I've been looking into this a bit more. When connecting to localhost on a working and a non-working server, I see these differences (only different values are shown):
The '5.5.30-30.1' server (accepting ssl clients):
mysql> show status like 'ssl%';
+--------------------------------+---------+
| Variable_name | Value |
+--------------------------------+---------+
| Ssl_accepts | 0 |
| Ssl_ctx_verify_depth | 0 |
| Ssl_ctx_verify_mode | 0 |
| Ssl_finished_accepts | 0 |
| Ssl_session_cache_mode | Unknown |
| Ssl_session_cache_size | 0 |
+--------------------------------+---------+
The '5.5.30-30.2' server (not accepting ssl clients):
mysql> show status like 'ssl%';
+--------------------------------+----------------------+
| Variable_name | Value |
+--------------------------------+----------------------+
| Ssl_accepts | 626 |
| Ssl_ctx_verify_depth | 18446744073709551615 |
| Ssl_ctx_verify_mode | 5 |
| Ssl_finished_accepts | 3 |
| Ssl_session_cache_mode | SERVER |
| Ssl_session_cache_size | 128 |
+--------------------------------+----------------------+
Also, lsof on the 5.5.30-30.1 server shows
root@server:~# lsof | grep ssl | grep mysql
mysqld 27521 mysql mem REG 254,9 356608 41213 /usr/lib/libssl.so.0.9.8
while the 5.5.30-30.2 server does not show this line. I'm not sure if the server is supposed to have this shared library opened at all times?
I've been looking into this a bit more. When connecting to localhost on a working and a non-working server, I see these differences (only different values are shown):
The '5.5.30-30.1' server (accepting ssl clients): ------- ------- ------- -----+- ------- -+ ------- ------- ------- -----+- ------- -+ verify_ depth | 0 | accepts | 0 | cache_mode | Unknown | cache_size | 0 | ------- ------- ------- -----+- ------- -+
mysql> show status like 'ssl%';
+------
| Variable_name | Value |
+------
| Ssl_accepts | 0 |
| Ssl_ctx_
| Ssl_ctx_verify_mode | 0 |
| Ssl_finished_
| Ssl_session_
| Ssl_session_
+------
The '5.5.30-30.2' server (not accepting ssl clients): ------- ------- ------- -----+- ------- ------- ------- + ------- ------- ------- -----+- ------- ------- ------- + verify_ depth | 184467440737095 51615 | accepts | 3 | cache_mode | SERVER | cache_size | 128 | ------- ------- ------- -----+- ------- ------- ------- +
mysql> show status like 'ssl%';
+------
| Variable_name | Value |
+------
| Ssl_accepts | 626 |
| Ssl_ctx_
| Ssl_ctx_verify_mode | 5 |
| Ssl_finished_
| Ssl_session_
| Ssl_session_
+------
Also, lsof on the 5.5.30-30.1 server shows
root@server:~# lsof | grep ssl | grep mysql libssl. so.0.9. 8
mysqld 27521 mysql mem REG 254,9 356608 41213 /usr/lib/
while the 5.5.30-30.2 server does not show this line. I'm not sure if the server is supposed to have this shared library opened at all times?