Below is a patch to fix some problems I've had with the SSL connections
via the MySQL 4.0.10-gamma client library (is there are bug tracker
or something to file this in?)
SSL_CTX_use_certificate_chain_file allows the server/client to use
certificates signed by sub CAs.
Having SSL_VERIFY_FAIL_IF_NO_PEER_CERT set prevents clients from
using SSL even if the server isn't requiring and cert verification.
I have also have some connection attempts to MySQL server (also
4.0.10-gamma) just hang.
The perl (standalone) DBD-mysql interface using SSL connects fine,
but if you try and use the same dsn while running under mod_perl it
hangs.
I get the same problems when using postfix and proftpd when linked
against the new mysql library, but not with courier-imap. None of those
are trying to connect via SSL.
--- viosslfactories.c.orig 2003-03-03 22:20:17.000000000 +1300
+++ viosslfactories.c 2003-03-03 22:21:45.000000000 +1300
@@ -89,7 +89,7 @@
ctx, cert_file, key_file));
if (cert_file != NULL)
{
- if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <=
0)
+ if (SSL_CTX_use_certificate_chain_file(ctx,cert_file) <= 0)
{
DBUG_PRINT("error",("unable to get certificate from
'%s'\n",cert_file));
/* FIX stderr */
@@ -272,9 +272,7 @@
const char *ca_path,
const char *cipher)
{
- int verify = (SSL_VERIFY_PEER |
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
- SSL_VERIFY_CLIENT_ONCE);
+ int verify = (SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE);
struct st_VioSSLAcceptorFd* ptr;
int result;
DH *dh=NULL;
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
