any help on this? im rally stuck, the new mysql server only accept ssl connections and i have to connect an exim to it but doesn't work
anyone had success using SSL with mysql? Il gio 23 mag 2024, 20:54 Gandalf Corvotempesta < gandalf.corvotempe...@gmail.com> ha scritto: > This is a strace when trying to connect to a mysql server that has SSL > forced (that's why i'm hitting an access denied) > Now the configuration file is read as expected, but the option group > that is forcing the ssl-mode seems to be ignored > (honestly, as default, ssl is preferred, it should connect via ssl > anyway even without an option group) > > > > openat(AT_FDCWD, "/etc/mysql/my.cnf", O_RDONLY) = 3 > newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1174, ...}, > AT_EMPTY_PATH) = 0 > read(3, "# The MariaDB configuration file"..., 4096) = 1174 > access("/etc/mysql/conf.d//my.cnf", R_OK) = -1 ENOENT (No such file or > directory) > access("/etc/mysql/mariadb.conf.d/my.cnf", R_OK) = -1 ENOENT (No such > file or directory) > openat(AT_FDCWD, "/etc/mysql/mariadb.conf.d/99-exim.cnf", O_RDONLY) = 4 > newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=31, ...}, AT_EMPTY_PATH) > = 0 > read(4, "[exim]\n ssl-mode = REQUIRED\n", 4096) = 31 > read(4, "", 4096) = 0 > close(4) = 0 > read(3, "", 4096) = 0 > close(3) = 0 > getpid() = 3743075 > socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3 > fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 > connect(3, {sa_family=AF_INET, sin_port=htons(3306), > sin_addr=inet_addr("10.111.1.1")}, 16) = -1 EINPROGRESS (Operation now > in progress) > clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=1000}, NULL) = 0 > poll([{fd=3, events=POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}]) > getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 > fcntl(3, F_SETFL, O_RDONLY) = 0 > setsockopt(3, SOL_IP, IP_TOS, [8], 4) = 0 > setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0 > setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 > recvfrom(3, 0x55c7fbdd3e60, 16384, MSG_DONTWAIT, NULL, NULL) = -1 > EAGAIN (Resource temporarily unavailable) > poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}]) > recvfrom(3, "Q\0\0\0\n8.0.31-google\0\274=\2\0\35+\36H\1\31!\4\0"..., > 16384, MSG_DONTWAIT, NULL, NULL) = 85 > sendto(3, "\306\0\0\1\215\242\276\0\0\0\0@ > -\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 202, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 202 > recvfrom(3, 0x55c7fbdd3e60, 16384, MSG_DONTWAIT, NULL, NULL) = -1 > EAGAIN (Resource temporarily unavailable) > poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}]) > recvfrom(3, "J\0\0\2\377\25\4#28000Access denied for u"..., 16384, > MSG_DONTWAIT, NULL, NULL) = 78 > close(3) = 0 > newfstatat(1, "", {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x5), > ...}, AT_EMPTY_PATH) = 0 > write(1, "Failed: lookup of \"SELECT 1 \" ga"..., 133Failed: lookup of > "SELECT 1 " gave DEFER: MYSQL connection failed: Access denied for > user 'xxx'@'10.111.1.2' (using password: YES) > ) = 133 > futex(0x7fceb027e5d8, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > > Il giorno mer 22 mag 2024 alle ore 20:51 Gandalf Corvotempesta > <gandalf.corvotempe...@gmail.com> ha scritto: > > > > ok now the file is read as expected, i can see it from the trace, but > > i'm still getting > > access denied because the connection is not made with SSL. > > > > I'm out of ideas > > > > Il giorno ven 17 mag 2024 alle ore 21:39 Gandalf Corvotempesta > > <gandalf.corvotempe...@gmail.com> ha scritto: > > > > > > Il giorno ven 17 mag 2024 alle ore 16:37 Jeremy Harris via Exim-users > > > <exim-users@lists.exim.org> ha scritto: > > > > If there were, then it should go on to try those files. > > > > This is not an Exim problem. > > > > > > This is the issue: > > > https://jira.mariadb.org/browse/CONC-396 > -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/