What does this error mean in mariadb ssl :: ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed

Question

What does this error mean in mariadb ssl :: ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed

This happens if I enter the --ssl-ca=/etc/mysql/newcerts/ca-cert.pem on the login of a user with 'require ssl'. It is my understanding that in order to make the connection I need this.

Answer 1

In my case, using CPanel, I have to add this to my /etc/my.cnf file and restart the server

# SSL

ssl
ssl-cipher=DHE-RSA-AES256-SHA
ssl-ca=/mysql_keys/ca-cert.pem
ssl-cert=/mysql_keys/server-cert.pem
ssl-key=/mysql_keys/server-key.pem

Answer 2

I realize this is quite old, but it comes up pretty high on Bing & Google search results so I'm adding to it in hopes that others may benefit.

It's likely your file permissions are too restrictive. I had been running MariaDB with Docker Secrets and everything was fine. I added Postrgres to the stack and it immediately complained the Secrets were world readable and said to change the mode to 0640. When I did that MariaDB immediately stopped working, wanting 0660. Why MariaDB wants write access to the cert files is beyond me. I ended up creating separate stack files, Postgresql with mode 0440 and MariaDB with 0660 and all is good.

Answer 3

I had the same error "SSL_CTX_set_default_verify_paths failed" with MariaDB for windows, and it was caused by a line in the configuration file my.ini like: "ssl-ca = D:\SSL\ca.pem" make sure to use the linux path separators even in windows, like this: "ssl-ca = D:/SSL/ca.pem"

Answer 4

The SSL_CTX_set_default_verify_paths failed error occurs if paths to any of the certificate files are invalid (either missing or have incorrect permissions).

In you case I suspect the issue is because either the permissions on /etc/mysql/newcerts/ca-cert.pem are too restrictive or the file path is incorrect.