[Bug 1076656] Re: mysql --ssl-capath option doesn't work
Norvald H. Ryeng
norvald.ryeng at oracle.com
Fri Nov 9 08:52:42 UTC 2012
Despite "have_openssl YES", the community edition of MySQL uses yaSSL,
not OpenSSL (have_openssl is just an alias for have_ssl). You've
probably stumbled upon this difference between OpenSSL and yaSSL (cut
and pasted from http://dev.mysql.com/doc/refman/5.5/en/ssl-options.html
#option_general_ssl-capath):
"MySQL distributions built with OpenSSL support the --ssl-capath option.
Distributions built with yaSSL do not because yaSSL does not look in any
directory and does not follow a chained certificate tree. yaSSL requires
that all components of the CA certificate tree be contained within a
single CA certificate tree and that each certificate in the file has a
unique SubjectName value. To work around this yaSSL limitation,
concatenate the individual certificate files comprising the certificate
tree into a new file. Then specify the new file as the value of the
--ssl-capath option."
The reason this changed is probably that the build options used when
packaging for Ubuntu changed. Earlier versions of MySQL in Ubuntu may
have been linked against OpenSSL since it was built with the
WITH_SSL=yes option. This made the build system pick up OpenSSL if it
was installed on the system and use the bundled yaSSL library otherwise,
so which library the package used depended on whether the system where
the package was built happened to have OpenSSL installed or not. This is
obviously not good, so in more recent builds this option has been set to
WITH_SSL=bundled, wich means that the bundled yaSSL library will always
be used.
Regards,
Norvald H. Ryeng
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1076656
Title:
mysql --ssl-capath option doesn't work
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.1/+bug/1076656/+subscriptions
More information about the Ubuntu-server-bugs
mailing list