On Sat, 15 Jun 2002, Clay Loveless wrote:
> I've been trying to figure out how to set up SSL support in mysql-4.0.1 ...
> The online documentation is pretty sparse on the subject.
>
> Here's what I've got so far -- and so far this is *NOT* working. I'm putting
> it out here so that someone else may be able to fiddle around on their end
> and help figure out how to get this working.
This part of MySQL is written by me and I am sure it worked :)
> 3. EDIT my.cnf ON CLIENT & SERVER
> I added these values to my.cnf:
>
> [ssl]
> key = (LONG public key value - 394 chars - copied from server.crt)
> cert = ca.crt
> ca = (Organization Name answer from the Q & A session while doing the
> first ca.key generation)
> capath = /usr/local/etc/mysqlssl
nono, a lot of errors here. I am pretty sleepy and can do smaller mistakes
right now but mistakes I see:
section [ssl] is wrong. MySQL server uses [mysqld] section, command line
- client [client] but nobody read [ssl] section! Everything should be
added under those common sections
- values "key" and "ca" are wrong. Should be ssl-key, ssl-ca and so on...
> So far, this hasn't worked ... But at least MySQL runs without errors, so I
> believe I've got the my.cnf variable names correct.
>
> Page 390 of the new Managing & Using MySQL (O'Reilly) book provided some
> clues for doing this ... In reference to C functions, it says:
>
> 'key' contains an SSL public key
> 'cert' contains the filename of a certificate
> 'ca' contians the name of the certificate authority
> 'capath' contains the directory containing the certificate
Hmm this is not the first time when O'Reilly publishes bad and
misguiding book about MySQL. I personally suggest to avoid them. Paul
DuBois one is good example.
There is a file in MySQL source tree I wrote about using SSL connections
with MySQL:
http://www.mysqldeveloper.com/4.x-bk_tree/SSL/NOTES
I hope they work for you. There are some pregenerated example
key/certificate files included. You may try with then first to ensure that
your command-line stuff works first.
> Like I said, this hasn't worked yet -- I'm still getting "SSL is not in use"
> when I connect via the mysql client. No errors appear in the error log.
Any questions more which I can help to solve - please ask but keep
discussion Cc:-d in this list.
Also any sponsorship offers for developing SSL around replication are
welcome. I am sure someone needs it :)
Tonu
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
