Bug 162079 - mysqld does not support --ssl-ca --ssl-cert --ssl-key
mysqld does not support --ssl-ca --ssl-cert --ssl-key
Product: Fedora
Classification: Fedora
Component: mysql (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Lane
David Lawrence
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2005-06-29 14:49 EDT by Jim Hanley
Modified: 2013-07-02 23:06 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-06-29 18:17:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jim Hanley 2005-06-29 14:49:07 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2

Description of problem:
When using the options mentioned above in the my.cnf file, I get the following in the /var/log/mysqld.log file:
050629 09:19:58  mysqld started
/usr/libexec/mysqld: unrecognized option `--ssl-ca=/etc/mysql/openssl/cacert.pem'

It is apparent that MySQLd is built without ssl suppport.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Generate cacert.pem, server-cert.pem server-key.pem
2. Add the following to the mysqld section of the my.cnf file:

3. /etc/init.d/mysqld restart

Actual Results:  Stopping MySQL:                                            [  OK  ]
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL:                                            [FAILED]

Log contains error mentioned above

Expected Results:  Should use options as explained in section SSL Command-Line Options of the MySQL online manual.

Additional info:

I beleive all that is needed is an adjustment in the spec file to include a dependancy for ssl and to compile ssl into the rpm.

Although marked as an enhancement, I beleive that this is really a security issue for systems where the DB backend and web frontend are disjoint.  I levase it up to the EIC to make that judgement.
Comment 1 Tom Lane 2005-06-29 18:17:51 EDT
This is done in Fedora Core 4.

Note You need to log in before you can comment on or make changes to this bug.