Cdr_mysql: Cannot Connect To Database Server – SSL Error: SSL_CTX_set_default_verify_paths Failed
Home » Asterisk Users » Cdr_mysql: Cannot Connect To Database Server – SSL Error: SSL_CTX_set_default_verify_paths Failed
Hi list!
I’m getting this error frequently:
ERROR[25193][C-0004f387]: cdr_mysql.c:203 mysql_log: Cannot connect to database server localhost: (2026) SSL connection error:
SSL_CTX_set_default_verify_paths failed
Right now, as a workaround, I reload Asterisk via cron once an hour, and after the reload everything is fine again _for a while_. Still, over the course of a month I lose about 12% of my CDRs this way. I guess I could reload more often but would prefer a real fix, not a workaround. Anyone got an idea?
Asterisk 11.25.0 built by mockbuild @ olive.ph.tucny.com on a x86_64
running Linux on 2016-11-23 22:17:54 UTC
Database is a Galera cluster: galera-3-25.3.19-2.el7.x86_64
Asterisk is writing to the local MySQL instance and there’s SSL between the Galera cluster nodes.
Thanks!
Markus
—
3 thoughts on - Cdr_mysql: Cannot Connect To Database Server – SSL Error: SSL_CTX_set_default_verify_paths Failed
Hmmm… talking to localhost over SSL… seems a bit computationally wasteful.
Use the ODBC connector and talk to MariaDB over a Unix socket instead of TCP:
https://wiki.asterisk.org/wiki/display/AST/Getting+Asterisk+Connected+to+MySQL+via+ODBC
Antony.
—
“There is no reason for any individual to have a computer in their home.”
– Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed by Compaq, later merged with HP)
Please reply to the list;
please *don’t* CC me.
—
“SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used.” (
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_default_verify_paths.html
)
“The SSL_CTX_set_default_verify_paths failed error occurs if paths to any of the certificate files are invalid (either missing or have incorrect permissions).” (
https://stackoverflow.com/questions/27031318/what-does-this-error-mean-in-mariadb-ssl-error-2026-hy000-ssl-connection-e/45083610
)
Sounds to me like your CApath / CAfile being used by MySQL doesn’t exist, and so it’s unable to verify the certificate. You can try some of the answers in that stack overflow thread… or just don’t use SSL to connect to a local MySQL instance. Unless you’ve done some weird configuration, only the same user as one of the processes, or root, has the ability to eavesdrop; and both could eavesdrop by attaching to the process (i.e. with a debugger) even with SSL enabled.
Hi,
Am 08.06.2020 um 12:25 schrieb Antony Stone:
I switched to connecting via sock. My cdr_mysql.conf looks like this:
[global]
;hostname=localhost dbname=asterisk table=cdr password=somepassword user=someuser
;port=3306
sock=/var/lib/mysql/mysql.sock
However, I’m still frequently getting:
“[Jun 29 12:40:08] ERROR[12977][C-000007cc]: cdr_mysql.c:203 mysql_log:
Cannot connect to database server localhost: (2026) SSL connection error: SSL_CTX_set_default_verify_paths failed”
Which makes no sense because I’m no longer connecting via localhost. The error message still mentions localhost, though. Maybe the error message is not accurate enough?!
Strange?
As explained previously, the error comes and go. Right now I’m losing about 10% of my CDRs. But that means it’s not a general problem with the SSL stuff.
Thanks!
Markus
—