Add back WITH_SSL build parameter

@Elbandi - thanks for the report and for linking the fix.
- Do you have a reproducer for the issue with icinga?
- Do you know of other use cases affected (to get a feeling on the urgency of this)?

@security: do you want to handle that as a update-regression to be fixed soon or will you wait for 5.7.29 to be released with the fix (We might need to wait for more data on it to decide)?

I would need to know what is making icing2 crash before making that decision.

The update from 5.7.27 to 5.7.28 definitely caused some SSL issues for me. Manually reverting back to all 5.7.27-0ubuntu0.16.04.1 versions fixed whatever the problem was. I have an older Python app that uses SQLAlechemy to connect to MySQL using https://github.com/farcepest/MySQLdb1, and the latest update caused tons of _SSL connection error: error:00000001:lib(0):func(0):reason(1)_ errors in my logs, and prevented my application from connecting to the database, eventually causing the host to be blocked because it hit the max_connect_error limit. Reverting back to 5.7.27 resolved the issue.

The same error also occurred when attempting to use mysql from the command line. Reverting to 5.7.27 also fixed that.

Status changed to 'Confirmed' because the bug affects multiple users.

Hi Matt, could you please file a separate bug for the issue you are having, as it is quite different. Thanks!

Will do!

A background worker process is crashed. dmesg line:
[110854.430928] traps: icinga2[17383] general protection ip:7f403c6f4edc sp:7f40365cfe40 error:0 in libpthread-2.23.so[7f403c6e8000+18000]
icinga use newer libboost, i checked the libbost source, just some backport changes lines.
We disable the mysql stuff -> no crash. We enable again -> crash.
I recompile mysql with this WITH_SSL -> no crash.

Here is some gdb lines:
#0 0x00007f9bc5c10edc in pthread_rwlock_unlock () from /lib/x86_64-linux-gnu/libpthread.so.0
#1 0x00007f9bbbaa158f in ?? () from /usr/lib/x86_64-linux-gnu/libmysqlclient.so.20
#2 0x00007f9bc564dfaf in rsa_get_blinding (rsa=rsa@entry=0x7f9b9c0123a0, local=local@entry=0x7f9bc0057f0c, ctx=ctx@entry=0x7f9b9413c700) at rsa_eay.c:307
#3 0x00007f9bc564f180 in RSA_eay_private_encrypt (flen=<optimized out>, from=<optimized out>,
    to=0x7f9bb41d3e08 "\222.\\.\021#\203\237\341\211\006\371\243ݕ\321"..., rsa=0x7f9b9c0123a0, padding=1)
    at rsa_eay.c:405

I dont know, is there any other apps with crash. we didnt find yet, but not using other such an app.
we temporally workaround: switch back to .27, and hold.

ps: i'm going to vacation. cannot answer

The 5.7.28 release notes mention the drop of yaSSL:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html

"""
All MySQL 5.7 builds now use OpenSSL. MySQL no longer supports using yaSSL as the SSL library, and source distributions no longer include yaSSL.

The WITH_SSL CMake option no longer permits bundled (use yaSSL) as a valid value, and the default option value has changed from bundled to system (use the version of OpenSSL installed on the host system).
"""

The patch referenced in the original bug report looks like a minimal fix to restore the WITH_SSL option, and I think looks suitable for SRU.

Elbandi, thanks for explaining how you're working around the issue, and sharing the more detailed stack trace that results. For a reproducer, I think what Christian and Marc had in mind were more like the sequence of steps to install and configure icinga2 and what to run against it client-side to trigger the crash.

In theory, adding WITH_SSL=system should be a NOOP. I don't understand why icinga2 would crash because of that...

Are you sure you were running the correct libmysqlclient.so.20, and did you restart icinga2 after updating mysql?