2

I recently updated my master server to 5.1.41 and noticed that the slave was no longer replicating. It was returning this erorr:

091208 12:53:31 [ERROR] Slave I/O: error connecting to master 'xxx@xxxxxxxx.com:3306' - retry-time: 10  retries: 86400, Error_code: 2026
091208 12:53:41 [ERROR] Slave I/O: error connecting to master 'xxx@xxxxxxxx.com:3306' - retry-time: 10  retries: 86400, Error_code: 1045

The first error is apparently an SSL error, followed by auth denied.. Thing is, I haven't touched my SSL key or user access in months (and the key is fine, since I'm using the same one on that machine to replicate from other master servers..

Any ideas?

Edit: Months later, I've tried with 5.1.44 and the problem is persisting. When I roll back to 5.1.39 replication works great... I guess I can't use anything newer than 5.1.39....

Ian
  • 335
  • 1
  • 3
  • 19

2 Answers2

3

I've just ran into this problem with MariaDB 5.1.39 (ourdelta build). It may or may not be interesting to know that the server seems to be just as broken as the mainstream MySQL branch however the command line client has no trouble connecting with the SSL certs to the master..

user30787
  • 41
  • 1
0

Coincidental certificate expiry, perhaps? It could also be that your key is of a type that 5.1.41 no longer wants to play nice with (I have no knowledge of changes in that area, just spitballing).

womble
  • 96,255
  • 29
  • 175
  • 230
  • I think you might actually be right. wtf is that about? Why wont 5.1.41 accept this key? I've been using it since 5.0 :S – Ian Dec 08 '09 at 22:55
  • (I should clarify that last comment, the cert hasn't expired, since I set the date to go to like 2025.. instead it looks like mysql doesn't like the cert) – Ian Dec 08 '09 at 22:58
  • MD5 checksum perhaps? Oooh... key generated using the insecure version of openssl that Debian had for a while? – womble Dec 08 '09 at 23:55
  • I created the keys on fedora about 6 months ago.. I just tried creating some new ones and they still have the same problem... thought I'm very sure the problem is ssl/key related.. I just can't figure out what the deal is.. and why 5.1.41 is alergic to it – Ian Dec 09 '09 at 00:41