* Matt Zagrabelny [Mon Dec 19, 2022 at 08:51:07AM -0600]: > On Mon, Dec 19, 2022 at 4:02 AM Michael Prokop <m...@debian.org> wrote: > > * Matthew P Zagrabelny [Sun Dec 18, 2022 at 04:11:54PM -0600]:
> > Same here, check whether you have any non-existent SSL keys or alike > > referenced in your configuration, like: > > > > | [mysqld] > > | [...] > > | ssl = false > > | ssl-ca = /etc/mysql/cacert.pem > > | ssl-cert = /etc/mysql/server-cert.pem > > | ssl-key = /etc/mysql/server-key.pem > > | [...] > > > > So while it was even set to `ssl = false` on this system, it now > > fails with: > > > > | 2022-12-19 10:33:24 0 [ERROR] Failed to setup SSL > > | 2022-12-19 10:33:24 0 [ERROR] SSL error: > > SSL_CTX_set_default_verify_paths failed > > | 2022-12-19 10:33:24 0 [ERROR] Aborting > > > > (FTR, removing the ssl-ca/ssl-cert/ssl-key settings fixed it for me, > > those settings came from defaults of > > https://github.com/puppetlabs/puppetlabs-mysql so I'm sure more > > folks will be affected.) > > Exactly. We're using that module. A potential fix is to set: > > 'ssl-disable' => true > > in the puppet manifest, but that generates spurious warnings and mysqld > refreshes: > > # puppet agent -t [...] > So... I'm not sure what the best way forward is. [...] See e.g. https://github.com/puppetlabs/puppetlabs-mysql/issues/1509, so make sure to update to latest https://github.com/puppetlabs/puppetlabs-mysql, which also includes https://github.com/puppetlabs/puppetlabs-mysql/pull/1513 and takes care of this, at least to get a working default again. (While I still think that a stable update shouldn't include such a behavior change. :)) HTH && regards -mika-
signature.asc
Description: PGP signature
