Bug#1032074: libdbd-mysql-perl: SSL connection error: Enforcing SSL encryption is not supported

root debian at lhanke.de
Mon Feb 27 12:34:49 GMT 2023 

Package: libdbd-mysql-perl
Version: 4.050-2
Severity: normal

Dear Maintainer,

I'm running a mailing list implemented in Perl, which draws on a mysql database. It authenticates 
to the database using X.509. This setup runs for many years and it did not change any code for
years. The last successful use was February 20th or later.

In the meantime I installed the Debian updates e.g., mariadb and libssl. Apparently, libgnutls
was at least a day before that.

When I now try to connect I receive:

DBI connect('database=MList;mysql_ssl=1;mysql_ssl_client_key=/etc/postfix/mlist.key.pem;mysql_ssl_client_cert=/etc/postfix/mlist.cert.pem;mysql_ssl_ca_file=/etc/certs/cacert.pem;host=mysql.example.com','mlist',...) failed: SSL connection error: Enforcing SSL encryption is not supported at /usr/local/lib/mlist/MListDB.pm line 189.

However, using mysql immediately:

mysql -v -u mlist --ssl-ca /etc/certs/cacert.pem --ssl-cert /etc/postfix/mlist.cert.pem --ssl-key /etc/postfix/mlist.key.pem -h mysql.example.com MList

works as expected i.e., I am logged into MList as mlist. Also, using openssl s_client connects 
and negotiates a TLS ticket.

The CN of the mysql server's certificate matches the host of DBI connect. The CN of the client's 
certificate matches 'mlist' i.e., then user name.

-- System Information:
Debian Release: 10.13
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libdbd-mysql-perl depends on:
ii  libc6                         2.28-10+deb10u2
ii  libdbi-perl [perl-dbdabi-94]  1.642-1+deb10u2
ii  libgnutls30                   3.6.7-4+deb10u10
ii  libmariadb3                   1:10.3.38-0+deb10u1
ii  perl                          5.28.1-6+deb10u1
ii  perl-base [perlapi-5.28.1]    5.28.1-6+deb10u1
ii  zlib1g                        1:1.2.11.dfsg-1+deb10u2

libdbd-mysql-perl recommends no packages.

libdbd-mysql-perl suggests no packages.

-- no debconf information

More information about the pkg-perl-maintainers mailing list