Fallback from SSL not happening with MariaDB libs: SSL connection error: unknown error number

[ahtik]

Ubuntu Server: 18.04.2 LTS mariadb-client, libmariadbclient-dev: 10.1.40 Postgres: 10.8 openssl: 1.1.1

mysql_fdw fails to open the connection to a MariaDB Server which has SSL enabled but I want to connect without it because the certs are not configured locally:

SELECT * from myremote.mytable;
ERROR:  failed to connect to MySQL: SSL connection error: unknown error number

At this point there doesn't seem to be an easy way to connect: mysql_ssl_set (https://mariadb.com/kb/en/library/mysql_ssl_set/) call at https://github.com/EnterpriseDB/mysql_fdw/blob/REL-2_5_1/connection.c#L211 is always causing mysql_real_connect() to return an error.

When I comment out the mysql_ssl_set call then non-SSL connection is successful/everything OK. I also did log all the mysql_ssl_set arguments (ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher) and they were null.

It's one of these cases where it's not clear how it ever worked, but it did, even for me ~6 months ago, so maybe the mariadb lib behavior changed?

What could be a reasonable fix or am I missing something obvious?

Would it suffice to just have a check that if all mysql_ssl_set arguments are null then not invoking it? Alternatively introducing use_ssl parameter for server foreign object which defaults to false if none of the mysql_fdw connection ssl_params are defined.

From https://github.com/MariaDB/server/blob/592fe954ef82be1bc08b29a8e54f7729eb1e1343/sql-common/client.c#L1422 it looks like any call to mysql_ssl_set causes mariadb client to set use_ssl=TRUE making it impossible (guessing from the first skim) to connect without SSL.

[abarbare]

Hello, I'm facing the same issue. How did you manage to connect without TLS to your MySQL database?

[ahtik]

@abarbare Eventually the certs became available, so I was able to connect with TLS. This specific issue remained unsolved for me.