This is a read-only copy of the MariaDB Knowledgebase generated on 2024-11-17. For the latest, interactive version please visit https://mariadb.com/kb/.

MariaDB SSL connection issues

Hi,

After switching from Mysql to MariaDB ( Server version: 5.5.31-MariaDB-1squeeze-log ) we lost the ability to connect via SSL to the server.

We were using self signed certificates generated via the method described here and they worked well before the switch to MariaDB : http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

We get the following error messages when trying to connect on the same machine having bot the client and the server.

mysql -v -u user -p database --ssl-ca /etc/mysql/newcerts/ca-cert.pem --ssl-cert /etc/mysql/newcerts/client-cert.pem --ssl-key /etc/mysql/newcerts/client-key.pem Enter password: ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

Any hint is appreciated.

Thanks.

Answer

MariaDB uses OpenSSL and lets it verify certificates. MySQL either uses YaSSL or OpenSSL and is sloppy about error checking. That's why your certificates used to work with MySQL and stopped working when you upgraded.

The core of the issue, you've used exactly the same information both for the client and the server certificate (same country, organization, locality, etc). And OpenSSL doesn't like that. Recreating certificates with different description should solve this problem.

Just for the reference, here's how you can verify whether your certificates are valid:

openssl verify -CAfile /etc/mysql/newcerts/ca-cert.pem /etc/mysql/newcerts/server-cert.pem /etc/mysql/newcerts/client-cert.pem
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.