I recently applied updates to a CentOS 5 box running MySQL. I've discovered
that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL
connections.
If I rename /lib/libssl.so.0.9.8e and replace it with the old version of
that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next
oldest, but it was handy), then SSL connection to MySQL works again.
I then performed cross-checks using the server with new libssl and the
client with old, and then vice versa. What I found was that it didn't
matter whether the server was started with the old libssl or the new libssl.
In both cases, the mysql client would only connect using the old libssl,
and not when using the new libssl.
When it works with the old libssl, I can confirm that SSL is in use:
mysql> \s
--------------
mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1
Connection id: 2
Current database:
Current user: root@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
The error with the new libssl looks like this:
[root@hostname ~]# mysql
ERROR 2026 (HY000): SSL connection error
Has anyone else come across this? Is it a bug in SSL? Or a new restriction?
Do I need to regenerate my certificates using the new openssl?
Cheers
Tony
--
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
