Hi Naveen, >> Does your client library know SSL? Really?) > YES. My database (MySQL) is compiled from source and my end libmysqlclient > supports SSL and that too very well. This already been tested from a very > basic standalone database client + a packet sniffer tool (ethereal). what I'm currently after is a way to determine _if_ the client lib really is SSL-aware; I've not found yet an API call which tells me this piece - instead I see in the shipping mysql apps, f.e. in mysqlshow, that simply mysql_ssl_set() is called before mysql_real_connect(), and the later just bails out if the conection could not be established for whatever reason. I would however prefer to make a test if libmysqlclient is really SSL-aware, and bail out with a more informative error to the user when not. Did you find such perhaps?
> I am using a third party authentication module 'mod_auth_mysql' > which will do this task for me. Unlike my requirement this particular > module > does not provide for SSL encryption when it validates the data (username / > password) against my database. This module is having MySQL C APIs usage > for > talking to the databse. > I have generated the musts for SSL - keys/certificates for the > database clients, MySQL server and a dummy CA. Grants are well set for the > MySQL connecting users compelling them to provide their keys/certificates > at > the time they connect to the database. These same set of keys/certs. have > been found to be valid as they are working for a basic database client > application. this part is just not clear to me: what do you really test here? Did you modify the source of mod_auth_mysql and insert the call to mysql_ssl_set() ? if so I'd suggest that you make your modified code available somewhere to us so that those here interested in this can take a look (and sure I am since I will soon have a similar requirement); also for me personally the next prob is that I coudnt find yet a ready-to-use SSL-aware mysql binary distro; so seems for that I would have to compile self first.... therefore it would help me a lot if you would be willing/able to provide a test account on your SSL-aware mysql server so that I could directly start with some testing with the module. If you did not modify the mod_auth_mysql module self then I guess you have some misunderstanding: you can only secure the connection between mod_auth_mysql (if it is modified to use mysql_ssl_set() + libmysqlclient is SSL-aware) and the mysql server; secure the communication which happens between a client's browser and Apache is task of mod_ssl, and has nothing to do with mysql SSL and certs etc; instead there only the usual OpenSSL certs which you specify for mod_ssl count here - regardless which auth module you might use.... greets, Guenter.
