Bug 467524
Summary: | Unable to establish SSL connection from comunity-release MySQL client to RH MySQL server | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Nenad Opsenica <nenad> | ||||
Component: | mysql | Assignee: | Tom Lane <tgl> | ||||
Status: | CLOSED UPSTREAM | QA Contact: | qe-baseos-daemons | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5.2 | CC: | byte, hhorak, nenad | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-01-11 14:58:18 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Nenad Opsenica
2008-10-17 22:34:58 UTC
This most likely indicates that mysql's "yassl" SSL implementation is broken, ie, incapable of interoperating with openssl. I'd suggest filing the bug with them. Reported bug on MySQL site: http://bugs.mysql.com/40141 This is bug with this MySQL version, solved in 5.0.58 and up. Response from MySQL developer: "As OpenSSL is used in that RedHat's binaries, it is likely a duplicate of bug #33050. That bug if fixed in 5.0.58 and up. So, please, upgrade server to 5.0.67." Unfortunately, that was merely the easiest excuse to ignore the bug report :-(. 5.0.67 doesn't fix it, per the comment I added to the upstream bug. Created attachment 552127 [details]
patch proposed to upstream - yassl should send a message with no certificates
This is what happens actually:
RFC 2246 (The TLS Protocol Version 1.0) says (section 7.4.6.): "If no suitable certificate is available, the client should send a certificate message containing no certificates."
However, yassl implementation doesn't send this message at all, but openssl expects the message (at least an empty one).
This patch fixes it and was also proposed to upstream (bugs.mysql.com/40141).
Great detective work, Honza! Since we don't use the yassl code in RH mysql builds, there is no need to apply this patch ourselves. So I'm going to mark this bug closed/upstream. |