Percona Server with XtraDB

SSL certificate revocation list-related MTR tests fail on some platforms with -DWITH_SSL=system

Reported by Laurynas Biveinis on 2013-11-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server
Status tracked in 5.6
5.1
Undecided
Unassigned
5.5
Undecided
Unassigned
5.6
Medium
Sergei Glushchenko

Bug Description

After adding -DWITH_SSL=system to Jenkins to match how the packages are built, ssl_crl and ssl_crl_crlpath tests start to fail on
- Ubuntu Lucid;
- Debian 6;
- CentOS 5.

A sample ssl_crl failure:

main.ssl_crl w1 [ fail ]
        Test ended at 2013-11-04 15:08:04

CURRENT_TEST: main.ssl_crl
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
mysqltest: At line 18: command "$MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';"" failed

Output from before failure:
exec of '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/client//mysql --defaults-file=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/1/my.cnf --ssl-ca=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-ca-cert.pem --ssl-key=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-key.pem --ssl-cert=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-cert.pem --ssl-crlpath=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';"' failed, error: 256, status: 1, errno: 0

The result from queries just before the failure was:
# test --crl for the client : should connect
Variable_name Value
have_openssl YES
have_ssl YES
ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem
ssl_capath
ssl_cert MYSQL_TEST_DIR/std_data/crl-server-cert.pem
ssl_cipher
ssl_crl MYSQL_TEST_DIR/std_data/crl-client-revoked.crl
ssl_crlpath
ssl_key MYSQL_TEST_DIR/std_data/crl-server-key.pem
# test --crlpath for the client : should connect

 - saving '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/1/log/main.ssl_crl/' to '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/log/main.ssl_crl/'

A sample ssl_crl_crlpath failure:

main.ssl_crl_crlpath w2 [ fail ]
        Test ended at 2013-11-04 15:08:05

CURRENT_TEST: main.ssl_crl_crlpath
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
mysqltest: At line 14: command "$MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';"" failed

Output from before failure:
exec of '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/client//mysql --defaults-file=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/2/my.cnf --ssl-ca=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-ca-cert.pem --ssl-key=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-key.pem --ssl-cert=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-cert.pem test --ssl-crl=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';"' failed, error: 256, status: 1, errno: 0

The result from queries just before the failure was:
# test --crl for the client : should connect

 - saving '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/2/log/main.ssl_crl_crlpath/' to '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/log/main.ssl_crl_crlpath/'

Full run at http://jenkins.percona.com/job/percona-server-5.6-trunk/183/ and later.

tags: added: ci ssl

Sergei -

Please report this to the upstream, attach the MP as a contribution, and link the bug report here. Thanks!

tags: added: upstream
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.