Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Different connection results with --ssl and --ssl-mode=REQUIRED

Bug #1656849 reported by Shahriyar Rzayev on 2017-01-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	Status tracked in 2.4
	2.4	Confirmed	Medium	Unassigned

Bug Description

Hi dear all,
Testing branch -> gl-sergei:2.4-xb-bug1551706

Result with --ssl-mode=REQUIRED:

Result with --ssl:

sudo ./xtrabackup --defaults-file=/home/sh/sandboxes/rsandbox_Percona-Server-5_7_14/master/my.sandbox.cnf --backup --datadir=/home/sh/sandboxes/rsandbox_Percona-Server-5_7_14/master/data/ --target-dir=/home/backup_dir/full/ --no-version-check --ssl
WARNING: --ssl is deprecated and will be removed in a future version. Use --ssl-mode instead.
170116 18:43:11 Connecting to MySQL server host: localhost, user: jeffrey, password: set, port: 19589, socket: /tmp/mysql_sandbox19589.sock
Using server version 5.7.14-8-log
./xtrabackup version 2.4.5 based on MySQL server 5.7.13 Linux (x86_64) (revision id: fd5bd0f)
xtrabackup: uses posix_fadvise().
xtrabackup: cd to /home/sh/sandboxes/rsandbox_Percona-Server-5_7_14/master/data/
xtrabackup: open files limit requested 0, set to 1024
xtrabackup: using the following InnoDB configuration:
xtrabackup: innodb_data_home_dir = .
xtrabackup: innodb_data_file_path = ibdata1:12M:autoextend
xtrabackup: innodb_log_group_home_dir = ./
xtrabackup: innodb_log_files_in_group = 2
xtrabackup: innodb_log_file_size = 50331648
InnoDB: Number of pools: 1

With 5.7.14 client:

sh@sh-ubuntu:~/sandboxes/rsandbox_Percona-Server-5_7_14/master$ sudo /home/sh/MySQLPakcages/5.7.14/bin/mysql --defaults-file=/home/sh/sandboxes/rsandbox_Percona-Server-5_7_14/master/my.sandbox.cnf --ssl -e "select @@version"
[sudo] password for sh:
WARNING: --ssl is deprecated and will be removed in a future version. Use --ssl-mode instead.
+--------------+
| @@version |
+--------------+
| 5.7.14-8-log |
+--------------+
sh@sh-ubuntu:~/sandboxes/rsandbox_Percona-Server-5_7_14/master$ sudo /home/sh/MySQLPakcages/5.7.14/bin/mysql --defaults-file=/home/sh/sandboxes/rsandbox_Percona-Server-5_7_14/master/my.sandbox.cnf --ssl-mode=REQUIRED -e "select @@version"
WARNING: no verification of server certificate will be done. Use --ssl-mode=VERIFY_CA or VERIFY_IDENTITY.
+--------------+
| @@version |
+--------------+
| 5.7.14-8-log |
+--------------+

Tags:

Revision history for this message

Daniël van Eeden (dveeden) wrote on 2017-02-27:

Another difference:
[mysqld]
ssl-ca=...
ssl-cert=...
ssl-key=...

But this was added after the startup of the server, so the server runs w/o SSL support.

The mysql command connects without issue, but xtrabackup fails.

This is because xtrabackup reads the mysqld section and the mysql client(s) don't.
I don't think using ssl options from the mysqld section should be used when connecting as a client.

Revision history for this message

Sergei Glushchenko (sergei.glushchenko) wrote on 2017-02-27:

percona xtrabackup doesn't read client options from [mysqld] since the latest release. The changed was introduced by the fix for bug 1551706

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-20:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-780

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.