Announcement

Announcement Module
Collapse
No announcement yet.

pt-table-sync causes SSL_verify_mode error due to latest IO::Socket::SSL

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • pt-table-sync causes SSL_verify_mode error due to latest IO::Socket::SSL

    When I run pt-table sync I get the error/warning below. I've read elsewhere that this is due to a change in the default behaviour of IO::Socket::SSL There is a solution (see link below) - but that requires a change to pt-table-sync. Could this be placed on the todo/bug list at percona?

    ************************************************** *****************
    Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
    is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
    together with SSL_ca_file|SSL_ca_path for verification.
    If you really don't want to verify the certificate and keep the
    connection open to Man-In-The-Middle attacks please set
    SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
    ************************************************** *****************
    at /mnt/lserver2/data/development/haast/bin/debug/library/pt-table-sync line 8604.
    ************************************************** *****************
    Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
    is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
    together with SSL_ca_file|SSL_ca_path for verification.
    If you really don't want to verify the certificate and keep the
    connection open to Man-In-The-Middle attacks please set
    SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
    ************************************************** *****************
    at /pt-table-sync line 8604.
    # Syncing P=3306,h=localhost,p=...,u=myun
    # DELETE REPLACE INSERT UPDATE ALGORITHM START END EXIT DATABASE.TABLE
    Last edited by ocgltd; 08-24-2014, 08:07 PM.

  • #2
    I'm not a perl programmer, but I modified line 8604 to read:

    IO::Socket::SSL->start_SSL($self->{fh}, SSL_verify_mode => 'SSL_VERIFY_NONE' );

    and the error is gone. Is that right?

    Comment

    Working...
    X