3

My Debian squeeze server is running mysqld version 5.1. How do I determine if the SSL libraries it is using are OpenSSL or yaSSL?

(I am pretty sure this MySQL supports SSL as the User table has the ssl_type column.)

MadHatter
  • 79,770
  • 20
  • 184
  • 232
user35042
  • 2,681
  • 12
  • 34
  • 60

4 Answers4

3

Run LDD on the MySql executable to see what it is linked against.

#ldd mysqld
trent
  • 3,114
  • 19
  • 17
  • This does not always work. I've got a TLS-enabled MySQL server but `ldd` reveals no hints about which library might be in use. (`pthread`, `aio`, `z`, `rt`, `wrap`, `crypt`, `dl`, `stdc++`, `m`, `gcc_s`, `c`, `nsl`). Perhaps the key is that `libdl` is in there, and so MySQL can dynamically-load anything it wants at runtime. – Christopher Schultz Feb 02 '17 at 14:44
1

If you want to know from within MySQL you can check the status variable Rsa_public_key as it only exists in builds with OpenSSL:

SHOW STATUS LIKE 'Rsa_public_key';

(See the relevant documentation: http://dev.mysql.com/doc/refman/5.6/en/server-status-variables.html#statvar_Rsa_public_key)

PS: Currently, the MySQL Community Edition binaries built by MySQL are using yaSSL, but e.g. Percona XtraDB Cluster binaries are built using OpenSSL. YMMV

Magentron
  • 223
  • 2
  • 7
0

Run

ldd `which mysqld`|grep ssl

it will show that your MySQL is linked to witch SSL library.

Stone
  • 7,011
  • 1
  • 21
  • 33
  • Unfortunately, that command yielded nothing. – user35042 Feb 11 '13 at 16:49
  • Then maybe your MySQL not compiled with SSL support, check out 3rd section here: http://dev.mysql.com/doc/refman/5.0/en/configuring-for-ssl.html try – Stone Feb 11 '13 at 16:51
  • That was a good suggestion; it seems that my MySQL supports SSL but the `have_ssl` variable is `DISABLED`; I think there is something wrong with my MySQL installation or binary. – user35042 Feb 11 '13 at 17:17
  • 1
    I got MySQL to work with SSL but there are no libraries linked in with mysqld that match `ssl`, – user35042 Feb 12 '13 at 00:32
0

According to this blog post, the MySQL packages in Debian don't include TLS support due to licensing issues. That post is fairly old, but based on the mysql-server-core-5.1 package not having a dependency on OpenSSL or GnuTLS I suspect that this is still true.

mgorven
  • 30,615
  • 7
  • 79
  • 122
  • TLS support is currently built-into Debian 7 (Wheezy) packages for MySQL 5.5. It's possible that prior packages included such support as well. Both my `have_openssl` and `have_ssl` flags are `YES`. – Christopher Schultz Feb 02 '17 at 14:34