xtrabackup uses SSL even though ssl=false is set in my.cnf
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB | Status tracked in 2.4 | |||||
2.3 |
New
|
Undecided
|
Unassigned | |||
2.4 |
New
|
Undecided
|
Unassigned |
Bug Description
On our =>percona-
ssl = false
ssl-ca = /etc/mysql/
ssl-cert = /etc/mysql/
ssl-key = /etc/mysql/
Also see:
root@dbs:/# xtrabackup --help|grep ssl|grep -v -- --
xtrabackup version 2.4.5 based on MySQL server 5.7.13 Linux (x86_64) (revision id: e41c0be)
ssl FALSE
ssl-verify-
ssl-ca /etc/mysql/
ssl-capath (No default value)
ssl-cert /etc/mysql/
ssl-cipher (No default value)
ssl-key /etc/mysql/
ssl-crl (No default value)
ssl-crlpath (No default value)
Since xtrabackup-2.4.5 it will use ssl even though ssl it set to false (it probably only checks for ssl-cert/
root@dbs:/# xtrabackup --backup
WARNING: --ssl is deprecated and will be removed in a future version. Use --ssl-mode instead.
Unrecognized character \x01; marked by <-- HERE after <-- HERE near column 1 at - line 1374.
161201 13:44:16 Connecting to MySQL server host: localhost, user: root, password: set, port: 3306, socket: /var/run/
Failed to connect to MySQL server: SSL connection error: SSL is required but the server doesn't support it.
root@dbs:/#
Only xtrabackup --backup --skip-ssl works (which only exists for 2.4.5, so it's difficult to automate for older versions).
see also bug 1646429