Thursday, October 15, 2009

SSL problem.

I now have problems with SSL and mysql.

I can connect from sol to cumulus with ssl:

erl@sol:~$ mysql -h --ssl --ssl-ca=/tmp/ca-cert.pem -P 3306 -p

But I can't do the same thing from cirrus via port 3306 forwarded from sol to cumulus:

erl@cirrus:~$ mysql --ssl --ssl-ca=ca-cert.pem -h -p -P 3306
Enter password:
ERROR 2026 (HY000): SSL connection error

Does the problem have to do with port forwarding?

From, I can:

[erl@symphony erl]$ mysql -h -p
Enter password:
ERROR 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client

Which indicates that the port forwarding works, but that symphony doesn't have an ssl enabled mysql client.

Doing the same thing on cirrus:

erl@cirrus:~$ mysql -h -p
Enter password:
ERROR 1045 (28000): Access denied for user 'erl'@'' (using password: YES)

Looks like the port forwarding works to me. How to debug the ssl?

Found this on debugging ssl connections:

So I try this:

erl@cirrus:~$ openssl s_client -ssl2 -connect
17539:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Sigh. Stuck here.

No comments: