How to tell whether MySQL Server uses yaSSL or OpenSSL

Starting with MySQL 5.6, MySQL commercial-license builds use OpenSSL.  yaSSL – previously used as the default SSL library for all builds – remains the implementation for Community (GPL) builds, and users comfortable building from source can choose to build with OpenSSL instead.  Daniel van Eeden recently requested a global variable to indicate which SSL library was used to compile the server (bug#69226), and it’s a good request.  It’s something I’ve previously requested as well, having been fooled by the use of have_openssl as a synonym for have_ssl (I’m sure it made sense at the time, right?). 

I found a workaround (at least as of 5.6.6 and more recent) which gives an indication whether yaSSL or OpenSSL was used.  The Rsa_public_key status variable is explicitly defined only when yaSSL libraries are not used:

#ifndef HAVE_YASSL
  {"Rsa_public_key",           (char*) &show_rsa_public_key, SHOW_FUNC},
#endif

As a result, MySQL Enterprise 5.6.10 (with OpenSSL) has Rsa_public_key status variable:

mysql> select version();
+---------------------------------------+
| version()                             |
+---------------------------------------+
| 5.6.10-enterprise-commercial-advanced |
+---------------------------------------+
1 row in set (0.02 sec)

mysql> show status like '%rsa%';
+----------------+-------+
| Variable_name  | Value |
+----------------+-------+
| Rsa_public_key |       |
+----------------+-------+
1 row in set (0.00 sec)

while MySQL Community 5.6.10 does not:

mysql> select version();
+-----------+
| version() |
+-----------+
| 5.6.10    |
+-----------+
1 row in set (0.00 sec)

mysql> show status like '%rsa%';
Empty set (0.00 sec)

Hopefully that will help others that have a need similar to Daniel and myself.  Hopefully we’ll get a global status variable that makes this indirect method obsolete.

2 thoughts on “How to tell whether MySQL Server uses yaSSL or OpenSSL

    1. You bet, Daniel. Your bug report reminded me of my own request, and caused me to wonder exactly how hard it would be to implement a new global variable. Based on the code which makes the workaround possible, I’d have to say it’s not very hard at all. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.