 1
write(1, "\7", 1) = 1
close(5) = 0
munmap(0xb7fff000, 4096) = 0
exit_group(1) = ?

Options: ReplyQuote


Subject
Views
Written By
Posted
Client connection through SSL
4478
August 24, 2006 11:11AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.