|
ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed
I am trying to set up an SSL connection to a Mariadb database
Server version: 5.5.33-MariaDB openSUSE package
and am getting this error each time I try to log into a user set up for SSL
I have done the following to work this out.
1) I have set up and placed the
[mysqld]
ssl-ca=/etc/mysql/newcerts/ca-cert.pem
ssl-cert=/etc/mysql/newcerts/server-cert.pem
ssl-key=/etc/mysql/newcerts/server-key.pem
[client]
ssl-ca=/etc/mysql/newcerts/ca-cert.pem
ssl-cert=/etc/mysql/newcerts/client-cert.pem
ssl-key=/etc/mysql/newcerts/client-key.pem
2) as per reading on the error I have changed the CN values such that the client is not the same as the server
CN=Phillip_Wyckoff_S server
CN=Phillip_wyckoff_C cient
3) have verified the cert with
openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
server-cert.pem: OK
client-cert.pem: OK
show grants for 'SSL_user'@'%';
|
| GRANT USAGE ON *.* TO 'SSL_user'@'%' IDENTIFIED BY PASSWORD
'*****************************************' REQUIRE SSL
| GRANT SELECT, INSERT, UPDATE, DELETE ON `appt_db`.* TO 'SSL_user'@'%' |
mysql -u SSL_user --ssl-ca=/etc/mysql/newcerts/ca-cert.pem
ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed
MariaDB [(none)]> show variables like 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl | YES |
+---------------+-------+
1 row in set (0.00 sec)
MariaDB [(none)]> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Ssl_cipher | |
+---------------+-------+
1 row in set (0.00 sec)
What does this error mean. How to I correct it
Additional note I original set up both CN (client/server) as same Phillip_Wyckoff
I then changed one (server) to Phillip_Wyckoff_S . When I did the I got the error
18 at 0 ...
when I set the client side to Phillip_Wyckoff_C the error went away.. BUT i still can't connect
Last edited by prw8864; 11-15-2014 at 09:20 PM.
|
