Hi Guenter,
>> A standalone client is working perfect to provide the SSL layer with the >> database, and it is using the same client lib (libmysqlclient). I used >> common ethereal tool to ensure that everything it does is encrypted. I >> used the same mysql_ssl_set() prior to establishing the connection. I >> simply did the following : >> >> mysql_handle=mysql_init(NULL); >> static my_bool opt_ssl_verify_server_cert= 0; >> >> mysql_ssl_set(mysql_handle, 0, 0, "/root/DIGI_DEPS/newcerts/ca-cert.pem", >> 0, >> 0); >> mysql_options(&mysql_conn,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,(char*) >> &opt_ssl_verify_server_cert); >> >> mysql_handle=mysql_real_connect(&mysql_conn,db_host, >> conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); >> . > Since everything you posted sounds perfect, here a shot in the dark: > I see you have a path to the /root directory for the certs. Apache changes > indentity when starting, and it might be a simple access problem perhaps? > I would do two things: > - move the certs below a place you make worldwide readable for testing > - insert apr_stat() calls before you try to use the certs, and bail out > and write info to the error log if the certs cant be accessed for whatever > reason. You guessed right, the certs were not really read properly from the path I had specified. So I put them for testing, straight at root '/'. Now the certs are accessed well which is also verified by the apr_stat() call which does not brings any error. But the eventual outcome is no better. Still the apache log gives the same error. ------------------ [Mon Apr 30 18:57:16 2007] [error] [client 192.168.1.17] MOD_AUTH_MYSQL: MYSQL ERROR: Access denied for user 'mysql'@'localhost' (using password: YES) :: connect to DB [Mon Apr 30 18:57:16 2007] [error] [client 192.168.1.17] host (localhost.localdomain) not found in db [Mon Apr 30 18:57:16 2007] [crit] [client 192.168.1.17] configuration error: couldn't check user. No user file?: / ------------------- When I go for non-SSL mode (by granting the used 'mysql' user account no SSL-specific grant). The very bit same code gives no error and runs fine. No logs as generated above are seen there. The code fragment for what is done- -------------------- . . . apr_size_t length; apr_status_t stat; char msgbuf[80]; apr_status_t rv; apr_pool_t *mp; apr_file_t *fp; const char *fname="/ca-cert.pem"; apr_finfo_t finfo; apr_initialize(); apr_pool_create(&mp, NULL); if ((rv = apr_file_open(&fp, fname, APR_READ, APR_OS_DEFAULT, mp)) != APR_SUCCESS) { ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, "MOD_AUTH_MYSQL: FILE OPEN ERROR:: %s :: %s\n", mysql_error(&mysql_conn), apr_strerror(rv, msgbuf, sizeof(msgbuf))); return -1; } if ((rv = apr_stat(&finfo, fname, APR_FINFO_NORM, mp)) == APR_INCOMPLETE) { ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, "MOD_AUTH_MYSQL: FILE READ ERROR: %s :: %s\n", mysql_error(&mysql_conn), apr_strerror(rv, msgbuf, sizeof(msgbuf))); return -1; } mysql_handle=mysql_init(NULL); mysql_ssl_set(mysql_handle, 0, 0, finfo.fname, 0, 0); mysql_handle=mysql_real_connect(&mysql_conn,db_host, conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); . . . -------------------- Thanks in advance. Best Regards, Naveen Rawat