TSL/SSL connection to Mariadb from LibreOffice Base

After the LibreOffice Base MySql/Mariadb connector was suddenly changed to require TLS/SSL protocols, should there not continue to be an connector option without TLS/SSL?

Personally, I was suddenly confronted with the TLS/SSL requirement after a recent LOBase upate and have not yet managed to access my Mariadb10 databases again with the newest OpenSUSE LO versions, having been enlightened that it was not a bug but a feature and leaving me with no option but to use the LO Community version instead of the OpenSUSE one.

https://forums.opensuse.org/t/libreoffice-base-fails-to-connect-to-remote-mariadb/137127

Can you share a link to that conservation?

So the LO Community version is working for you?

https://bugzilla.opensuse.org/show_bug.cgi?id=1242910
comment #6

Yes, perfectly as before the release of the LO Version: 25.2.2.2 (X86_64).
Note that apparently, the TLS/SSL requirement was added for Mariadb 11.4. I am still running Mariadb10, which the LO Community Version obviously continues to support.

I had another issue with LO Base in the Mageia repo, logged a bug for Mageia, since the LO Community version also works OK for me. I have a few other distro’s in Vbox and found that the LO in Mint’s repo also has problems…
So I even don’t try the distro version anymore on my main PC.

I probably misunderstand something, but this bug report refers to the Qt MariaDB driver. When I search for LibreOffice and MariaDB I find documentation about ODBC. Can you explain how exactly you connect LibreOffice to MariaDB? The About MariaDB Connector/ODBC | MariaDB Documentation mentions SSLVERIFY option which may do what you need.

…currently with the ‘MYSQL/MariaDB Connector’.

If I try to use ODBC, I get the message

SQL Status: IM002

[unixODBC][Driver Manager]Data source name not found and no default driver specified

There is no such thing in LibreOffice Base wizard. I can select Connect to the existing Database and then MySQL/MariaDB in the drop down list which then gives me choice between ODBC, JDBC or “MariaDB C Connector”.

Well it is there and has been for a long while.

@arvidjaar If you open the LibreOffice main program, select Base Database it pops up the wizard…

That is the wizard I already mentioned. I do not see the string ‘MYSQL/MariaDB Connector’ on the picture you posted.

added the other…

Sorry, that’s becoming ridiculous. In computers every character matters. As I already said I do not see the exact string mentioned earlier anywhere in this wizard (or anywhere on the pictures you posted) and I have no desire to second guess what this string means.

Looking at Edit > Database > Connection Type… in an already connected database, the so-called ‘Database type’ is given as ‘MYSQL/MariaDB Connector’. I suppose that is what is offered as ‘MySQL/MariaDB’ when creating a new database connection. Nothing else makes sense.

That is the question you need to address to the LibreOffice developers. Assuming you are using MariaDB Connector/C, while it does offer APIs to disable SSL LibreOffice neither exposes those options itself nor enables reading of the standard configuration files (like /etc/my.cnf).

Anyway, as I already mentioned, another option is to use MariaDB Connector/ODBC and it seems to not care about SSL. Without any special settings (except disabling SSL on the server):

andrei@tumbleweed:~> isql MariaDB-server
+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| echo [string]                         |
| quit                                  |
|                                       |
+---------------------------------------+
SQL> SHOW GLOBAL VARIABLES LIKE 'have_ssl';
...
| have_ssl | DISABLED 
SQL> SHOW session VARIABLES LIKE 'have_ssl';
| have_ssl | DISABLED  
andrei@tumbleweed:~> rpm -q mariadb mariadb-connector-odbc
mariadb-11.8.2-1.1.x86_64
mariadb-connector-odbc-3.2.5-1.1.x86_64
andrei@tumbleweed:~> cat /etc/my.cnf.d/disable-ssl.cnf
[mysqld]
skip-ssl

[client]
#ssl = 0
andrei@tumbleweed:~> 

And testing connection in LibreOffice Base wizard succeeds.

It is apparently specific to the ODBC connector:

andrei@tumbleweed:~> mariadb -u root
ERROR 2026 (HY000): TLS/SSL error: SSL is required, but the server does not support it
andrei@tumbleweed:~>

This is precisely my dilemma. I have two LibreOffice packages installed.

  1. Release supplied by OpenSUSE (Tumbleweed) fails with TLS/SSL error on connection attempt

  2. Release supplied by The LibreOffice Community succeeds

I concluded, therefore, that I should address my question here.

My post #6 shows that ODBC doesn’t work either. But now having an inkling of a solution, I will get back here if it works.

I checked that unixODBC is installed and retried. Same error as post #6.
Also

isql <my SQL-server>
[ISQL]ERROR: Could not SQLConnect

Are you suggesting that I need a file /etc/my.cnf.d/disable-ssl.cnf
with the content shown? It is missing in my.cnf.d

I literally followed MariaDB Connector/ODBC documentation (actually, I simply copy-pasted the content) to setup connection, nothing more.

My best guess is that it either statically links with or bundles an older version of MariaDB client library that does not yet enforce SSL by default. Which again is the question to the LibreOffice community or developers.

No, I do not. I simply demonstrated that there were no extra settings (besides disabling SSL in server).

That was precisely the point of my first post. Why should the SUSE LO release throw away the compatibility it had, when the Community LO release obviously retains it? the only option for the SUSE LO release could be to offer two alternatives, i.e. with or without TLS/SSL support, at the same time providing instructions, how to satisfy the TLS/SSL requirement. I am missing answers to that question to this day. Why should I lose access to my (local domain) database, just because the access procedures appear to have been changed unilaterally, even if it was a good idea to introduce a more secure alternative?

Then try asking in the right place. This is openSUSE user to use forum. There are no packagers or developers here (with very few exceptions) and it is not the bug report channel.

But I am pretty sure that my guess is correct. openSUSE builds LibreOffice with system libraries (like probably every other distribution does) and binary from LibreOffice is (statically) built with the bundled version of MariaDB Connector/C. Which is apparently version 3.1.8 as of this writing.

It does not “throw away” anything. It simply builds application to use as many of shared libraries available in the distribution as possible. It does not even patch LibreOffice, it simply calls ./configure --with-system-libs which is the official upstream option to build LibreOffice.

Do you volunteer to maintain them?

I already told you you can use ODBC for now. And using bundled mariadb-connector-c just swipes the problem under the rug - as soon as LibreOffice updates bundled mariadb-connector-c sources to the version that enables SSL by default you will have the same problem with binaries from its site. The right solution is to report to LibreOffice developers and ask them to provide an option to configure SSL. AFAICT it could be as simple as adding

mysql_optionsv(mysql, MYSQL_READ_DEFAULT_FILE, NULL);

to the LibreOffice code that invokes this connector.