[SOLVED] mysql: how to skip ssl certificate verify?

mysql: how to skip ssl certificate verify?

I have configured the last mysql8 version, with ssl, is not production, but only testing vm for learn sql. So I can use ssl self signed certificates, this is the server cnf

[mysqld]
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
datadir         = /var/lib/mysql
log-error       = /var/log/mysql/error.log
default_storage_engine          =InnoDB
innodb_autoinc_lock_mode        =2
innodb_flush_log_at_trx_commit  =0
innodb_buffer_pool_size         =128M
binlog_format                   =ROW
require_secure_transport=true
tls_version=TLSv1.2
ssl-ca = /etc/ssl/certs/yellow.priv.crt
ssl-key = /etc/ssl/private/sql2.yellow.priv.key
ssl-cert = /etc/ssl/certs/sql2.yellow.priv.crt
wsrep_on                        =ON
wsrep_provider                  =/usr/lib/galera/libgalera_smm.so
wsrep_node_name                 ="sql2"
wsrep_node_address              ="10.3.0.6"
wsrep_cluster_name              ="galera4"
wsrep_cluster_address           ="gcomm://sql1.yellow.priv,sql2.yellow.priv"
wsrep_provider_options          ="gcache.size=128M; gcache.page_size=128M"
wsrep_provider_options="socket.ssl_key=/etc/ssl/private/sql2.yellow.priv.key;socket.ssl_cert=/etc/ssl/certs/sql2.yellow.priv.crt;socket.ssl_ca=/etc/ssl/certs/yellow.priv.crt;socket.ssl_cipher=ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!SSLv3:!MD5:!RC4:!RSA"
wsrep_slave_threads             =4
wsrep_sst_method                =rsync

this is the client $HOME/.my.cnf

[mysql]
user=myuser
password=mypass
database=mydb
ssl-ca = /etc/ssl/certs/blu.priv.crt
ssl-key = /etc/ssl/private/slack64.blu.priv.key
ssl-cert = /etc/ssl/certs/slack64.blu.priv.crt
ssl-verify-server-cert=false
host=sql2.yellow.priv

The error is this when I try to connect from the "slack64.blu.priv" client

mysql
ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain

I have tried to add this line in the server cnf

ssl-verify-server-cert=false

but the server won't start.

Ldap has this option to avoid verification

TLS_REQCERT allow

something similar for mysql?

edit: server is mysql8, client is mariadb-10.5

Solution

It is "ssl-verify-server-cert = off", not "false".

I wish I could say it is in the docs ( https://mariadb.com/kb/en/configuring-mariadb-with-option-files/ ), but it is not.