Is it possible that something changed to prevent SSL connections between 5.0.87 and 5.0.90 (and 5.1.50 for that matter)?
With 5.0.87 I was able to connect from a client using the -ssl* parameters without problem. If I upgrade to 5.0.90 or 5.1.50 it doesn't work. And I don't have the 5.0.87 RPM's so I am in a bit of an issue.
I am getting the unhelpful "ERROR 2026 (HY000): SSL connection error" message. I have done all of the recommended steps to address the problem (regenerating the keys, different CN's, etc).
MySQL and SSL Connections problem
Re: MySQL and SSL Connections problem
Never mind, I found the problem.
Re: MySQL and SSL Connections problem
What was it?
Something nice and simple I hope!?
Faris.
Something nice and simple I hope!?
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: MySQL and SSL Connections problem
It was a little weird because my original certs worked fine in 5.0.87 but didn't work with 5.0.90 or 5.1.50. I can't really say why that was.
But when recreating the certificates this time, I was first using a days value of 1000 and a blank passphrase. During testing I migrated over to using 9999 days (which was in one of the online examples) and an extra command to strip out the pass phrase. Well it turns out that apparently 9999 is too big of a number and causes a overflow condition because the resulting certs had a 2001 expiration date. I am wondering if perhaps 5.0.87 didn't check if the cert was expired.
Anyway I used the following commands:
I filled out all fields and all three CN's I gave different values for.
But when recreating the certificates this time, I was first using a days value of 1000 and a blank passphrase. During testing I migrated over to using 9999 days (which was in one of the online examples) and an extra command to strip out the pass phrase. Well it turns out that apparently 9999 is too big of a number and causes a overflow condition because the resulting certs had a 2001 expiration date. I am wondering if perhaps 5.0.87 didn't check if the cert was expired.
Anyway I used the following commands:
Code: Select all
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem > server-req.pem
openssl x509 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl req -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem > client-req.pem
openssl x509 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
openssl rsa -in client-key.pem -out client-key.pem
Re: MySQL and SSL Connections problem
Ah! Interesting.
Thanks.
Faris.
Thanks.
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>