Hello Jean, Thank you for taking the time to file a bug report.
So, in a clean Focal installation, if I do: """ !includedir /etc/mysql/conf.d/ !includedir /etc/mysql/mysql.conf.d/ [mysql] ssl-ca=/etc/mysql/ssl/ca.pem ssl-cert=/etc/mysql/ssl/client-cert.pem ssl-key=/etc/mysql/ssl/client-key.pem ssl-capath=/etc/mysql/ssl/ [mysqld] ssl-ca=/etc/mysql/ssl/ca.pem ssl-cert=/etc/mysql/ssl/server-cert.pem ssl-key=/etc/mysql/ssl/server-key.pem ssl-capath=/etc/mysql/ssl/ """ in my.cnf... I get: 2020-08-14T18:16:44.983214Z 0 [Warning] [MY-013414] [Server] Server SSL certificate doesn't verify: self signed certificate 2020-08-14T18:16:44.983499Z 0 [Warning] [MY-010068] [Server] CA certificate /etc/mysql/ssl/ca.pem is self signed. 2020-08-14T18:16:44.983822Z 0 [Warning] [MY-010068] [Server] CA certificate /etc/mysql/ssl//ca.pem is self signed. 2020-08-14T18:16:44.984106Z 0 [Warning] [MY-010068] [Server] CA certificate /etc/mysql/ssl//server-cert.pem is self signed. 2020-08-14T18:16:44.984412Z 0 [Warning] [MY-010068] [Server] CA certificate /etc/mysql/ssl//client-cert.pem is self signed. 2020-08-14T18:16:44.984777Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel. in /var/log/mysql/error.log. Meaning that my certificate is being used. When testing: mysql> status -------------- mysql Ver 8.0.21-0ubuntu0.20.04.4 for Linux on x86_64 ((Ubuntu)) Connection id: 19 Current database: Current user: root@localhost SSL: Cipher in use is TLS_AES_256_GCM_SHA384 Current pager: less -R --chop-long-lines Using outfile: '' Using delimiter: ; Server version: 8.0.21-0ubuntu0.20.04.4 (Ubuntu) Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8mb4 Db characterset: utf8mb4 Client characterset: utf8mb4 Conn. characterset: utf8mb4 UNIX socket: /var/run/mysqld/mysqld.sock Binary data as: Hexadecimal Uptime: 7 min 57 sec and all certificates were created using Example 1 of https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using- openssl.html. Permissions are: $ ls -lahR ssl ssl: total 40K drwxr-x--- 2 mysql root 4.0K Aug 14 18:31 . drwxr-xr-x 5 root root 4.0K Aug 14 17:40 .. -rw------- 1 mysql root 1.7K Aug 14 18:29 ca-key.pem -rw-r--r-- 1 mysql root 1.4K Aug 14 18:29 ca.pem -rw-r--r-- 1 mysql root 1.2K Aug 14 18:29 client-cert.pem -rw-r--r-- 1 mysql root 1.7K Aug 14 18:29 client-key.pem -rw------- 1 mysql root 1001 Aug 14 18:29 client-req.pem -rw------- 1 mysql root 1.2K Aug 14 18:29 server-cert.pem -rw------- 1 mysql root 1.7K Aug 14 18:29 server-key.pem -rw------- 1 mysql root 1001 Aug 14 18:29 server-req.pem Note that some files are +r just so my user can read them when executing mysql client. With all that said, could you point out where you think the bug is and/or a way to reproduce what you are facing ? Note: your openssl s_client command should change CA and verification paths to the place where you're placing the SSL certificates for mysql server. Nevertheless, its much easier to simply test it using the mysql client using the same configuration changes as [mysqld] in my.cnf. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: mysql-8.0 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1890611 Title: mysql-server does not take into account configured ssl parameters To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1890611/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
