CConnection::CConnection - establishing connection to MySQL database failed: #2026 'SSL connection error: The system cannot find the path specified.'

pBlueG / SA-MP-MySQL

MySQL plugin for San Andreas Multiplayer

BSD 3-Clause "New" or "Revised" License

196 stars 80 forks source link

CConnection::CConnection - establishing connection to MySQL database failed: #2026 'SSL connection error: The system cannot find the path specified.' #218

Open George480 opened 5 years ago

George480 commented 5 years ago

I have been using SSL for a gamemode I wrote and I never had problems. Today, I downloaded a new server package and copied-pasted the mysql connect stuff, but this error is given.

First gamemode connects with SSL (I checked session status Ssl_cipher).

I did a research but I did not find much about The system cannot find the path specified.

Every parameter is identical for mysql_set_option and mysql_connect functions. I can connect using SSL via command line, web browser (adminer) and the first gamemode so the certificate files are correct. Only the new gamemode refuses to connect.

maddinat0r commented 5 years ago

Are you sure the certificate file paths you specified in mysql_set_option are correct?

George480 commented 5 years ago

Yes, I am. Both gamemodes have the same code

// OnGameModeInit
new MySQLOpt: option_id, errno;

option_id = mysql_init_options();

mysql_set_option(option_id, POOL_SIZE, 0);

mysql_set_option(option_id, SSL_ENABLE, true);
mysql_set_option(option_id, SSL_KEY_FILE, "C:/Program Files/OpenSSL-Win64/cert/mysqld-server-key.pem");
mysql_set_option(option_id, SSL_CERT_FILE, "C:/Program Files/OpenSSL-Win64/cert/mysqld-server-cert.pem");
mysql_set_option(option_id, SSL_CA_FILE, "C:/Program Files/OpenSSL-Win64/cert/mysqld-ca-cert.pem");

gConnectionHandle = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE, option_id);
errno = mysql_errno(gConnectionHandle);

if (gConnectionHandle == MYSQL_INVALID_HANDLE || errno != 0)
{
    new error[100];

    mysql_error(error, sizeof (error), gConnectionHandle);
    printf("[ERROR] #%d '%s'", errno, error);

    SendRconCommand("exit");
}

First gamemode connects, second fails to and returns error 2026. I can connect with SSL from command-line and web browser with the same path and files and since the first gamemode connects, it cannot be a problem with permissions.

maddinat0r commented 5 years ago

Are there any DLL files in the server root directory? If you have a server folder for each of both gamemodes, list all DLL files of both directories please.

George480 commented 5 years ago

Only libmariadb.dll and log-core.dll files are in root. I moved the new gamemode to the old server package but no difference.

However, I discovered something really weird. If I set option SSL_ENABLE to true without providing the file paths, it connects. I called this function after connecting:

PrintSslCipher()
{
    new Value[19],
        Cache: cache_id = mysql_query(mysql_handle(), "SHOW SESSION STATUS LIKE 'Ssl_cipher';");

    cache_get_value(0, 1, Value);
    cache_delete(cache_id);

    printf("Ssl_cipher: %s", Value);
}

Prints on console Ssl_cipher: DHE-RSA-AES256-SHA which means it is using SSL, no?

Then, I tried providing only the ca path and it worked again:

mysql_set_option(option_id, SSL_ENABLE, true);
mysql_set_option(option_id, SSL_CA_PATH, "C:/Program Files/OpenSSL-Win64/cert");

After providing ca file, it fails to connect again. I commented SSL options out and called the function. It is empty as intended for not SSL.

I am really confused.

maddinat0r commented 5 years ago

Are the MySQL plugin versions different between the two server packages?

George480 commented 5 years ago

I have moved the new gamemode to the old server package, so basically both gamemodes share the same plugins/includes. I use the latest version of the mysql plugin.

To sum it up: 1) Only the first gamemode connects with SLL when providing the path to .pem files. Any other gamemode returns error 2026. 2) Any other gamemode can connect with SSL only by setting SSL_ENABLE to true or setting SSL_ENABLE to true and providing SSL_CA_PATH. Trying to set path for SSL_CA_FILE, SSL_CERT_FILE or SSL_KEY_FILE options will return error 2026.

maddinat0r commented 5 years ago

It's really hard to say what's wrong here, but if the only thing you really changed is your gamemode, it's probably something with your certificates or with your MySQL server configuration. I do see a need for a more detailed error message though, but I can't guarantee if I can retrieve the actual SSL errors through the MySQL client library. The least I can do is try, so I'll put that on my todo list.

George480 commented 5 years ago

Once in a while, I receive in logs Unknown SSL error (0x80090308). It was discussed in few places: https://jira.mariadb.org/browse/MDEV-13492 https://www.heidisql.com/forum.php?t=27158 https://github.com/HeidiSQL/HeidiSQL/issues/519

Using the mariadb connector with mysql server 8.0.16+ fails to report accurately, but they managed to receive a more detailed error using the newest mysql connector. If I use the libmysql.dll from mysql server 8.0.17, the mysql plugin fails to load because it can only start with libmariadb.dll present. Even renaming the file does not help and the mysql plugin still fails to load. Could you perhaps change it so it can link libmysql.dll if libmariadb.dll is not found?