Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

kmip component error messages are cryptic

Description

Some configuration issues or certificate issues (say certificate expired) can cause libkmip component to throw cryptic (or very simple messages) that it failed.

I think there are two issues here.

  1. component loaded successfully despite errors. Later server reports error when it loads keys or store keys. Sometimes InnoDB crashes because IO on redo and undo cannot fail.

  2. messages like Loading the client certificate failed");, Loading the client key failed");, Loading the CA certificate failed");, ("BIO_do_connect failed");. These are not helpful to user.

  3. We should also print the config used in the error message.

     

see extra/libkimp/kmippp/kmippp.cpp

Proposed patch (that can be improved):



We should be able to capture error message to string buffer and use it along with std::runtime_error.

ideas from



or a simpler version:



Environment

None

is triggered by

Activity

oleksiy.lukin 
January 3, 2025 at 11:49 AM

Yes, messages should go to log because it is a part of runtime exception message now.

Satya Bodapati 
December 12, 2024 at 11:58 AM

I think, the idea of this bug is get “something” in the MySQL Server error log. Will I see something in mysqld server error log?

oleksiy.lukin 
December 12, 2024 at 11:22 AM

At this point messages from SSL level are included in the error message. Simplest way to check: shut down KMIP server and check for error.

oleksiy.lukin 
November 28, 2024 at 11:15 AM

To really solve this problem, more work is required. It is described in PS-9561

Satya Bodapati 
October 8, 2024 at 11:11 AM

suggested fix is there, we need someone to take it over. showed interest in taking it over.

do you want to add it to the backlog?

Done

Details

Assignee

Reporter

Planned Version/s

Needs QA

Sprint

Fix versions

Priority

Created September 23, 2024 at 2:31 PM
Updated February 26, 2025 at 3:27 PM
Resolved February 26, 2025 at 3:27 PM