stackoom
  简体   繁体   中英

Mysql ssl connection from remote server

 原文  2014-06-05 16:44:26       mysql/ ssl

Question

I have a mysql-server set up on one server. I have enabled SSL by adding the following lines into the [mysqld] section in my.cnf: 

ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem

I have generated these certificates by following the steps in http://dev.mysql.com/doc/refman/5.1/en/creating-ssl-certs.html

Now on the same server when I run the mysql client with the following command, the connection is established with SSL enabled: 

mysql -uuser -p --ssl-ca=/etc/mysql/ca-cert.pem

Now when I try to do the same from a remote server 

mysql -uuser -hserver.asdf -p --ssl-ca=ca-cert.pem

, I get the following error: 

ERROR 2026 (HY000): SSL connection error

where in I have copied the same ca-cert.pem file that i used previously. But when I run the following command, the connection gets established with SSL enabled: 

mysql -uuser -hserver.asdf -p --ssl-cert=client-cert.pem --ssl-key=client-key.pem

From what I can understand, --ssl-cert and --ssl-key parameters are required in the mysql client command only if we want the server to authenticate the client and are not actually necessary. But why is it that I can connect when I use these parameters and not otherwise?

UPDATE

There were certain other important factors that I thought were unimportant during the time of asking this question. The mysql-server package version being used was Percona-Server-51-5.1.73 and the mysql-client package on the local server was Percona-client-51-5.1.73. But on the remote server the mysql-client package was Percona-client-51-5.1.61

1 answers

solution1
 0 ACCPTED  2014-06-12 17:47:22

It turns out that there were some major changes made with respect to Percona-mysql packages with respect to SSL in the more recent builds of Percona-mysql. All older builds of the percona-mysql package came with yaSSL support whereas more recent builds use OpenSSL.

This was done because packages with yaSSL builds apparently used to cause some programs to crash. More details regarding this bug can be found here: https://bugs.launchpad.net/percona-server/+bug/1104977

Since this issue was fixed from 5.1.68 onwards, obviously a package before that didn't function properly.

So after updating the mysql client package to the latest version, the problem was fixed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect to remote MySQL server with SSL from PHP MYSQL remote connection require SSL Remote MySql connection from other server Connection to Local Instance of MySQL from Remote Server MySQL server remote connection? Connecting to a remote MySQL server from a Delphi program through SSL SSL connection to MySQL server with Java mysql connection string to remote server local server connection to remote mysql PHP connection to remote MySQL server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM