Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unnecessary error "X509 error" when client connects without SSL certificate #3424

Open
5 tasks
renecannao opened this issue Apr 28, 2021 · 3 comments
Open
5 tasks

Unnecessary error "X509 error" when client connects without SSL certificate #3424

renecannao opened this issue Apr 28, 2021 · 3 comments
Assignees
@JavierJF
Labels
bug enhancement
Milestone
v2.2.0

Comments

@renecannao
Copy link
Contributor

  • A clear description of the issue

If a client tries to establish an SSL connection without specifying any certificate, proxysql will log an error

  • ProxySQL version

2.1.1 and newer.
But introduced in #3343

  • OS version

Any

  • The steps to reproduce the issue

Start proxysql with enabled SSL (for example running SET mysql-have_ssl='true'; load mysql variables to runtime; .
Then use any client to establish an SSL connection without certificate. For example:

mysql -u sbtest -psbtest -h 127.0.0.1 -P6033 --ssl-mode=required
  • The full ProxySQL error log (default location: /var/lib/proxysql/proxysql.log)

The full error log is irrelevant.
The specific error message is:

2021-04-28 20:54:55 mysql_data_stream.cpp:189:do_ssl_handshake(): [ERROR] X509 error: no required certificate sent by client

Suggested changes:
The error here doesn't seem correct. The certificate is not required.
It should be replaced with a warning, and the warning itself should be toggled on or off using a new global variable.
@renecannao renecannao added this to the v2.2.0 milestone Apr 28, 2021
@seikath
Copy link

seikath commented Jun 11, 2021

I see the same error with self signed certificates

renecannao added a commit that referenced this issue Aug 6, 2021
@renecannao
Remove error when clients connect without certificate #3424
0ed4514 
We currently disable this annoying error
In future we can configure this as per user level, specifying if the certificate is mandatory or not
See issue #3424
Original error was: X509 error: no required certificate sent by client
@renecannao renecannao mentioned this issue Aug 6, 2021
Merged
@renecannao
Copy link
Contributor Author

Message will go away in the next release

@kasabov
Copy link

kasabov commented Mar 30, 2022

Just verified that the issue indeed disappears with version 2.3.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JavierJF JavierJF

Labels
bug enhancement
Projects
None yet
Milestone
v2.2.0
Development

No branches or pull requests
4 participants
@JavierJF @renecannao @seikath @kasabov