Percona Server moved to https://jira.percona.com/projects/PS

SSL certificate revocation list-related MTR tests fail on some platforms with -DWITH_SSL=system

Bug #1248046 reported by Laurynas Biveinis on 2013-11-05

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
MySQL Server	Unknown	Unknown	mysql-bugs #70998
Percona Server moved to https://jira.percona.com/projects/PS	Fix Released	Medium	Sergei Glushchenko	Percona Server moved to https://jira.percona.com/projects/PS 5.6.15-63.0
5.1	Invalid	Undecided	Unassigned
5.5	Invalid	Undecided	Unassigned
5.6	Fix Released	Medium	Sergei Glushchenko	Percona Server moved to https://jira.percona.com/projects/PS 5.6.15-63.0

Bug Description

After adding -DWITH_SSL=system to Jenkins to match how the packages are built, ssl_crl and ssl_crl_crlpath tests start to fail on
- Ubuntu Lucid;
- Debian 6;
- CentOS 5.

A sample ssl_crl failure:

main.ssl_crl w1 [ fail ]
Test ended at 2013-11-04 15:08:04

CURRENT_TEST: main.ssl_crl
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
mysqltest: At line 18: command "$MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem --ssl-crlpath=$MYSQL_TEST_DIR/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';"" failed

Output from before failure:
exec of '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/client//mysql --defaults-file=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/1/my.cnf --ssl-ca=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-ca-cert.pem --ssl-key=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-key.pem --ssl-cert=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-cert.pem --ssl-crlpath=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crldir test -e "SHOW VARIABLES like '%ssl%';"' failed, error: 256, status: 1, errno: 0

The result from queries just before the failure was:
# test --crl for the client : should connect
Variable_name Value
have_openssl YES
have_ssl YES
ssl_ca MYSQL_TEST_DIR/std_data/crl-ca-cert.pem
ssl_capath
ssl_cert MYSQL_TEST_DIR/std_data/crl-server-cert.pem
ssl_cipher
ssl_crl MYSQL_TEST_DIR/std_data/crl-client-revoked.crl
ssl_crlpath
ssl_key MYSQL_TEST_DIR/std_data/crl-server-key.pem
# test --crlpath for the client : should connect

- saving '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/1/log/main.ssl_crl/' to '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/log/main.ssl_crl/'

A sample ssl_crl_crlpath failure:

main.ssl_crl_crlpath w2 [ fail ]
Test ended at 2013-11-04 15:08:05

CURRENT_TEST: main.ssl_crl_crlpath
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
mysqltest: At line 14: command "$MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/crl-ca-cert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/crl-client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/crl-client-cert.pem test --ssl-crl=$MYSQL_TEST_DIR/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';"" failed

Output from before failure:
exec of '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/client//mysql --defaults-file=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/2/my.cnf --ssl-ca=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-ca-cert.pem --ssl-key=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-key.pem --ssl-cert=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-cert.pem test --ssl-crl=/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/mysql-test/std_data/crl-client-revoked.crl -e "SHOW VARIABLES like '%ssl%';"' failed, error: 256, status: 1, errno: 0

The result from queries just before the failure was:
# test --crl for the client : should connect

- saving '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/2/log/main.ssl_crl_crlpath/' to '/mnt/workspace/percona-server-5.6-trunk/BUILD_TYPE/debug/Host/centos5-64/Percona-Server/build/mysql-test/var/log/main.ssl_crl_crlpath/'

Full run at http://jenkins.percona.com/job/percona-server-5.6-trunk/183/ and later.

Tags:

Related branches

lp:~sergei.glushchenko/percona-server/5.6-ps-bug1248046

Merged into lp:percona-server/5.6 at revision 496

Laurynas Biveinis (community): Approve on 2013-11-12

Laurynas Biveinis (laurynas-biveinis) on 2013-11-05

tags:

added: ci ssl

Revision history for this message

Laurynas Biveinis (laurynas-biveinis) wrote on 2013-11-12:

Sergei -

Please report this to the upstream, attach the MP as a contribution, and link the bug report here. Thanks!

tags:

added: upstream

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-25:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1445

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

mysql-bugs #70998 Edit

Bug watches keep track of this bug in other bug trackers.