Discussion:
Bug#787118: mariadb-server-10.0: Compile with OpenSSL (instead of YaSSL)
Rodrigo Campos
2015-05-28 19:58:32 UTC
Permalink
Package: mariadb-server-10.0
Version: 10.0.19-1
Severity: wishlist

Dear Maintainer,

Mariadb seems to be compiled using YaSSL intead of openssl. For example, running
in a mysql console:

MariaDB [(none)]> show variables like "%ssl%";
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_openssl | NO |
| have_ssl | DISABLED |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | |
+---------------+----------+

And as described here:
https://mariadb.com/kb/en/mariadb/ssl-system-variables/#have_openssl

That seems to be that it was built using YaSSL rather than openssl.

I don't have any strong reason to ask for this, except that openssl seems way
more used, reviewd and trusted. And I plan to not use SSL, and do something
else instead, just because it uses a bundled version of YaSSL (it's not
even dynamically linked). Also, I see here[1] that is part of the plan to use
openssl instead of bundled YaSSL (item 7).

So, whenever you can switch the build to use openssl, I'd be glad. And if this
is aproprate for jessie (not sure), that would be great :-)




Thanks a lot,
Rodrigo


[1]: https://wiki.debian.org/Teams/MySQL/MariaDB?action=show&redirect=Teams%2FMySQL%2FMariaDBPlan
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Otto Kekäläinen
2015-05-28 20:53:14 UTC
Permalink
Hello!

Thanks for reporting your request. OpenSSL is problematic because its license.

I think Debian recommends using cyassl so we'll switch from bundled
yassl to cyassl once it is confirmed to work. I don't think anybody is
actively testing or tracking that at the moment.

See discussion at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761911

If you want to contribute to packaging and optimizing the debian/rules
file (where the SSL library is defined), please check out the code at
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/tree/debian/rules
or open pull requests at https://github.com/ottok/mariadb-10.0

Thank you!
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Rodrigo Campos
2015-05-28 21:20:19 UTC
Permalink
Post by Otto Kekäläinen
Hello!
Thanks for reporting your request. OpenSSL is problematic because its license.
I think Debian recommends using cyassl so we'll switch from bundled
yassl to cyassl once it is confirmed to work. I don't think anybody is
actively testing or tracking that at the moment.
See discussion at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761911
Ohh, I didn't notice this. Thanks!
Post by Otto Kekäläinen
If you want to contribute to packaging and optimizing the debian/rules
file (where the SSL library is defined), please check out the code at
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/tree/debian/rules
or open pull requests at https://github.com/ottok/mariadb-10.0
If we decide to use SSL, I'll take a look! Thanks :)






Thanks again,
Rodrigo
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Otto Kekäläinen
2015-07-22 12:21:53 UTC
Permalink
See also https://mariadb.atlassian.net/browse/MDEV-6823

CYaSSL cannot be used until MariaDB core developers confirm that it is
feature complete enough to work with MariaDB (and vice versa MariaDB
is compatible with the CYaSSL API).

OpenSSL cannot be used unless OpenSSL users give an explicit
permission for the OpenSSL and MariaDB server process combination
(according to Clint Byrum in #761911).
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Loading...