What does this error mean in mariadb ssl :: ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed

What does this error mean in mariadb ssl :: ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed

This happens if I enter the --ssl-ca=/etc/mysql/newcerts/ca-cert.pem on the login of a user with 'require ssl'. It is my understanding that in order to make the connection I need this.

1

3 Answers

The SSL_CTX_set_default_verify_paths failed error occurs if paths to any of the certificate files are invalid (either missing or have incorrect permissions).

In you case I suspect the issue is because either the permissions on /etc/mysql/newcerts/ca-cert.pem are too restrictive or the file path is incorrect.

2

I had the same error "SSL_CTX_set_default_verify_paths failed" with MariaDB for windows, and it was caused by a line in the configuration file my.ini like: "ssl-ca = D:\SSL\ca.pem" make sure to use the linux path separators even in windows, like this: "ssl-ca = D:/SSL/ca.pem"

I realize this is quite old, but it comes up pretty high on Bing & Google search results so I'm adding to it in hopes that others may benefit.

It's likely your file permissions are too restrictive. I had been running MariaDB with Docker Secrets and everything was fine. I added Postrgres to the stack and it immediately complained the Secrets were world readable and said to change the mode to 0640. When I did that MariaDB immediately stopped working, wanting 0660. Why MariaDB wants write access to the cert files is beyond me. I ended up creating separate stack files, Postgresql with mode 0440 and MariaDB with 0660 and all is good.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like