Bug 162079 - mysqld does not support --ssl-ca --ssl-cert --ssl-key
Summary: mysqld does not support --ssl-ca --ssl-cert --ssl-key
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mysql
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-29 18:49 UTC by Jim Hanley
Modified: 2013-07-03 03:06 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-06-29 22:17:51 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jim Hanley 2005-06-29 18:49:07 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2

Description of problem:
When using the options mentioned above in the my.cnf file, I get the following in the /var/log/mysqld.log file:
050629 09:19:58  mysqld started
/usr/libexec/mysqld: unrecognized option `--ssl-ca=/etc/mysql/openssl/cacert.pem'

It is apparent that MySQLd is built without ssl suppport.

Version-Release number of selected component (if applicable):
mysql-server-3.23.58-16.FC3.1

How reproducible:
Always

Steps to Reproduce:
1. Generate cacert.pem, server-cert.pem server-key.pem
2. Add the following to the mysqld section of the my.cnf file:
ssl-ca=/etc/mysql/openssl/cacert.pem
ssl-cert=/etc/mysql/openssl/server-cert.pem
ssl-key=/etc/mysql/openssl/server-key.pem

3. /etc/init.d/mysqld restart

Actual Results:  Stopping MySQL:                                            [  OK  ]
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL:                                            [FAILED]

Log contains error mentioned above

Expected Results:  Should use options as explained in section 5.7.7.5. SSL Command-Line Options of the MySQL online manual.

Additional info:

I beleive all that is needed is an adjustment in the spec file to include a dependancy for ssl and to compile ssl into the rpm.

Although marked as an enhancement, I beleive that this is really a security issue for systems where the DB backend and web frontend are disjoint.  I levase it up to the EIC to make that judgement.

Comment 1 Tom Lane 2005-06-29 22:17:51 UTC
This is done in Fedora Core 4.


Note You need to log in before you can comment on or make changes to this bug.