Unsupported workaround if the DBD::MySQL driver fails to establish a TLS-encrypted connection to MySQL servers with caching_sha2_password enabled

Solution Unverified - Updated

Environment

  • Red Hat Enterprise Linux 9

Issue

Perl applications fail to establish a connection if all of the following conditions are met:

  • The application connects to a MySQL 8 server.
  • The caching_sha2_password option is enabled in the MySQL server configuration.
  • The connection uses the DBI->connect with mysql_ssl=1 option.

If the problem appears, Perl displays an error, such as failed: SSL connection error: Enforcing SSL encryption is not supported.

This bug is tracked in the This content is not included.RHEL-77083 ticket.

Resolution

The following is an unsupported workaround:

  1. Remove the perl-DBD-MySQL package:

    # dnf remove perl-DBD-MySQL

  2. Enable the codeready builder repository for your platform:

    # subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms

  3. Install the dependencies that are required to compile the driver:

    # dnf install mysql-devel perl-Devel-CheckLib perl-DBI

  4. Download the DBD-mysql package from CPAN, for example:

    # wget https://cpan.metacpan.org/authors/id/D/DV/DVEEDEN/DBD-mysql-4.050.tar.gz

  5. Unpack the archive:

    # tar xvfz DBD-mysql-4.050.tar.gz

  6. Change into the directory with the extracted source code:

    # cd DBD-mysql-4.050

  7. Create the Makefile:

    # perl Makefile.PL

  8. Compile the driver:

    # make

  9. Install the driver:

    # make install

Note that Red Hat does not support this workaround and the self-compiled DBD::mysql driver will not be updated from RHEL repositories.

Verification

You can use the following code snippet to verify the DBD::mysql driver:

#!/usr/bin/perl

use strict;
use warnings;

use DBI;

my $hostname = '127.0.0.1';
my $database = 'mysql';
my $port = 3306;
my $dsn = "DBI:mysql:database=$database;host=$hostname;port=$port";
my $dbi = DBI->connect($dsn, '<username>', '<password>',  {'mysql_ssl' => 1});
if (! defined $dbi)
        exit;
}

my $ret = $dbi->ping;
print "$ret\n";

Root Cause

The perl-DBD-MySQL package is incorrectly linked against the libmariadb library.

Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.