Logging options to debug SSL problem
Hi Is there a way to get the server to log verbosely everything to do with connection attempts in order to try and debug why a client keeps getting error 2026 SSL connection error: socket layer receive error? There is currently nothing being logged on the server other than: [Warning] Aborted connection 332 to db: 'unconnected' user: 'unauthenticated' host: '192.168.253.231' (This connection closed normally without authentication) SHOW GLOBAL VARIABLES LIKE 'tls_version'; gives TLSv1.1,TLSv1.2,TLSv1.3 and the client is based on a relatively recent version of libmysqlclient so Im struggling to understand what is going wrong without some more detailed logging. Thanks Andrew
Sorry to ask such a silly question, but this error message seems like its not receiving data, or you really like your test names. [Warning] Aborted connection 332 to db: 'unconnected' user: 'unauthenticated' host: '192.168.253.231' (This connection closed normally without authentication) The last line of this makes me think that the host is actually failing to connect to your server. Do you have host validation? If yes, i would start to make the simplest SSL connection possible and then add features. I'm not sure what host validation gives since thats built into mysql login validation (i'm being naive here b/c i don't know) On Sat, Sep 21, 2024 at 2:42 PM Andrew Wood via discuss < discuss@lists.mariadb.org> wrote:
Hi
Is there a way to get the server to log verbosely everything to do with connection attempts in order to try and debug why a client keeps getting error 2026 SSL connection error: socket layer receive error?
There is currently nothing being logged on the server other than:
[Warning] Aborted connection 332 to db: 'unconnected' user: 'unauthenticated' host: '192.168.253.231' (This connection closed normally without authentication)
SHOW GLOBAL VARIABLES LIKE 'tls_version'; gives TLSv1.1,TLSv1.2,TLSv1.3 and the client is based on a relatively recent version of libmysqlclient so Im struggling to understand what is going wrong without some more detailed logging.
Thanks
Andrew
_______________________________________________ discuss mailing list -- discuss@lists.mariadb.org To unsubscribe send an email to discuss-leave@lists.mariadb.org
On 22/09/2024 03:26, Jeff Dyke wrote:
Sorry to ask such a silly question, but this error message seems like its not receiving data, or you really like your test names. [Warning] Aborted connection 332 to db: 'unconnected' user: 'unauthenticated' host: '192.168.253.231' (This connection closed normally without authentication)
The last line of this makes me think that the host is actually failing to connect to your server. Do you have host validation? If yes, i would start to make the simplest SSL connection possible and then add features. I'm not sure what host validation gives since thats built into mysql login validation (i'm being naive here b/c i don't know)
This is what I would expect as it wont send any data (username, password, database name etc) over the socket until SSL is established. Its just opening a socket, failing on the SSL handshake and closing it.
On Sat, Sep 21, 2024 at 2:42 PM Andrew Wood via discuss <discuss@lists.mariadb.org> wrote:
Hi
Is there a way to get the server to log verbosely everything to do with connection attempts in order to try and debug why a client keeps getting error 2026 SSL connection error: socket layer receive error?
There is currently nothing being logged on the server other than:
[Warning] Aborted connection 332 to db: 'unconnected' user: 'unauthenticated' host: '192.168.253.231' (This connection closed normally without authentication)
SHOW GLOBAL VARIABLES LIKE 'tls_version'; gives TLSv1.1,TLSv1.2,TLSv1.3 and the client is based on a relatively recent version of libmysqlclient so Im struggling to understand what is going wrong without some more detailed logging.
Thanks
Andrew
_______________________________________________ discuss mailing list -- discuss@lists.mariadb.org To unsubscribe send an email to discuss-leave@lists.mariadb.org
Hello Andrew, I have a similar problem (server error log entry) with home made certificates, trying to use the certificate client authentication with mariadb client, or even just trying to validate the server certificate using the options --ssl-ca and --ssl-verify-server-cert. Did you find any solution to the problem or at least a way to get more information on what's happening during the TLS handshake? Thanks in advance
participants (3)
-
Andrew Wood -
g.ramunno@criticalcase.com -
Jeff Dyke