Ubuntu to Gentoo MySQL SSL error

Hello, I am trying hard to set up SQL replication but without any luck.

I can connect from Gentoo (5.1.50) to Ubuntu (5.1.49) but not the other way around. All I get is SQL connection error.

The important note - I am not entire newbie, so I have correct certificate paths, permissions, CAs, firewall, …

I suspect that Ubuntu/Debian is not compiled with OpenSSL support and there is some misunderstanding between yassl and OpenSSL.

So I would like to ask anybody if they encountered/solved this issue berofe and whether somebody would by willing to assist me.

Just try following and let me know:

mysql -h mechanus.planescape.cz -u root --ssl --ssl-ca cacert.pem

SSL connection error is bad. Access denied is good. Ubuntu/Debian gives me first one, Gentoo second one. Other distro results are appreciated. (and ldd which mysql).

cacert.pem (StartCom Class 2 Intermediate)

-----BEGIN CERTIFICATE-----
MIIGNDCCBBygAwIBAgIBGjANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NzA5WhcNMTcxMDI0MjA1NzA5WjCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4IPlfyiAEh
G5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENVsTUJm9m8
H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1ks3RVG7RL
hiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125w2oLJxGE
d2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhHM7BUxkYa
8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQpZ4rEAwID
AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
VR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaAFE4L7xqkQFul
F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov
L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0
c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu
BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0
BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl
LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAnQfh7pB2MWcWRXCMy4SLS1doRKWJwfJ+
yyiL9edwd9W29AshYKWhdHMkIoDW2LqNomJdCTVCKfs5Y0ULpLA4Gmj0lRPM4EOU
7Os5GuxXKdmZbfWEzY5zrsncavqenRZkkwjHHMKJVJ53gJD2uSl26xNnSFn4Ljox
uMnTiOVfTtIZPUOO15L/zzi24VuKUx3OrLR2L9j3QGPV7mnzRX2gYsFhw3XtsntN
rCEnME5ZRmqTF8rIOS0Bc2Vb6UGbERecyMhK76F2YC2uk/8M1TMTn08Tzt2G8fz4
NVQVqFvnhX76Nwn/i7gxSZ4Nbt600hItuO3Iw/G2QqBMl3nf/sOjn6H0bSyEd6Si
BeEX/zHdmvO4esNSwhERt1Axin/M51qJzPeGmmGSTy+UtpjHeOBiS0N9PN7WmrQQ
oUCcSyrcuNDUnv3xhHgbDlePaVRCaHvqoO91DweijHOZq1X1BwnSrzgDapADDC+P
4uhDwjHpb62H5Y29TiyJS1HmnExUdsASgVOb7KD8LJzaGJVuHjgmQid4YAjff20y
6NjAbx/rJnWfk/x7G/41kNxTowemP4NVCitOYoIlzmYwXSzg+RkbdbmdmFamgyd6
0Y+NWZP8P3PXLrQsldiL98l+x/ydrHIEH9LMF/TtNGCbnkqXBP7dcg5XVFEGcE3v
qhykguAzx/Q=
-----END CERTIFICATE-----

1 Reply

For those interested in trace:

T@6    : >login_connection
T@6    : | info: login_connection called by thread 4
T@6    : | >my_net_set_read_timeout
T@6    : | | enter: timeout: 10
T@6    : | <my_net_set_read_timeout t@6="" :="" |="">my_net_set_write_timeout
T@6    : | | enter: timeout: 10
T@6    : | <my_net_set_write_timeout t@6="" :="" |="" info:="" new="" connection="" received="" on="" tcp="" ip="" (75)="">vio_peer_addr
T@6    : | | enter: sd: 75
T@6    : | | exit: addr: 193.107.161.43
T@6    : | <vio_peer_addr t@6="" :="" |="">_mymalloc
T@6    : | | enter: Size: 15
T@6    : | | exit: ptr: 0xb7e719b0
T@6    : | <_mymalloc
T@6    : | >vio_in_addr
T@6    : | <vio_in_addr t@6="" :="" |="">vio_in_addr
T@6    : | <vio_in_addr t@6="" :="" |="">ip_to_hostname
T@6    : | | >my_hash_first
T@6    : | | <my_hash_first t@6="" :="" |="">_mymalloc
T@6    : | | | enter: Size: 22
T@6    : | | | exit: ptr: 0xb7e4f6c8
T@6    : | | <_mymalloc
T@6    : | | >my_hash_first
T@6    : | | <my_hash_first t@6="" :="" |="" <ip_to_hostname="" info:="" host:="" arcadia.planescape.cz="" ip:="" 193.107.161.43="">vio_keepalive
T@6    : | | enter: sd: 75  set_keep_alive: 1
T@6    : | <vio_keepalive t@6="" :="" |="">net_write_command
T@6    : | | enter: length: 61
T@6    : | <net_write_command t@6="" :="" |="">net_flush
T@6    : | | >vio_is_blocking
T@6    : | | | exit: 0
T@6    : | | <vio_is_blocking t@6="" :="" |="">net_real_write
T@6    : | | | >query_cache_insert
T@6    : | | | <query_cache_insert t@6="" :="" |="">vio_write
T@6    : | | | | enter: sd: 75  buf: 0xb7f033e0  size: 66
T@6    : | | | | exit: 66
T@6    : | | | <vio_write t@6="" :="" |="" <net_real_write="" <net_flush="">vio_is_blocking
T@6    : | | exit: 0
T@6    : | <vio_is_blocking t@6="" :="" |="">vio_read
T@6    : | | enter: sd: 75  buf: 0xb7f033e0  size: 4
T@6    : | | vio_error: Got error 11 during read
T@6    : | | exit: -1
T@6    : | <vio_read 11="" t@6="" :="" |="" info:="" vio_read="" returned="" -1="" errno:="">vio_blocking
T@6    : | | enter: set_blocking_mode: 1  old_mode: 0
T@6    : | | exit: 0
T@6    : | <vio_blocking t@6="" :="" |="">vio_read
T@6    : | | enter: sd: 75  buf: 0xb7f033e0  size: 4
T@6    : | | exit: 4
T@6    : | <vio_read t@6="" :="" |="" packet_header:="" memory:="" 0xb7f033e0="" bytes:="" (4)="">vio_read
T@6    : | | enter: sd: 75  buf: 0xb7f033e0  size: 32
T@6    : | | exit: 32
T@6    : | <vio_read t@6="" :="" |="">vio_blocking
T@6    : | | enter: set_blocking_mode: 0  old_mode: 1
T@6    : | | exit: 0
T@6    : | <vio_blocking t@6="" :="" |="">_mymalloc
T@6    : | | enter: Size: 16392
T@6    : | | exit: ptr: 0xb7e96e48
T@6    : | <_mymalloc
T@6    : | info: client_character_set: 8
T@6    : | info: client capabilities: 241285
T@6    : | info: IO layer change in progress...
T@6    : | >sslaccept
T@6    : | <sslaccept t@6="" :="" |="">ssl_do
T@6    : | | enter: ptr: 0xb7e49a30, sd: 75  ctx: 0xb7e49aa8
T@6    : | | >vio_blocking
T@6    : | | | enter: set_blocking_mode: 1  old_mode: 0
T@6    : | | | exit: 0
T@6    : | | <vio_blocking 10="" t@6="" :="" |="" info:="" ssl:="" 0xb7e6d0b0="" timeout:="" error:="" ssl_connect="" accept="" failure="">report_errors
T@6    : | | | error: error: error:00000005:lib(0):func(0):DH lib
T@6    : | | | info: socket_errno: 0
T@6    : | | <report_errors t@6="" :="" |="">vio_blocking
T@6    : | | | enter: set_blocking_mode: 0  old_mode: 1
T@6    : | | | exit: 0
T@6    : | | <vio_blocking t@6="" :="" |="" <ssl_do="" error:="" failed="" to="" accept="" new="" ssl="" connection="">my_hash_first
T@6    : | | exit: found key at 0
T@6    : | <my_hash_first t@6="" :="" |="">my_error
T@6    : | | my: nr: 1043  MyFlags: 0  errno: 0
T@6    : | <my_error t@6="" :="" |="">my_message_sql
T@6    : | | error: error: 1043  message: 'Bad handshake'
T@6    : | | >query_cache_abort
T@6    : | | <query_cache_abort t@6="" :="" |="">push_warning
T@6    : | | | enter: code: 1043, msg: Bad handshake
T@6    : | | | >query_cache_abort
T@6    : | | | <query_cache_abort t@6="" :="" |="">alloc_root
T@6    : | | | | enter: root: 0xb7ebdf54
T@6    : | | | | exit: ptr: 0xb7eec140
T@6    : | | | <alloc_root t@6="" :="" |="">alloc_root
T@6    : | | | | enter: root: 0xb7ebdf54
T@6    : | | | | exit: ptr: 0xb7eec150
T@6    : | | | <alloc_root t@6="" :="" |="">alloc_root
T@6    : | | | | enter: root: 0xb7ebdf54
T@6    : | | | | exit: ptr: 0xb7eec160
T@6    : | | | <alloc_root t@6="" :="" |="" <push_warning="" <my_message_sql="">net_send_error
T@6    : | | enter: sql_errno: 1043  err: Bad handshake
T@6    : | | >send_error_packet
T@6    : | | <send_error_packet t@6="" :="" |="">net_write_command
T@6    : | | | enter: length: 21
T@6    : | | <net_write_command t@6="" :="" |="">net_flush
T@6    : | | | >vio_is_blocking
T@6    : | | | | exit: 0
T@6    : | | | <vio_is_blocking t@6="" :="" |="">net_real_write
T@6    : | | | | >query_cache_insert
T@6    : | | | | <query_cache_insert t@6="" :="" |="">vio_write
T@6    : | | | | | enter: sd: 75  buf: 0xb7f033e0  size: 26
T@6    : | | | | | exit: 26
T@6    : | | | |</query_cache_insert></vio_is_blocking></net_write_command></send_error_packet></alloc_root></alloc_root></alloc_root></query_cache_abort></query_cache_abort></my_error></my_hash_first></vio_blocking></report_errors></vio_blocking></sslaccept></vio_blocking></vio_read></vio_read></vio_blocking></vio_read></vio_is_blocking></vio_write></query_cache_insert></vio_is_blocking></net_write_command></vio_keepalive></my_hash_first></my_hash_first></vio_in_addr></vio_in_addr></vio_peer_addr></my_net_set_write_timeout></my_net_set_read_timeout> 

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct