Hi all I'm back with a new subject may be the last one was not attractive :) I'm using mysql 4.1.11-2 in Fedora Core 4. I need to set up mysql connections over SLL I follow the mysql manual instructions, create certificates and keys for the CA, the client and the server and modify the /etc/my.cnf file with the ssl-ca, ssl-cert and ssl-key for the client and the mysqld sections of the my.cnf file. My problem is that mysqld log an error describing that it has no permission to read the certificate file, I've been with this for more than 3 days. I'm attaching ls output, my.cnf file, mysqld.log file and a fragment of the mysqld strace output with the open syscall returning error.
Thanks in advance for your time and interest best regards -- ____________________ Israel Fdez. Cabrera [EMAIL PROTECTED]
#>ls / | grep etc drwxr-xr-x 83 root root 12288 Oct 15 16:50 etc #>ls /etc | grep pki drwxr-xr-x 7 root root 4096 Oct 14 17:51 pki #>ls /etc/pki total 104 drwxr-xr-x 3 root root 4096 Oct 14 21:46 CA drwxr-xr-x 3 root root 4096 Oct 8 16:54 dovecot -rwxr-xr-x 1 root root 1088 Oct 8 16:54 gencert.sh -rwxr-xr-x 1 root root 1056 Oct 8 16:54 gencert.sh~ -rw-r--r-- 1 root root 236 Oct 8 16:54 index.txt -rw-r--r-- 1 root root 21 Oct 8 16:54 index.txt.attr -rw-r--r-- 1 root root 21 Oct 8 16:54 index.txt.attr.old -rw-r--r-- 1 root root 118 Oct 8 16:54 index.txt.old drwxr-xr-x 2 root root 4096 Oct 8 16:54 newcerts drwxr-xr-x 2 root root 4096 Oct 8 16:54 rpm-gpg -rw-r--r-- 1 root root 3 Oct 8 16:54 serial -rw-r--r-- 1 root root 3 Oct 8 16:54 serial.old drwxr-xr-x 5 root root 4096 Oct 14 17:51 tls #>ls /etc/pki/tls total 40 lrwxrwxrwx 1 root root 19 Oct 8 16:54 cert.pem -> certs/ca-bundle.crt drwxr-xr-x 2 root root 4096 Oct 15 14:18 certs drwxr-xr-x 2 root root 4096 Oct 8 16:54 misc -r--r--r-- 1 root root 7998 Oct 14 17:59 openssl.cnf drwxr-xr-x 2 root root 4096 Oct 8 16:54 private #>ls /etc/pki/tls/certs total 492 -rw-r--r-- 1 root root 427833 Oct 8 16:54 ca-bundle.crt -rw-r--r-- 1 root root 3617 Oct 14 21:46 client-cert.pem -rw-r--r-- 1 root mysql 887 Oct 8 16:54 client-key.pem -rw-r--r-- 1 root mysql 769 Oct 8 16:54 client-req.pem -rw-r--r-- 1 root root 610 Oct 8 16:54 make-dummy-cert -rw-r--r-- 1 root root 2240 Oct 8 16:54 Makefile -rw-r--r-- 1 root root 3617 Oct 14 21:46 server-cert.pem -rw-r--r-- 1 root root 887 Oct 14 21:46 server-key.pem -rw-r--r-- 1 root mysql 769 Oct 8 16:54 server-req.pem
open("/etc/pki/tls/certs/server-cert.pem", O_RDONLY) = -1 EACCES (Permission denied) write(2, "Error when connection to server "..., 42) = 42 write(2, "1872:error:0200100D:system libra"..., 122) = 122 write(2, "1872:error:20074002:BIO routines"..., 70) = 70 write(2, "1872:error:140AD002:SSL routines"..., 88) = 88 write(2, "Unable to get certificate from \'"..., 68) = 68 open("/etc/pki/CA/cacert.pem", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/pki/tls/cert.pem", O_RDONLY) = -1 EACCES (Permission denied) time([1129246383]) = 1129246383 open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission denied) open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission denied) open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file or directory) socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT (No such file or directory) close(3) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 3
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]