Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drush error: TLS/SSL error: SSL is required, but the server does not support it #104

Open
jurgenhaas opened this issue Dec 13, 2024 · 13 comments

Comments

@jurgenhaas
Copy link

jurgenhaas commented Dec 13, 2024

I've updated to the latest image for PHP 8.3 this morning and now get the TLS/SSL error: SSL is required, but the server does not support it error when running drush sqlc. When I downgrade the image to the one before, the error goes away.

What's interesting, the PHP-FPM can access the the database with the same credentials without an issue. The mariadb CLI can not and gets the same error message.

Any idea what's wrong here?

EDIT:

  • wodby/drupal-php:8.3-4.64.1 works OK
  • wodby/drupal-php:8.3 does NOT work and shows the above error
@csandanov
Copy link
Member

it seems mariadb client was updated (to 11.4) in the last tag that was built with the new alpine 3.21, the client has server cert verification enabled by default for non local connection https://mariadb.com/kb/en/securing-connections-for-client-and-server/#

wodby/php@21c7268

@jurgenhaas
Copy link
Author

Hmm, I've experimented with the MARIADB_CLIENT_SSL_VERIFY_SERVER_CERT env variable, but it doesn't seem to change anything. What's the purpose of that?

@jurgenhaas
Copy link
Author

Ah, I see you only committed that a few minutes ago.

Adding that disable-ssl-verify-server-cert manually to the client config. That works for the mariadb cli in the PHP container, but it doesn't work for Drush, unfortunately.

@csandanov
Copy link
Member

Does it work if you replace [client-mariadb] with the [client]?

@jurgenhaas
Copy link
Author

Unfortunately not. The command drush executes looks like this:

mysql --defaults-file=/tmp/drush_BHJImp --database=drupal --host=mariadb --port=3306 --silent -A < /tmp/drush_JeoAmp

Is the --default-file probably overriding the system conf?

@weitzman
Copy link

If you run the drush sql command with --show-passwords option, then it wont use --defaults-file. If that works, lets discuss how to remedy.

@jurgenhaas
Copy link
Author

Yes, I've tried that and it works.

@jurgenhaas
Copy link
Author

Oh, wait. It seems to work for sqlq but not for sqlc. Doing more testing ...

@jurgenhaas
Copy link
Author

Hmm, that seems to be correct as I stated. For sqlq Drush calls mysql and then mariadb, both times by showing the password.

For sqlc Drush calls mysql first by showing the password and then it calls mariadb by using the default file.

@weitzman
Copy link

OK, thats a small bug in sqlc. Lets use sqlq to figure out best way forward. Its been a while since I researched merging of [client] config in a my.cnf file. I dunno whats possible with --defaults-file and such. For the Drush history here, see drush-ops/drush#2387 and its linked issues.

@jurgenhaas
Copy link
Author

Phew, that's beyond my horizon right now. But I'd be happy to test if anything is around.

@csandanov
Copy link
Member

4.65.1 is the tag with disable-ssl-verify-server-cert for mariadb client

@back-2-95
Copy link

I can confirm importing a dump with drush sql-query --show-passwords ... worked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants