[CentOS] C5 recent openssl update breaks mysql SSL connection

Mon Aug 17 17:18:07 UTC 2015
Johnny Hughes <johnny at centos.org>

On 08/17/2015 11:19 AM, Johnny Hughes wrote:
> On 08/17/2015 10:57 AM, Tony Mountifield wrote:
>> I recently applied updates to a CentOS 5 box running MySQL. I've discovered
>> that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL
>> connections.
>>
>> If I rename /lib/libssl.so.0.9.8e and replace it with the old version of
>> that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next
>> oldest, but it was handy), then SSL connection to MySQL works again.
>>
>> I then performed cross-checks using the server with new libssl and the
>> client with old, and then vice versa. What I found was that it didn't
>> matter whether the server was started with the old libssl or the new libssl.
>> In both cases, the mysql client would only connect using the old libssl,
>> and not when using the new libssl.
>>
>> When it works with the old libssl, I can confirm that SSL is in use:
>>
>> mysql> \s
>> --------------
>> mysql  Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1
>>
>> Connection id:          2
>> Current database:
>> Current user:           root at localhost
>> SSL:                    Cipher in use is DHE-RSA-AES256-SHA
>>
>> The error with the new libssl looks like this:
>>
>> [root at hostname ~]# mysql
>> ERROR 2026 (HY000): SSL connection error
>>
>> Has anyone else come across this? Is it a bug in SSL? Or a new restriction?
>> Do I need to regenerate my certificates using the new openssl?
>>
>> Cheers
>> Tony
>>
> 
> You should now be using mysql55 on CentOS-5, not mysql-5.0

In case you did not understand my post, here is how one is supposed to
move from mysql-5.0 to mysql55 and why:

https://rhn.redhat.com/errata/RHEA-2013-1329.html

https://rhn.redhat.com/errata/RHEA-2013-1330.html

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150817/7a1ef6f1/attachment-0005.sig>