Todd's MySQL Blog

Tiny tidbits of trivia from Todd

How to tell whether MySQL Server uses yaSSL or OpenSSL

Starting with MySQL 5.6, MySQL commercial-license builds use OpenSSL.  yaSSL – previously used as the default SSL library for all builds – remains the implementation for Community (GPL) builds, and users comfortable building from source can choose to build with OpenSSL instead.  Daniel van Eeden recently requested a global variable to indicate which SSL library was used to compile the server (bug#69226), and it’s a good request.  It’s something I’ve previously requested as well, having been fooled by the use of have_openssl as a synonym for have_ssl (I’m sure it made sense at the time, right?). 

I found a workaround (at least as of 5.6.6 and more recent) which gives an indication whether yaSSL or OpenSSL was used.  The Rsa_public_key status variable is explicitly defined only when yaSSL libraries are not used:

#ifndef HAVE_YASSL
  {"Rsa_public_key",           (char*) &show_rsa_public_key, SHOW_FUNC},
#endif

As a result, MySQL Enterprise 5.6.10 (with OpenSSL) has Rsa_public_key status variable:

mysql> select version();
+---------------------------------------+
| version()                             |
+---------------------------------------+
| 5.6.10-enterprise-commercial-advanced |
+---------------------------------------+
1 row in set (0.02 sec)

mysql> show status like '%rsa%';
+----------------+-------+
| Variable_name  | Value |
+----------------+-------+
| Rsa_public_key |       |
+----------------+-------+
1 row in set (0.00 sec)

while MySQL Community 5.6.10 does not:

mysql> select version();
+-----------+
| version() |
+-----------+
| 5.6.10    |
+-----------+
1 row in set (0.00 sec)

mysql> show status like '%rsa%';
Empty set (0.00 sec)

Hopefully that will help others that have a need similar to Daniel and myself.  Hopefully we’ll get a global status variable that makes this indirect method obsolete.

Single Post Navigation

2 thoughts on “How to tell whether MySQL Server uses yaSSL or OpenSSL

  1. Thanks for the workaround!

  2. Todd Farmer on said:

    You bet, Daniel. Your bug report reminded me of my own request, and caused me to wonder exactly how hard it would be to implement a new global variable. Based on the code which makes the workaround possible, I’d have to say it’s not very hard at all. :)

Leave a Reply

Your email address will not be published. Required fields are marked *


9 − = three

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>