Strange behavior between Mysql, MariaDB and SSL.
Heriberto Torrado
htorrado at networkdreams.net
Mon Aug 24 18:25:36 EDT 2020
Dear livecode programmers,
For a few years we ran an internal app that accessed a MariaDB database
(no PHP or LiveCode Server middleware, just a raw connection) using SSL.
The server running the database is old, so we moved to a new one.
The new one comes with a Mysql 8 Database instead of MariaDB and the SSL
encryption suddenly stopped working.
The new MYSQL database has a working SSL encryption cert (Let's encrypt).
There are the tests:
*From the server:*
mysql> show variables like '%ssl%';
+--------------------+--------------------------------+
| Variable_name | Value |
+--------------------+--------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| ssl_ca | /var/lib/mysql/pki/chain.pem |
| ssl_capath | |
| ssl_cert | /var/lib/mysql/pki/cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | /var/lib/mysql/pki/privkey.pem |
+--------------------+--------------------------------+
17 rows in set (0.00 sec)
*From a client forcing using SSL (from remote machine):*
MySQL [(none)]> show status like 'ssl_cipher';
+---------------+------------------------+
| Variable_name | Value |
+---------------+------------------------+
| Ssl_cipher | TLS_AES_256_GCM_SHA384 |
+---------------+------------------------+
Server: Centos 8.0
This is the error I get: SSL connection error.
This is my livecode DB sequence connection (From a Livecode 9.5 Indy
version).
put revOpenDatabase("mysql", tserver, tDatabaseName, tuser,
tpass,true,,,true) into tResult
if tResult is a number then
put tResult into gConnectionID
else
put empty into gConnectionID
answer error "Upps, Cannot connect to the data base!, ¡Hay
problemas!, Try it again: "& cr & tResult
exit to top
end if
Do you know what can be the problem?
--
Best regards/ Saludos cordiales/ Cordialement
Heriberto Torrado
Chief Technology Officer (CTO)
Director de informática
Directeur informatique
*NetDreams S.C.*
http://www.networkdreams.net
Address / Dirección / Adresse:
*USA: *538 East 85th Street, #1C Manhattan NY, NY 10028 USA
*Europe / Europa: *Paseo de la Castellana 135 10ª Planta Madrid 28024
Spain / España
*Tel - Phone - Fax:*
Phone / Tel USA : +1 917 287 5644 / +1 646 596 8787
Phone / Tel Spain :+34 627 556 500 / + 34 91 063 74 48
Please consider the environment before printing this email / Por
favor considera tu responsabilidad medioambiental antes de imprimir esta
página.
Confidentiality: The information contained in this message as well as
the attached file(s) is confidential/privileged and is only intended for
the person(s) to whom it is addressed. If the reader of this message is
not the intended recipient or the employee or agent responsible for
delivering the message to the intended recipient, or you have received
this comunication in error, please be aware that any dissemination,
distribution or duplication is strictly prohibited, and can be illegal,
and please notify us immediately and return the original message to us
at the address above. Thank you.
Confidencialidad: La información contenida en este mensaje y/o
archivo(s) adjunto(s) es confidencial/privilegiada y está destinada a
ser leída sólo por la(s) persona(s) a la(s) que va dirigida. Si usted
lee este mensaje y no es el destinatario señalado, el empleado o el
agente responsable de entregar el mensaje al destinatario, o ha recibido
esta comunicación por error, le informamos que está totalmente
prohibida, y puede ser ilegal, cualquier divulgación, distribución o
reproducción de esta comunicación, y le rogamos que nos lo notifique
inmediatamente y nos devuelva el mensaje original a la dirección arriba
mencionada. Gracias.
Viruses: Although we have taken steps to insure that this e-mail and
attachments are free from any virus, we advise that in keeping with good
computing practice, the recipient should ensure they are actually virus
free.
Virus: Aunque hemos tomado las medidas para asegurarnos que este correo
electrónico y sus ficheros adjuntos están libres de virus, le
recomendamos que a efectos de mantener buenas prácticas de seguridad, el
receptor debe asegurarse que este correo y sus ficheros adjuntos están
libres de virus.
More information about the use-livecode
mailing list