Re: Problems Connecting with SSL
Hi! Martin Gainty wrote: > [[...]] > > joerg ..any thoughts on this matter?? Sorry - none. I never dealt with the inner workings of the SSL library. Just seeing file descriptor 2 (standard error) used for socket operations makes me assume *very* strongly that something went wrong well before that part: For some (until now: unknown) reason standard error must have been closed, so that FD 2 became available for the socket creation, and in a MYSQL client application I don't see any reason to ever close standard error. I propose Tim should check the full truss output for some preceding close(2). Hopefully, the surroundings of that call will give a hint what went wrong. (I hope it was caused by some write error, disk full, permission problem, ... which Tim can fix. I of course agree such an error should not make the program do a close(2), but it might happen nonetheless.) That's all I can say here. Regards, Jörg -- Joerg Bruehe, MySQL Build Team, joerg.bru...@oracle.com ORACLE Deutschland B.V. & Co. KG, Komturstrasse 18a, D-12099 Berlin Geschaeftsfuehrer: Juergen Kunz, Marcel v.d. Molen, Alexander v.d. Ven Amtsgericht Muenchen: HRA 95603 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Problems Connecting with SSL
> perhaps a misconfiguration on the failing client .. > can you go to successful client, enable DEBUG level > debugging and log the connection and then go to the > failing client..enable DEBUG level debugging and log > the connection to the failing client this would determine > deltas between the failing and successful connections and > you compare each log side-by-side to ascertain the point > of failure. joerg ..any thoughts on this matter?? Well that's exactly my question: how does one enable debugging of this kind of connection on the mySQL client? I get no more information when I use "--verbose --verbose --verbose" than when I don't. Tim Gustafson Baskin School of Engineering UC Santa Cruz t...@soe.ucsc.edu 831-459-5354 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Problems Connecting with SSL
> Interesting that you can request advice from finland vs > calling from redwood shores CA for technical advice > > first take a look at: > http://dev.mysql.com/doc/refman/5.0/en/secure-basics.html > > once you've determined the algorithm you will want to implement > take a look at SSL 1,2,3 and TLS 1.0,1.1,1.2 and determine which > protocol works best for you > > http://en.wikipedia.org/wiki/Transport_Layer_Security > > feel free to ping me offline for implementation details In my original post, I stated that I had SSL connections up and running on all but this one client. I'm intimately familiar with the inner workings of SSL and TLS, and I'm positive that the servers are configured correctly, and that in general my clients are all able to connect using SSL. It's just this one client that is failing, and absent any useful debugging information, I'm having a hard time understanding why. As to why I didn't call Redwood Shores: I didn't realize that Oracle was in the business of giving out free tech support. I just e-mailed the mySQL general support list, which is usually what I do when I need help from an Open Source software group. :) Tim Gustafson Baskin School of Engineering UC Santa Cruz t...@soe.ucsc.edu 831-459-5354 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Problems Connecting with SSL
> Sorry, but I have to start with a negative remark: > Why, oh why, don't you mention the version number you > are using? I hope it is some roughly current 5.1, but > I'd rather like you to tell it. Doh! Right you are! Sorry, that was totally my bad. mysql> select version(); ++ | version() | ++ | 5.1.51-log | ++ The server and the client are both running FreeBSD as follows: FreeBSD 8.1-RELEASE-p2 Tim Gustafson Baskin School of Engineering UC Santa Cruz t...@soe.ucsc.edu 831-459-5354 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: I can't have "group" as a column name in a table? [SOLVED]
Aveek, Simcha, Johan, Thanks for explaining the situation. I knew there were some reserved words, but I hadn't realized there were so many. Anyway, now that I know I can protect my column names with backticks, I'm good to go. -- Dave M G -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Problems Connecting with SSL
Hi Tim, all!
Sorry, but I have to start with a negative remark:
Why, oh why, don't you mention the version number you are using?
I hope it is some roughly current 5.1, but I'd rather like you to tell it.
Tim Gustafson wrote:
> I have three mySQL server, all of which are SSL-enable and all of which are
> generally accessible from remote clients over SSL.
>
> However, one of my FreeBSD mySQL clients is having problems connecting to any
> of the servers. Running mySQL under truss reports the following:
>
Looking at this output tells something went terribly wrong:
file descriptor 2 is mishandled.
> --
> clock_gettime(13,{1298593067.0 }) = 0 (0x0)
> open("/dev/urandom",O_RDONLY,00) = 4 (0x4)
> read(4,"\a\^V\M-)\^C\M-L{`\M^O\M^@\M-v"...,32) = 32 (0x20)
> sendto(2,"\^V\^C\^A\0Y\^A\0\0U\^C\^A\M-m"...,94,0x0,NULL,0x0) = 94 (0x5e)
> recvfrom(2,"\^V",1,0x2,NULL,0x0) = 1 (0x1)
> ioctl(2,FIONREAD,0xd784) = 0 (0x0)
> recvfrom(2,"\^V\^C\^A\0J\^B\0\0F\^C\^AMf\M-u"...,1819,0x0,NULL,0x0) = 1819
> (0x71b)
In the above lines, socket calls 'sendto()' and 'recvfrom()' are applied
to FD 2. Whatever the transmitted data may be, this should not be done:
FD 2 is "standard error", so it is a file and no socket, and "receiving"
from it doesn't make any sense at all.
As the problem happens only for one of your combinations, I suspect that
for some unknown reason FD 2 was closed in that run, and then this
number got returned when a socket was to be created.
Again, this should not happen: The only reason to close FD 2 should be
to re-open standard error to some other destination, which is unlikely
for the client to do.
> [[...]]
> shutdown(2,SHUT_RDWR) = 0 (0x0)
> close(2) = 0 (0x0)
So FD 2 is closed now.
> fstat(1,{ mode=crw--w ,inode=113,size=0,blksize=4096 }) = 0 (0x0)
> ioctl(1,TIOCGETA,0xe390) = 0 (0x0)
> write(2,"ERROR 2026 (HY000): ",20) ERR#9 'Bad file descriptor'
> write(2,"SSL connection error",20) ERR#9 'Bad file descriptor'
> write(2,"\n",1)ERR#9 'Bad file
> descriptor'
... but with a closed FD 2 there is no chance to output an error message.
(The operations on FD 1 also look suspicious to me.)
> write(1,"\a",1)= 1 (0x1)
> close(4) = 0 (0x0)
> process exit, rval = 1
> --
>
> Can anyone tell me, based on the truss output above, what might be going
> wrong? I'm using the exact same command line options and ssl-ca file that I
> am using on other clients, which can connect successfully.
I can't really tell what happened. It might be that file descriptor 2
(and probably also 1) were closed without good reason, and then creating
a socket (or opening some file) returned these descriptors.
You might check the preceding "truss" output for a "close(2)", IMO that
would likely be an error - but I have no idea why it happened.
>
> (As an aside: feature request: better SSL connection debugging, please!)
I assume your SSL problems might just be a consequence of inappropriate
actions on FDs 1 and 2. Did you do any redirection, are you running into
"disk full", or is there any similar rsk on your stdout and stderr?
HTH,
Jörg
--
Joerg Bruehe, MySQL Build Team, joerg.bru...@oracle.com
ORACLE Deutschland B.V. & Co. KG, Komturstrasse 18a, D-12099 Berlin
Geschaeftsfuehrer: Juergen Kunz, Marcel v.d. Molen, Alexander v.d. Ven
Amtsgericht Muenchen: HRA 95603
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: memcached enabled
http://forums.mysql.com/read.php?150,205138,205138#msg-205138 Am 25.02.2011 12:21, schrieb Willy Mularto: > As per subject. How to setup MySQL memcached enabled? > > Willy Mularto > F300HD+MR18DE signature.asc Description: OpenPGP digital signature
memcached enabled
As per subject. How to setup MySQL memcached enabled? Willy Mularto F300HD+MR18DE -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
