Hi Guenter,
>> A standalone client is working perfect to provide the SSL layer with the
>> database, and it is using the same client lib (libmysqlclient). I used
>> common ethereal tool to ensure that everything it does is encrypted. I
>> used the same mysql_ssl_set() prior to establishing the connection. I
>> simply did the following :
>>
>> mysql_handle=mysql_init(NULL);
>> static my_bool opt_ssl_verify_server_cert= 0;
>>
>> mysql_ssl_set(mysql_handle, 0, 0, "/root/DIGI_DEPS/newcerts/ca-cert.pem",
>> 0,
>> 0);
>> mysql_options(&mysql_conn,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,(char*)
>> &opt_ssl_verify_server_cert);
>>
>> mysql_handle=mysql_real_connect(&mysql_conn,db_host,
>> conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0);
>> .
> Since everything you posted sounds perfect, here a shot in the dark:
> I see you have a path to the /root directory for the certs. Apache changes
> indentity when starting, and it might be a simple access problem perhaps?
> I would do two things:
> - move the certs below a place you make worldwide readable for testing
> - insert apr_stat() calls before you try to use the certs, and bail out
> and write info to the error log if the certs cant be accessed for whatever
> reason.
You guessed right, the certs were not really read properly from the path I
had specified. So I put them for testing, straight at root '/'. Now the
certs are accessed well which is also verified by the apr_stat() call which
does not brings any error.
But the eventual outcome is no better. Still the apache log gives the same
error.
------------------
[Mon Apr 30 18:57:16 2007] [error] [client 192.168.1.17] MOD_AUTH_MYSQL:
MYSQL ERROR: Access denied for user 'mysql'@'localhost' (using password:
YES) :: connect to DB
[Mon Apr 30 18:57:16 2007] [error] [client 192.168.1.17] host
(localhost.localdomain) not found in db
[Mon Apr 30 18:57:16 2007] [crit] [client 192.168.1.17] configuration error:
couldn't check user. No user file?: /
-------------------
When I go for non-SSL mode (by granting the used 'mysql' user account no
SSL-specific grant). The very bit same code gives no error and runs fine. No
logs as generated above are seen there.
The code fragment for what is done-
--------------------
.
.
.
apr_size_t length;
apr_status_t stat;
char msgbuf[80];
apr_status_t rv;
apr_pool_t *mp;
apr_file_t *fp;
const char *fname="/ca-cert.pem";
apr_finfo_t finfo;
apr_initialize();
apr_pool_create(&mp, NULL);
if ((rv = apr_file_open(&fp, fname, APR_READ, APR_OS_DEFAULT, mp)) !=
APR_SUCCESS) {
ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r,
"MOD_AUTH_MYSQL: FILE OPEN ERROR:: %s :: %s\n",
mysql_error(&mysql_conn), apr_strerror(rv, msgbuf, sizeof(msgbuf)));
return -1;
}
if ((rv = apr_stat(&finfo, fname, APR_FINFO_NORM, mp)) == APR_INCOMPLETE) {
ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r,
"MOD_AUTH_MYSQL: FILE READ ERROR: %s :: %s\n",
mysql_error(&mysql_conn), apr_strerror(rv, msgbuf, sizeof(msgbuf)));
return -1;
}
mysql_handle=mysql_init(NULL);
mysql_ssl_set(mysql_handle, 0, 0, finfo.fname, 0, 0);
mysql_handle=mysql_real_connect(&mysql_conn,db_host,
conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0);
.
.
.
--------------------
Thanks in advance.
Best Regards,
Naveen Rawat
