First of all thanks for you answer...
would you like to give me some hinst about what should me condifured in SELinux?
best regards
Israel
On 10/17/05, Gleb Paharenko <[EMAIL PROTECTED]> wrote:
> Hello.
>
>
>
> It is a bit confusing for me. Really, MySQL has all permissions for
>
> reading those files. Do you have SELinux enabled? Sometimes it is
>
> the source of the problems, you should have it properly configured.
>
>
>
>
>
> Israel Fern$ndez Cabrera <[EMAIL PROTECTED]> wrote:
>
> >List: MySQL General Discussion « Previous Message
>
> >From: Israel Fernández Cabrera Date: October 17 2005 10:18pm
>
> >Subject: SSL connection error
>
> >Get Plain Text
>
> >
>
> >Hi all
>
> >
>
> >I'm back with a new subject may be the last one was not attractive :)
>
> >I'm using mysql 4.1.11-2 in Fedora Core 4. I need to set up mysql
>
> >connections over SLL I follow the mysql manual instructions, create
>
> >certificates and keys for the CA, the client and the server and modify
>
> >the /etc/my.cnf file with the ssl-ca, ssl-cert and ssl-key for the
>
> >client and the mysqld sections of the my.cnf file.
>
> >My problem is that mysqld log an error describing that it has no
>
> >permission to read the certificate file, I've been with this for more
>
> >than 3 days.
>
> >I'm attaching ls output, my.cnf file, mysqld.log file and a fragment
>
> >of the mysqld strace output with the open syscall returning error.
>
> >
>
> >Thanks in advance for your time and interest
>
> >
>
> >best regards
>
> >
>
> >--
>
> >____________________
>
> >Israel Fdez. Cabrera
>
> >[EMAIL PROTECTED]
>
> >
>
> >#>ls / | grep etc
>
> >drwxr-xr-x 83 root root 12288 Oct 15 16:50 etc
>
> >
>
> >#>ls /etc | grep pki
>
> >drwxr-xr-x 7 root root 4096 Oct 14 17:51 pki
>
> >
>
> >#>ls /etc/pki
>
> >total 104
>
> >drwxr-xr-x 3 root root 4096 Oct 14 21:46 CA
>
> >drwxr-xr-x 3 root root 4096 Oct 8 16:54 dovecot
>
> >-rwxr-xr-x 1 root root 1088 Oct 8 16:54 gencert.sh
>
> >-rwxr-xr-x 1 root root 1056 Oct 8 16:54 gencert.sh~
>
> >-rw-r--r-- 1 root root 236 Oct 8 16:54 index.txt
>
> >-rw-r--r-- 1 root root 21 Oct 8 16:54 index.txt.attr
>
> >-rw-r--r-- 1 root root 21 Oct 8 16:54 index.txt.attr.old
>
> >-rw-r--r-- 1 root root 118 Oct 8 16:54 index.txt.old
>
> >drwxr-xr-x 2 root root 4096 Oct 8 16:54 newcerts
>
> >drwxr-xr-x 2 root root 4096 Oct 8 16:54 rpm-gpg
>
> >-rw-r--r-- 1 root root 3 Oct 8 16:54 serial
>
> >-rw-r--r-- 1 root root 3 Oct 8 16:54 serial.old
>
> >drwxr-xr-x 5 root root 4096 Oct 14 17:51 tls
>
> >
>
> >#>ls /etc/pki/tls
>
> >total 40
>
> >lrwxrwxrwx 1 root root 19 Oct 8 16:54 cert.pem -> certs/ca-bundle.crt
>
> >drwxr-xr-x 2 root root 4096 Oct 15 14:18 certs
>
> >drwxr-xr-x 2 root root 4096 Oct 8 16:54 misc
>
> >-r--r--r-- 1 root root 7998 Oct 14 17:59 openssl.cnf
>
> >drwxr-xr-x 2 root root 4096 Oct 8 16:54 private
>
> >
>
> >#>ls /etc/pki/tls/certs
>
> >total 492
>
> >-rw-r--r-- 1 root root 427833 Oct 8 16:54 ca-bundle.crt
>
> >-rw-r--r-- 1 root root 3617 Oct 14 21:46 client-cert.pem
>
> >-rw-r--r-- 1 root mysql 887 Oct 8 16:54 client-key.pem
>
> >-rw-r--r-- 1 root mysql 769 Oct 8 16:54 client-req.pem
>
> >-rw-r--r-- 1 root root 610 Oct 8 16:54 make-dummy-cert
>
> >-rw-r--r-- 1 root root 2240 Oct 8 16:54 Makefile
>
> >-rw-r--r-- 1 root root 3617 Oct 14 21:46 server-cert.pem
>
> >-rw-r--r-- 1 root root 887 Oct 14 21:46 server-key.pem
>
> >-rw-r--r-- 1 root mysql 769 Oct 8 16:54 server-req.pem
>
> >
>
> >
>
> >open("/etc/pki/tls/certs/server-cert.pem", O_RDONLY) = -1 EACCES (Permission
> >denied)
>
> >write(2, "Error when connection to server "..., 42) = 42
>
> >write(2, "1872:error:0200100D:system libra"..., 122) = 122
>
> >write(2, "1872:error:20074002:BIO routines"..., 70) = 70
>
> >write(2, "1872:error:140AD002:SSL routines"..., 88) = 88
>
> >write(2, "Unable to get certificate from \'"..., 68) = 68
>
> >open("/etc/pki/CA/cacert.pem", O_RDONLY) = -1 EACCES (Permission denied)
>
> >open("/etc/pki/tls/cert.pem", O_RDONLY) = -1 EACCES (Permission denied)
>
> >time([1129246383]) = 1129246383
>
> >open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission
> >denied)
>
> >open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission
> >denied)
>
> >open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file
> >or directory)
>
> >socket(PF_FILE, SOCK_STREAM, 0) = 3
>
> >connect(3, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT
> >(No such file or
>
> >directory)
>
> >close(3) = 0
>
> >socket(PF_FILE, SOCK_STREAM, 0) = 3
>
> >
>
> >
>
> >Thread
>
> >
>
> > * SSL connection error - Israel Fernández Cabrera, October 17 2005
> > 10:17pm
>
> >
>
> >
>
> >(c) 1995-2004 MySQL AB. All rights reserved.
>
> >
>
> > * MySQL.com Home
>
> > * Site Map
>
> > * Contact Us
>
> > * Privacy Policy
>
> > * Trademark Info
>
> >
>
> >
>
> >
>
>
>
> --
> For technical support contracts, goto https://order.mysql.com/?ref=ensita
> This email is sponsored by Ensita.NET http://www.ensita.net/
> __ ___ ___ ____ __
> / |/ /_ __/ __/ __ \/ / Gleb Paharenko
> / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED]
> /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.NET
> <___/ www.mysql.com
>
>
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
>
>
--
____________________
Israel Fdez. Cabrera
[EMAIL PROTECTED]
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
