Comment 37 for bug 1169505

Roman Vynar (roman-vynar) wrote :

Here is my steps to reproduce the problem with MySQL SSL and Percona-Server-shared-compat.

[root@centos6 ~]# cat mysqli-ssl.php
<?php
$conn=mysqli_init();
mysqli_ssl_set($conn,
               '/etc/mysql-ssl/client-key.pem',
               '/etc/mysql-ssl/client-cert.pem',
               NULL, NULL, NULL);
if (!mysqli_real_connect($conn, '192.168.56.101', 'percona_ssl', '12345'))
{
    die();
}
$res = mysqli_query($conn, 'SHOW STATUS like "Ssl_cipher"');
print_r(mysqli_fetch_row($res));
mysqli_close($conn);
[root@centos6 ~]# php mysqli-ssl-test.php
PHP Warning: mysqli_real_connect(): (28000/1045): Access denied for user 'percona_ssl'@'10.38.11.76' (using password: YES) in /home/percona/mysqli-ssl-test.php on line 7

[root@centos6 ~]# rpm -e Percona-Server-shared-compat-5.5.31-rel30.3.520.rhel6.x86_64 --nodeps
[root@centos6 ~]# rpm -ivh compat-mysql51-5.1.54-1.el6.remi.x86_64.rpm
warning: compat-mysql51-5.1.54-1.el6.remi.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 00f97f56: NOKEY
Preparing... ########################################### [100%]
   1:compat-mysql51 ########################################### [100%]
[root@centos6 ~]# php mysqli-ssl-test.php
Array
(
    [0] => Ssl_cipher
    [1] => DHE-RSA-AES256-SHA
)
[root@centos6 ~]# openssl x509 -text -in /etc/mysql-ssl/client-cert.pem|grep CN
        Issuer: C=UA, ST=Lviv, L=Lviv, O=Percona, OU=Remote DBA, <email address hidden>
        Subject: C=UA, ST=Lviv, L=Lviv, O=Percona, OU=Remote DBA, <email address hidden>

The server and client certificates are generated with the different CNs. centos6.vm - server's cert CN, clone.vm - client's cert CN.
Something wrong with Percona-Server-shared-compat's libmysqlclient.so.16.
Hope this helps.