Comment 42 for bug 1169505
Revision history for this message
| Valerii Kravchuk (valerii-kravchuk) wrote | #42 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
All I can tell that as soon as I create certificates by the book:
http://
like this:
...
1005 openssl version
1006 mkdir cert
1007 cd cert
1008 openssl genrsa 2048 > ca-key.pem
1009 openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem
1010 openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
1011 openssl rsa -in server-key.pem -out server-key.pem
1012 openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
1013 openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem
1014 openssl rsa -in client-key.pem -out client-key.pem
1015 openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
1016 openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
...
everything works:
[openxs@chief msb_5_5_30]$ ./use -uroot test
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.30-rel30.2 Percona Server with XtraDB (GPL), Release rel30.2, Revision 500
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql [localhost] {root} (test) > grant all privileges on test.* to 'user'@'localhost' identified by 'user' require ssl;
Query OK, 0 rows affected (0.00 sec)
mysql [localhost] {root} (test) > exit
Bye
[openxs@chief msb_5_5_30]$ ./use -uuser -puser test
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.5.30-rel30.2 Percona Server with XtraDB (GPL), Release rel30.2, Revision 500
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql [localhost] {user} (test) > select current_user();
+----------------+
| current_user() |
+----------------+
| user@localhost |
+----------------+
1 row in set (0.00 sec)
mysql [localhost] {user} (test) > show status like 'ssl_cipher';
+------
| Variable_name | Value |
+------
| Ssl_cipher | DHE-RSA-AES256-SHA |
+------
1 row in set (0.00 sec)
mysql [localhost] {user} (test) > status
--------------
/home/openxs/
Connection id: 6
Current database: test
Current user: user@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.5.30-rel30.2 Percona Server with XtraDB (GPL), Release rel30.2, Revision 500
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /tmp/mysql_
Uptime: 4 min 50 sec
Threads: 1 Questions: 40 Slow queries: 0 Opens: 33 Flush tables: 1 Open tables: 26 Queries per second avg: 0.137
--------------
mysql [localhost] {user} (test) > exit
Bye
Details of my environment:
[openxs@chief msb_5_5_30]$ cat /etc/issue
Fedora release 14 (Laughlin)
Kernel \r on an \m (\l)
[openxs@chief msb_5_5_30]$ uname -a
Linux chief 2.6.35.
[openxs@chief msb_5_5_30]$ openssl version
OpenSSL 1.0.0e-fips 6 Sep 2011
[openxs@chief msb_5_5_30]$ openssl verify -CAfile /home/openxs/
/home/openxs/
/home/openxs/
[openxs@chief msb_5_5_30]$ cat my.sandbox.cnf
# The MySQL Sandbox
# Copyright (C) 2006-2013 Giuseppe Maxia
# Contacts: http://
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
[mysql]
prompt='mysql [\h] {\u} (\d) > '
#
[client]
user = msandbox
password = msandbox
port = 5530
socket = /tmp/mysql_
ssl-ca=
ssl-cert=
ssl-key=
[mysqld]
user = openxs
port = 5530
socket = /tmp/mysql_
basedir = /home/openxs/5.5.30
datadir = /home/openxs/
tmpdir = /home/openxs/
pid-file = /home/openxs/
#log-slow-queries = /home/openxs/
#log = /home/openxs/
#
# additional options passed through 'my_clause'
#
log-error=
ssl-ca=
ssl-cert=
ssl-key=
[openxs@chief msb_5_5_30]$ openssl x509 -text -in /home/openxs/
Issuer: C=UA, ST=KIEV, L=KIEV, O=Percona One, OU=support, CN=chief1/
Subject: C=UA, ST=KIEV, L=KIEV, O=Percona Three, OU=support, CN=chief3/
It had been like that all the time for me. So I continue to assume that problem is with certificates that are "not OK" for OpenSSL library used in the system (while they were "OK" for yassl), or with OpenSSL version used itself.