Re: Replication error: Unable to get certificate

[Alex Greg]

 Master_SSL_Allowed: Yes
 Master_SSL_CA_File: /root/.mysql/cacert.pem
 Master_SSL_CA_Path: /root/.mysql/
Master_SSL_Cert: /root/.mysql/client-cert.pem
  Master_SSL_Cipher:
 Master_SSL_Key: /root/.mysql/client-key.pem
  Seconds_Behind_Master: 0

[...]

SSL:3017771936:error:0200100D:system library:fopen:Permission
denied:bss_file.c:352:fopen('/root/.mysql/client-cert.pem','r')


MySQL (which runs as the mysql user) isn't going to be able to read
the certificates out of root's home directory, which is only readable
by root.

Put the certificates somewhere where the mysql user can read them -
your data directory would be a sensible place.

-- Alex

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

Replication error: Unable to get certificate

[Amit Dor-Shifer]

Hi

I've followed the replication procedure, as instructed on the online
manual.
I want to use replication over SSL.

I've followed this procedure to create test SSL certificates, keys, etc.

http://dev.mysql.com/doc/refman/4.1/en/secure-create-certs.html

On slave machine:

mysql show slave status\G
*** 1. row ***
 Slave_IO_State: Waiting for master to send event
Master_User: repl
  Connect_Retry: 60
Master_Log_File: amit0-bin.60
Read_Master_Log_Pos: 79
 Relay_Log_File: core1-relay-bin.03
  Relay_Log_Pos: 337
  Relay_Master_Log_File: amit0-bin.60
   Slave_IO_Running: Yes
  Slave_SQL_Running: Yes
Replicate_Do_DB: overdrive
Replicate_Ignore_DB:
 Replicate_Do_Table:
 Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
 Last_Errno: 0
 Last_Error:
   Skip_Counter: 0
Exec_Master_Log_Pos: 79
Relay_Log_Space: 337
Until_Condition: None
 Until_Log_File:
  Until_Log_Pos: 0
 Master_SSL_Allowed: Yes
 Master_SSL_CA_File: /root/.mysql/cacert.pem
 Master_SSL_CA_Path: /root/.mysql/
Master_SSL_Cert: /root/.mysql/client-cert.pem
  Master_SSL_Cipher:
 Master_SSL_Key: /root/.mysql/client-key.pem
  Seconds_Behind_Master: 0

# mysql --version
mysql  Ver 14.7 Distrib 4.1.21, for pc-linux-gnu (i686) using readline 5.1

Replication seems to work. It's even using SSL. However I'm getting the
following error in log:

061123 10:30:53 [Note] Slave SQL thread initialized, starting
replication in log 'amit0-bin.60' at position 79, relay log
'./core1-relay-bin.03' position: 294
Error when connection to server using
SSL:3017771936:error:0200100D:system library:fopen:Permission
denied:bss_file.c:352:fopen('/root/.mysql/client-cert.pem','r')
3017771936:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
3017771936:error:140AD002:SSL
routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:470:
Unable to get certificate from '/root/.mysql/client-cert.pem'

Why is this error message generated? How come replication is happening
and IS secured after all?

I've found this bug: http://bugs.mysql.com/bug.php?id=11169
Is this the same issue? As I'm currently using a lesser version than
that for-which this bug is reported, can I assume an upgrade will solve it?


Thanks, Amit



-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]