Red Hat Bugzilla – Bug 162079
mysqld does not support --ssl-ca --ssl-cert --ssl-key
Last modified: 2013-07-02 23:06:08 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2
Description of problem:
When using the options mentioned above in the my.cnf file, I get the following in the /var/log/mysqld.log file:
050629 09:19:58 mysqld started
/usr/libexec/mysqld: unrecognized option `--ssl-ca=/etc/mysql/openssl/cacert.pem'
It is apparent that MySQLd is built without ssl suppport.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Generate cacert.pem, server-cert.pem server-key.pem
2. Add the following to the mysqld section of the my.cnf file:
3. /etc/init.d/mysqld restart
Actual Results: Stopping MySQL: [ OK ]
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL: [FAILED]
Log contains error mentioned above
Expected Results: Should use options as explained in section 184.108.40.206. SSL Command-Line Options of the MySQL online manual.
I beleive all that is needed is an adjustment in the spec file to include a dependancy for ssl and to compile ssl into the rpm.
Although marked as an enhancement, I beleive that this is really a security issue for systems where the DB backend and web frontend are disjoint. I levase it up to the EIC to make that judgement.
This is done in Fedora Core 4.