Below is a patch to fix some problems I've had with the SSL connections via the MySQL 4.0.10-gamma client library (is there are bug tracker or something to file this in?)
SSL_CTX_use_certificate_chain_file allows the server/client to use certificates signed by sub CAs. Having SSL_VERIFY_FAIL_IF_NO_PEER_CERT set prevents clients from using SSL even if the server isn't requiring and cert verification. I have also have some connection attempts to MySQL server (also 4.0.10-gamma) just hang. The perl (standalone) DBD-mysql interface using SSL connects fine, but if you try and use the same dsn while running under mod_perl it hangs. I get the same problems when using postfix and proftpd when linked against the new mysql library, but not with courier-imap. None of those are trying to connect via SSL. --- viosslfactories.c.orig 2003-03-03 22:20:17.000000000 +1300 +++ viosslfactories.c 2003-03-03 22:21:45.000000000 +1300 @@ -89,7 +89,7 @@ ctx, cert_file, key_file)); if (cert_file != NULL) { - if (SSL_CTX_use_certificate_file(ctx,cert_file,SSL_FILETYPE_PEM) <= 0) + if (SSL_CTX_use_certificate_chain_file(ctx,cert_file) <= 0) { DBUG_PRINT("error",("unable to get certificate from '%s'\n",cert_file)); /* FIX stderr */ @@ -272,9 +272,7 @@ const char *ca_path, const char *cipher) { - int verify = (SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT | - SSL_VERIFY_CLIENT_ONCE); + int verify = (SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE); struct st_VioSSLAcceptorFd* ptr; int result; DH *dh=NULL; --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php