I never said to use stunnel on the box with MySQL. Use it on the box with Freeradius and dont use untested patches on what I take is gonna be a production server. Stunnel is very stable and reliable. Anyway, I'd rather make SSL connection between two MySQL servers with database replication and make your radius talk to the one local to it. And be nice, "Yeah, right" is not something you say asking strangers for advices.
On Sat, 19 Mar 2005 04:14:11 +0100 Wolfram Schlich <[EMAIL PROTECTED]> wrote: > * Marcin Jessa <[EMAIL PROTECTED]> [2005-03-19 04:05]: > > On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich <[EMAIL PROTECTED]> > > wrote: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > > Hey guys, > > > > > > > > > > we would like to implement the following setup: > > > > > - FreeRADIUS radiusd on machine A > > > > > - MySQL mysqld on machine B > > > > > > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > > > > > It looks like you need to call mysql_ssl_set() with the needed > > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > > > > > Any volunteers for coding a test implementation? :) > > > > > > Ok, I have sat down and hacked something together, with a little help > > > from a friend. I probably did something wrong or suboptimal (as I > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > Here's the patch: > > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > > > Please feel invited to test it and eventually fix any bugs you find :-) > > > > All you need is stunnel. > > Yeah, right -- because MySQL supports SSL right out of the box, I will > use another piece of external software. EBADIDEA. > With MySQL-4, there's no need for such a kludgy workaround anymore. > -- > Wolfram Schlich > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards, M. Jessa http://www.yazzy.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
