通常のmysqlからはssl通信ができるけど、mysqlshからはできない。なんでだろう。。

追記：たぶん\sではclassic扱いで、xplugin側の設定が表示されないだけだと思う。

foo$ ls /usr/local/var/mysql/*.pem
/usr/local/var/mysql/ca-key.pem       /usr/local/var/mysql/client-cert.pem  /usr/local/var/mysql/private_key.pem  /usr/local/var/mysql/server-cert.pem
/usr/local/var/mysql/ca.pem       /usr/local/var/mysql/client-key.pem   /usr/local/var/mysql/public_key.pem   /usr/local/var/mysql/server-key.pem

foo$ cat ~/.my.cnf
[mysqld]
ssl-ca=/usr/local/var/mysql/ca.pem
ssl-cert=/usr/local/var/mysql/server-cert.pem
ssl-key=/usr/local/var/mysql/server-key.pem

mysqlx-ssl-ca=/usr/local/var/mysql/ca.pem
mysqlx-ssl-cert=/usr/local/var/mysql/server-cert.pem
mysqlx-ssl-key=/usr/local/var/mysql/server-key.pem

foo$ mysql.server restart
Shutting down MySQL
... SUCCESS!
Starting MySQL
. SUCCESS!

foo$ mysql -u root -p --ssl-ca=/usr/local/var/mysql/ca.pem
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.16 Homebrew

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

You are enforcing ssl conection via unix socket. Please consider
switching ssl off as it does not make connection via unix socket
any more secure.
mysql> \s
--------------
mysql  Ver 14.14 Distrib 5.7.16, for osx10.10 (x86_64) using  EditLine wrapper

Connection id:      3
Current database:
Current user:       root@localhost
SSL:            Cipher in use is DHE-RSA-AES128-GCM-SHA256
Current pager:      stdout
Using outfile:      ''
Using delimiter:    ;
Server version:     5.7.16 Homebrew
Protocol version:   10
Connection:     Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:        /tmp/mysql.sock
Uptime:         25 sec

Threads: 1  Questions: 7  Slow queries: 0  Opens: 105  Flush tables: 1  Open tables: 98  Queries per second avg: 0.280
--------------

mysql> show status like 'ssl_cipher';
+---------------+---------------------------+
| Variable_name | Value                     |
+---------------+---------------------------+
| Ssl_cipher    | DHE-RSA-AES128-GCM-SHA256 |
+---------------+---------------------------+
1 row in set (0.00 sec)

mysql> \q
Bye

foo$ mysqlsh -u root --port=33060 --ssl-ca=/usr/local/var/mysql/ca.pem
Creating a Session to 'root@localhost:33060?sslCa=/usr/local/var/mysql/ca.pem'
Enter password:
Node Session successfully established. No default schema selected.
Welcome to MySQL Shell 1.0.9

Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type '\help', '\h' or '\?' for help, type '\quit' or '\q' to exit.

Currently in JavaScript mode. Use \sql to switch to SQL mode and execute queries.
mysql-js> \sql
Switching to SQL mode... Commands end with ;
mysql-sql> \s
MySQL Shell Version 1.0.9

Session type:                 Node
Server type:                  mysql
Connection Id:                1
Default schema:
Current schema:
Current user:                 root@localhost
SSL:                          Not in use.
Server version:               Homebrew
Server characterset:          utf8
Schema characterset:          utf8
Client characterset:          utf8mb4
Conn. characterset:           utf8mb4
mysql-sql> show status like 'ssl_cipher';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| Ssl_cipher    |       |
+---------------+-------+
1 row in set (0.00 sec)
mysql-sql> show variables like '%ssl%';
+--------------------+--------------------------------------+
| Variable_name      | Value                                |
+--------------------+--------------------------------------+
| have_openssl       | YES                                  |
| have_ssl           | YES                                  |
| mysqlx_ssl_ca      | /usr/local/var/mysql/ca.pem          |
| mysqlx_ssl_capath  |                                      |
| mysqlx_ssl_cert    | /usr/local/var/mysql/server-cert.pem |
| mysqlx_ssl_cipher  |                                      |
| mysqlx_ssl_crl     |                                      |
| mysqlx_ssl_crlpath |                                      |
| mysqlx_ssl_key     | /usr/local/var/mysql/server-key.pem  |
| ssl_ca             | /usr/local/var/mysql/ca.pem          |
| ssl_capath         |                                      |
| ssl_cert           | /usr/local/var/mysql/server-cert.pem |
| ssl_cipher         |                                      |
| ssl_crl            |                                      |
| ssl_crlpath        |                                      |
| ssl_key            | /usr/local/var/mysql/server-key.pem  |
+--------------------+--------------------------------------+
16 rows in set (0.01 sec)
mysql-sql>