Thursday, October 15, 2009

SSL problem.

I now have problems with SSL and mysql.

I can connect from sol to cumulus with ssl:

erl@sol:~$ mysql -h 172.16.1.21 --ssl --ssl-ca=/tmp/ca-cert.pem -P 3306 -p

But I can't do the same thing from cirrus via port 3306 forwarded from sol to cumulus:

erl@cirrus:~$ mysql --ssl --ssl-ca=ca-cert.pem -h www.lewin.nu -p -P 3306
Enter password:
ERROR 2026 (HY000): SSL connection error

Does the problem have to do with port forwarding?

From symphony.stenius.org, I can:

[erl@symphony erl]$ mysql -h www.lewin.nu -p
Enter password:
ERROR 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client

Which indicates that the port forwarding works, but that symphony doesn't have an ssl enabled mysql client.

Doing the same thing on cirrus:

erl@cirrus:~$ mysql -h www.lewin.nu -p
Enter password:
ERROR 1045 (28000): Access denied for user 'erl'@'1-1-6-5a.o.sth.bostream.se' (using password: YES)

Looks like the port forwarding works to me. How to debug the ssl?

Found this on debugging ssl connections:

http://www.cyberciti.biz/tips/debugging-ssl-communications-from-unix-shell-prompt.html

So I try this:

erl@cirrus:~$ openssl s_client -ssl2 -connect sol.lewin.nu:3306
CONNECTED(00000003)
17539:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Sigh. Stuck here.

No comments: