I have Digikam installed on a local SQLLite db. I am trying to migrate to a MySQL db on a different server. When I try to test connectivity I get:
TLS/SSL error: self-signed certificate in certificate chain QMYSQL: Unable to connect
I haven’t set up my server for secure connections. Has anyone figured out a workaround for this?
TasP
There was another thread recently…
Yes, I’ve seen it. I cant find an answer any where. 
@70tas From they linked thread, seems you need to enable ssl assuming it’s mariadb?
The obvious workaround is to disable SSL in your application. Otherwise you either need to install a certificate signed by the known CA (e.g. Let’s Encrypt) or trust this self-signed certificate explicitly (basically, import it as an additional CA).
You have application wants to use SSL/TLS. You need either to setup it correctly or to disable SSL/TLS.
Yes. Except the app says it does not enforce Tls/ssl.
I am going to setup Digikam on MXLinux and see if I can duplicate the issue.
No, MySQL. Digikam says they do not setup encryption by default. I’m going to try another distribution to try to duplicate the issue.
Which app? There are two applications here - Digikam and remote MySQL server. Where does “it” say it?
I cannot reproduce it. MariaDB server enables TLS by default using ephemeral memory-only certificate. The Digikam connection check never fails. Checking session status of mysql claims that TLS is active. You may have some additional MySQL client settings (in /etc/my.cnf or your user specific) that affect this behavior. --ssl-verify-server-cert does not change anything (and should be default anyway).
I have server on the same host. Maybe it matters, not sure.
Did you follow the digiKam documentation related to migrating from SQLite to MySQL/MariaDB?
<(digiKam) Database Settings>
Did you notice the following information related to remote MySQL databases?
CREATE USER ''@'%' IDENTIFIED BY 'password';
GRANT ALL ON *.* TO ''@'%' IDENTIFIED BY 'password';
CREATE DATABASE digikam;
GRANT ALL PRIVILEGES ON digikam.* TO ''@'%';
FLUSH PRIVILEGES;
And, this information related to MySQL/MariaDB running on Ubuntu servers –
SET global log_bin_trust_function_creators=1;
Also, there’s this “Gotcha” –
The locale used in the Mysql server must be the same as the locale from the computer used to run digiKam to prevent problems with the common values saved in the tables of the database.
Thank you all for your help. I was able to setup Digikam with a remote MySQL community DB on an MXLinux, but couldn’t setup the migration from a local SQL light to the same remote MySQL db on Tumbleweed. It appears that Tumbleweed only supports encryption, which I don’t really care about in my home. I did see a possible ‘smoking gun’ in the Digikam manual. The table showing the different combinations and file systems which may be used for a DB, shows that a remote MySQL DB can be setup, with MariaDB. So I’m not sure if this is a MySQL, Digikam, or Tumbleweed issue. I will address this with the good folks at Digikam, and I’ll report back, when I get an answer.
Well, Digikam is sending me to KDE forums and KDE seems to think that MySQL should work without encryption. I did open a BOOG report with OpenSUSE, but it was closed as a duplicate of a previous report, in which the user create the proper certificates for encryption. Unfortunately, I don’t have the time nor the inclination to mess with certificates on my home systems.
So the long and the short is, if you want to use Digikam with a MySQL server so you can access your photos from multiple dekstops, you can’t use Tumbleweed. Don’t know about Leap.
It is still pretty unclear. There is no MySQL server in Tumbleweed - it comes with MariaDB.
And that appears to be one of the issues. I tried with MariaDB, but I’m having the same problem, in that by default the server is setup without encryption. Even when I install MariaDB in15.6 it is version 10.11 without encryption. However, the client in Tumbleweed appears to be of a later release, and expects encrypted connections to the server. I’ve been, kind of pulling my hair out, until I finally came to this conclusion.
What I can’t find is a way to tell the client to not use SSL. All of the options in the Digikam connection dialog does not seem to work.
I wish the developers would look at this as a bug; There is no need for encrypted connections, by default, to a DB server in a firewalled environment. And it breaks Digikam on Tumbleweed.
But, it works fine on Windows; sorry, I couldn’t help the jab.
FYI, it is the mysql-client, not the server that is causing me grief, in Digikam.
As I already said - I tried with MaridDB on Tumbleweed and by default server is using encryption. Explain how you checked that “server is setup without encryption”.
That is quite possible. MariaDB defaults to encryption starting with 11.4.
My understanding is that Digikam is using Qt SQL, in which case MYSQL_OPT_SSL_MODE=SSL_MODE_DISABLED sounds like it may work. But you better ask Digikam community about the correct way to pass connection options.
“I tried something and it does not work” is not actionable bug report (and of course this forum is not a bug tracker). You need to provide exact steps to reproduce your problem. I cannot reproduce it on Tumbleweed.
Besides, even if it is a bug it is not even clear where (OpenSSL? mariadb client library? Qt SQL? Whatever layer KDE has on top? Digikam?).
Tumbleweed does not install MySQL, it installs MariaDB. Again, it is completely unclear what you are talking about.
If you do not have the time nor the inclination to setup your own system why do you expect anyone to have time and inclination to do it for you?
I didn’t ask you to do anything. I am trying to report an issue, which even the Bug team ignores. The default communication should be unencrypted, as documented. It broke during an update. I do not need certificates in a closed loop, they don’t do anything.
The difference is between a system setup for enterprise use, especially across a cloud, and a closed loop, or personal system.
I don’t know the answer, there good points to be made on either side.
But if it works on other distros, and if it works on Win and is documented to work as such on KDE, but it doesn’t on Tumbleweed, perhaps there is a bug?
If you report bugs the way you write here, they will be handled very quickly. With a “Won’t fix”, that is.
Yes, fine, but –
Of course not; it isn’t in the documentation, and I’ve proven SQLite to MariaDB works as documented on non-OpenSUSE platforms. Is there something you know?