Different connection results with --ssl and --ssl-mode=REQUIRED
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB | Status tracked in 2.4 | |||||
2.4 |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Hi dear all,
Testing branch -> gl-sergei:2.4-xb-bug1551706
Result with --ssl-mode=
sudo ./xtrabackup --defaults-
170116 18:41:37 Connecting to MySQL server host: localhost, user: jeffrey, password: set, port: 19589, socket: /tmp/mysql_
WARNING: no verification of server certificate will be done. Use --ssl-mode=
Failed to connect to MySQL server: Access denied for user 'jeffrey'
Result with --ssl:
sudo ./xtrabackup --defaults-
WARNING: --ssl is deprecated and will be removed in a future version. Use --ssl-mode instead.
170116 18:43:11 Connecting to MySQL server host: localhost, user: jeffrey, password: set, port: 19589, socket: /tmp/mysql_
Using server version 5.7.14-8-log
./xtrabackup version 2.4.5 based on MySQL server 5.7.13 Linux (x86_64) (revision id: fd5bd0f)
xtrabackup: uses posix_fadvise().
xtrabackup: cd to /home/sh/
xtrabackup: open files limit requested 0, set to 1024
xtrabackup: using the following InnoDB configuration:
xtrabackup: innodb_
xtrabackup: innodb_
xtrabackup: innodb_
xtrabackup: innodb_
xtrabackup: innodb_
InnoDB: Number of pools: 1
With 5.7.14 client:
sh@sh-ubuntu:
[sudo] password for sh:
WARNING: --ssl is deprecated and will be removed in a future version. Use --ssl-mode instead.
+--------------+
| @@version |
+--------------+
| 5.7.14-8-log |
+--------------+
sh@sh-ubuntu:
WARNING: no verification of server certificate will be done. Use --ssl-mode=
+--------------+
| @@version |
+--------------+
| 5.7.14-8-log |
+--------------+
Another difference:
[mysqld]
ssl-ca=...
ssl-cert=...
ssl-key=...
But this was added after the startup of the server, so the server runs w/o SSL support.
The mysql command connects without issue, but xtrabackup fails.
This is because xtrabackup reads the mysqld section and the mysql client(s) don't.
I don't think using ssl options from the mysqld section should be used when connecting as a client.