Hi Naveen, > A standalone client is working perfect to provide the SSL layer with the > database, and it is using the same client lib (libmysqlclient). I used > common ethereal tool to ensure that everything it does is encrypted. I > used > the same mysql_ssl_set() prior to establishing the connection. I simply > did > the following :
> mysql_handle=mysql_init(NULL); > static my_bool opt_ssl_verify_server_cert= 0; > mysql_ssl_set(mysql_handle, 0, 0, "/root/DIGI_DEPS/newcerts/ca-cert.pem", > 0, > 0); > mysql_options(&mysql_conn,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,(char*)&opt_ssl > _v > erify_server_cert); > mysql_handle=mysql_real_connect(&mysql_conn,db_host, > conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); > . Since everything you posted sounds perfect, here a shot in the dark: I see you have a path to the /root directory for the certs. Apache changes indentity when starting, and it might be a simple access problem perhaps? I would do two things: - move the certs below a place you make worldwide readable for testing - insert apr_stat() calls before you try to use the certs, and bail out and write info to the error log if the certs cant be accessed for whatever reason. good luck! Guenter.
