Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162079 - mysqld does not support --ssl-ca --ssl-cert --ssl-key
Summary: mysqld does not support --ssl-ca --ssl-cert --ssl-key
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mysql
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-29 18:49 UTC by Jim Hanley
Modified: 2013-07-03 03:06 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-29 22:17:51 UTC


Attachments (Terms of Use)

Description Jim Hanley 2005-06-29 18:49:07 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2

Description of problem:
When using the options mentioned above in the my.cnf file, I get the following in the /var/log/mysqld.log file:
050629 09:19:58  mysqld started
/usr/libexec/mysqld: unrecognized option `--ssl-ca=/etc/mysql/openssl/cacert.pem'

It is apparent that MySQLd is built without ssl suppport.

Version-Release number of selected component (if applicable):
mysql-server-3.23.58-16.FC3.1

How reproducible:
Always

Steps to Reproduce:
1. Generate cacert.pem, server-cert.pem server-key.pem
2. Add the following to the mysqld section of the my.cnf file:
ssl-ca=/etc/mysql/openssl/cacert.pem
ssl-cert=/etc/mysql/openssl/server-cert.pem
ssl-key=/etc/mysql/openssl/server-key.pem

3. /etc/init.d/mysqld restart

Actual Results:  Stopping MySQL:                                            [  OK  ]
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL:                                            [FAILED]

Log contains error mentioned above

Expected Results:  Should use options as explained in section 5.7.7.5. SSL Command-Line Options of the MySQL online manual.

Additional info:

I beleive all that is needed is an adjustment in the spec file to include a dependancy for ssl and to compile ssl into the rpm.

Although marked as an enhancement, I beleive that this is really a security issue for systems where the DB backend and web frontend are disjoint.  I levase it up to the EIC to make that judgement.

Comment 1 Tom Lane 2005-06-29 22:17:51 UTC
This is done in Fedora Core 4.


Note You need to log in before you can comment on or make changes to this bug.