Unsupported Screen Size: The viewport size is too small for the theme to render properly.

Mistaken SSL error connecting to MariaDB 10.1

forums forums SQLyog SQLyog: Bugs / Feature Requests Mistaken SSL error connecting to MariaDB 10.1

Viewing 1 reply thread
  • Author
    Posts
    • #35998
      falcon
      Participant

      When I try to connect to MariaDB 10.1 in SSL mode, hitting the Test Connection button displays the following error: “You are trying to connect through SSL to a server which is not configured for SSL.
      SQLyog will continue connecting in normal mode.”

      The connection then succeeds, even though that particular user has REQUIRE SSL grants (which is the correct behavior). So I assume it’s using SSL despite the message to the contrary.

      If I then disable SSL encryption, trying to connect will fail (again, as expected).

      The message is obviously mistaken. This may be because MariaDB uses has_ssl and has_openssl separately to determine whether it was compiled with openSSL or YaSSL.

      Output from “Show Variables LIKE ‘%ssl%'”:

      "Variable_name"	"Value"
      "have_openssl"	"NO"
      "have_ssl"	"YES"
      "ssl_ca"	"/etc/mysql/ssl/ca-cert.pem"
      "ssl_capath"	""
      "ssl_cert"	"/etc/mysql/ssl/server-cert.pem"
      "ssl_cipher"	""
      "ssl_crl"	""
      "ssl_crlpath"	""
      "ssl_key"	"/etc/mysql/ssl/server-key.pem"
      "version_ssl_library"	"YaSSL 2.4.2"

      SHOW GRANTS FOR rootssl@<ip>:
      GRANT ALL PRIVILEGES ON *.* TO ‘rootssl’@'<ip>’ IDENTIFIED BY PASSWORD ‘*<pass>’ REQUIRE SSL WITH GRANT OPTION

    • #36004
      Sibin A S
      Moderator

      Hi,

      The output that you shared shows “have_openssl” has the value ‘NO’. This means that you need to recompile or reinstall MySQL.

      If you see “DISABLED” next to “have_openssl” and “have_ssl”, great – that means that your copy of MySQL supports SSL. and if ‘Yes’ then SSL is setup.

      Please refer the MySQL official documentation, here

      Regards,
      Sibin

Viewing 1 reply thread
  • You must be logged in to reply to this topic.