maria-discuss team mailing list archive

Thread
Date

Clarification about have_ssl and have_openssl variables

To: Maria Discuss <maria-discuss@xxxxxxxxxxxxxxxxxxx>
From: Peter Laursen <peter_laursen@xxxxxxxxxx>
Date: Thu, 8 Feb 2018 15:04:27 +0100

MySQL documentation states
https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_have_openssl
 simply states "This variable is an alias for have_ssl.". I checked with a
few Oracle/MySQL installations that the two variables have identical
values.

But this is not the case on MariaDB (I checked my local Windows installs of
10.1 and 10.2). have_openssl is NO - have_ssl is YES|DISABLED.

We believe that this is the reason for a newly reported problem to us:
SSL-connections is not possibe to MariaDB on Amazon RDS. We verified the
problem with a fresh RDS instance with MariaDB 10.2 and running with SSL
enabled. The 3 different 'mysql' CLI's give results:


*MariaDB 10.2.6 version:*
- without ssl, gives 'Access denied error'
- with ssl, it gives Error No. 2026: SSl Connection error: Certificate
signature check failed

*using MySQL 5.7.x version:*
it connects to the server irrespective of the ssl parameter passed or not
(but we don't know if SSL is actually used. It may silently connect without
SSL if SSL is not possible)

*MariaDB 10.1.22 version:*
without ssl: it gives 'Access denied error'
with ssl (Works as expected)



Any thoughts on this? What can we do? We are affected as we use MariaDB
Connector/C 2.33 currently



-- Peter
-- Webyog

Follow ups

Re: Clarification about have_ssl and have_openssl variables
From: Sergei Golubchik, 2018-02-11