Red Hat Bugzilla – Bug 598656
mysql fails to support chained SSL certificates
Last modified: 2013-07-02 23:29:46 EDT
Description of problem:
mysql will only read the first certificate from a server or client SSL certificate file. This fails to support standard arrangements for using chained certificates (ie, those signed by an intermediate certificate authority rather than directly by a root authority). It is possible to work around this by listing the intermediate authorities as fully trusted in the ssl-ca file, but that's not the recommended way to do things. The intermediate authorities' certs ought to be appended to the certificate file, instead.
Version-Release number of selected component (if applicable):
See IT 939373 and discussion at
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
Filed upstream at http://bugs.mysql.com/bug.php?id=54158
Performed only sanity checks. Setting SanityOnly.
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.