* Marcin Jessa <[EMAIL PROTECTED]> [2005-03-19 04:05]: > On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich <[EMAIL PROTECTED]> wrote: > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > Hey guys, > > > > > > > > we would like to implement the following setup: > > > > - FreeRADIUS radiusd on machine A > > > > - MySQL mysqld on machine B > > > > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > > > It looks like you need to call mysql_ssl_set() with the needed > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > > > Any volunteers for coding a test implementation? :) > > > > Ok, I have sat down and hacked something together, with a little help > > from a friend. I probably did something wrong or suboptimal (as I > > said, I am not a C coder), but at a first glance, it seems to work fine. > > Here's the patch: > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > Please feel invited to test it and eventually fix any bugs you find :-) > > All you need is stunnel.
Yeah, right -- because MySQL supports SSL right out of the box, I will use another piece of external software. EBADIDEA. With MySQL-4, there's no need for such a kludgy workaround anymore. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html