Page MenuHomePhabricator

mysqlbinlog doesn't recognize the ssl-* options in [client]
Closed, ResolvedPublic

Description

Our MariaDB configuration includes ssl-* options in the [client] group that are not recognized by myseldump that will fail.

A workaround is to use the loose-ssl-* options so that only a warning is printed but the program doesn't exit.

See also:

Event Timeline

Yeah, I have used --defaults-config=/etc/.my.cnf or --no-defaults to workaround that. Let's move it to [mysql] and all compatible clients there, but we want both mysqldump and mysql using ssl- there is some pending work on T111654, still, as it is not fully tuned (e.g. not enforced preciselly for this pending issues- mysql client-only machines need also configuration, and we need to redo the cert model.

You can work on this ticket if you want, it is a 4-line change.

I've filed https://mariadb.atlassian.net/browse/MDEV-9605 . Depending on the response, we will fix it with puppet or with a package patch.

jcrespo updated the task description. (Show Details)
jcrespo moved this task from Backlog to Reported Upstream on the Upstream board.
jcrespo moved this task from Reported Upstream to Patch proposed upstream on the Upstream board.

This got fixed upstream. https://jira.mariadb.org/browse/MDEV-9605

root@db1089:~# mysqlbinlog --help | grep ssl
  --ssl               Enable SSL for connection (automatically enabled with
  --ssl-ca=name       CA file in PEM format (check OpenSSL docs, implies
                      --ssl).
  --ssl-capath=name   CA directory (check OpenSSL docs, implies --ssl).
  --ssl-cert=name     X509 cert in PEM format (implies --ssl).
  --ssl-cipher=name   SSL cipher to use (implies --ssl).
  --ssl-key=name      X509 key in PEM format (implies --ssl).
  --ssl-crl=name      Certificate revocation list (implies --ssl).
  --ssl-crlpath=name  Certificate revocation list path (implies --ssl).
  --ssl-verify-server-cert

There is no need to use --defaults-config=/etc/.my.cnf or --no-defaults since 10.0.27.

What about 10.1, do you know when it was fixed there?

jcrespo assigned this task to Marostegui.

In any case, it is fixed on the latest versions:

root@neodymium:~$ /opt/wmf-mariadb101-client/bin/mysqlbinlog --help | grep ssl
  --ssl               Enable SSL for connection (automatically enabled with