syntax for strings in REQUIRE ISSUER / REQUIRE SUBJECT
I cannot seem to get SSL connections working using the REQUIRE ISSUER or REQUIRE SUBJECT clauses. I have a mysql working with ssl. I can connect from the client host to the server using ssl, where the user has been setup using: GRANT ALL PRIVILEGES ON x.* TO ''@'ipaddress' IDENTIFIED BY 'xx' REQUIRE X509; and the connection from client is done by mysql -h xxx -u xx -p --ssl-ca=/etc/mysql/ca-cert.pem --ssl-key=/etc/mysql/client-key.pem --ssl-cert=/etc/mysql/client-cert.pem However, the moment I try to restrict access to certs with specific issuer or subject I cannot connect GRANT ALL PRIVILEGES ON x.* TO ''@'ipaddress' IDENTIFIED BY 'xx' REQUIRE ISSUER 'C=IT, ST=Como, L=Erba, O=erba.tv, OU=erba.tv, CN=erba.tv/emailAddress=postmas...@erba.tv'; I have tried various permutations of specifying issuer string, i.e. C=IT, ST=Como, L=Erba, O=erba.tv, OU=erba.tv, CN=erba.tv/emailAddress=postmas...@erba.tv C=IT, ST=Como, L=Erba, O=erba.tv, OU=erba.tv, CN=erba.tv C=IT/ST=Como/L=Erba/O=erba.tv/OU=erba.tv/CN=erba.tv/emailAddress=postmas...@erba.tv C=IT/ST=Como/L=Erba/O=erba.tv/OU=erba.tv/CN=erba.tv but none seem to work (after flushing privileges each time). The first of these values is what is given by the command: openssl x509 -in /etc/mysql/client-cert.pem -noout -text The message I get is on trying to connect is: ERROR 1045 (28000): Access denied for user ''@'ipaddress' (using password: YES) The basics of ssl are obviously working, but for some reason the ISSUER check is not working. How can I debug that futher? John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Slow querys When ADSL is down on W2K
From: Mauricio Pellegrini Hi, I've tryed that after reading this message, But couldn't get the route correctly established. I'm giving some more details in this example Server (SuSE 8.2) IP 192.168.10.34 Win2k IP 192.168.10. 5 Gets slow when adsl is down Lin_box1 (SuSE 8.2) IP 192.168.10. 3 Performs right all the time All of them are on the same Network. How should I form the route command? Oh, the ADSL router is on 192.168.10.1, Which is set as the default Gateway Any help greatly appreciated. Mauricio It might be useful to post the results of ipconfig /all and route print on the w2k box. That might give a few clues John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Slow querys When ADSL is down on W2K
From: Mauricio Pellegrini On Tue, 2004-06-08 at 12:57, John Fawcett wrote: From: Mauricio Pellegrini Hi, I've tryed that after reading this message, But couldn't get the route correctly established. I'm giving some more details in this example Server (SuSE 8.2) IP 192.168.10.34 Win2k IP 192.168.10. 5 Gets slow when adsl is down Lin_box1 (SuSE 8.2) IP 192.168.10. 3 Performs right all the time All of them are on the same Network. How should I form the route command? Oh, the ADSL router is on 192.168.10.1, Which is set as the default Gateway Any help greatly appreciated. Mauricio It might be useful to post the results of ipconfig /all and route print on the w2k box. That might give a few clues John Hi, Following is the result of those commands, but before I would like to note a detail I forgot to mention before And perhaps it may be important. The server has two ethernet cards but only one is configured and connected to the network . The configured interface is eth1 not eth0. This is from the w2k box ( It's in spanish cause all these machines are running spanish versions of the OS) C:\route print === ILista de interfaces 0x1 ... MS TCP Loopback interface 0x103 ...00 08 54 05 31 de .. Realtek RTL8139/810x Family Fast Ethernet NIC === === Rutas activas: Destino de redMáscara de red Puerta de acceso Interfaz Métrica 0.0.0.0 0.0.0.0 192.168.10.1192.168.10.2 1 127.0.0.0255.0.0.0127.0.0.1 127.0.0.1 1 192.168.10.0255.255.255.0 192.168.10.2192.168.10.2 1 192.168.10.2 255.255.255.255127.0.0.1 127.0.0.1 1 192.168.10.255 255.255.255.255 192.168.10.2192.168.10.2 1 224.0.0.0224.0.0.0 192.168.10.2192.168.10.2 1 255.255.255.255 255.255.255.255 192.168.10.2192.168.10.2 1 Puerta de enlace predeterminada: 192.168.10.1 === Rutas persistentes: ninguno The only thing strange about this is that in your previous post you mentioned that the wk2 machine had an ip of 192.168.10.5. The above route print output seems to be for a machine with an ip of 192.168.10.2. What is the reason for this difference? Is the IP dynamically assigned via DHCP? And this is from one of the Linux Boxes pc2s82:~ # ifconfig eth0Link encap:Ethernet HWaddr 00:E0:7D:A8:A7:B4 inet addr:192.168.10.3 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:7dff:fea8:a7b4/64 Scope:Link IPX/Ethernet 802.3 addr:56641932:00E07DA8A7B4 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:247456 errors:3 dropped:0 overruns:0 frame:0 TX packets:11790 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:44990156 (42.9 Mb) TX bytes:1154908 (1.1 Mb) Interrupt:11 Base address:0x1000 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:487 errors:0 dropped:0 overruns:0 frame:0 TX packets:487 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:43016 (42.0 Kb) TX bytes:43016 (42.0 Kb) And finally this is from the server eth1Link encap:Ethernet HWaddr 00:0E:0C:07:D2:48 inet addr:192.168.10.34 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::20e:cff:fe07:d248/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1122118 errors:0 dropped:0 overruns:0 frame:0 TX packets:431606 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:277616482 (264.7 Mb) TX bytes:310759628 (296.3 Mb) Interrupt:30 Base address:0x2040 Memory:fe6c-fe6e loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2282 errors:0 dropped:0 overruns:0 frame:0 TX packets:2282 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1692240 (1.6 Mb) TX bytes:1692240 (1.6 Mb) ouptut of ipconfig /all on the W2K box? John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Slow querys When ADSL is down on W2K
From: Mauricio Pellegrini Oh no.. The reason is I've changed my seat. All IP's are static. Sorry :) It generally helps to keep the problem conditions the same while investigating. :) I forgot that Here is the result of Ipconfig /all on the same machine (192.168.10.2) C:\ipconfig /all Configuración IP de Windows 2000 Nombre del host . . . . . . . . . . . : graciela Sufijo DNS principal . . . . . . . . : Tipo de nodo. . . . . . . . . . . . . : Difusión Enrutamiento de IP habilitado . . . . : No Proxy de WINS habilitado. . . . . . . : No Ethernet adaptador Conexión de área local: Sufijo DNS específico de la conexión. : Descripción . . . . . . . . . . . . . : Realtek RTL8139 C+ Fast Ethernet NIC Dirección física. . . . . . . . . . . : 00-08-54-05-31-DE DHCP habilitado . . . . . . . . . . . : No Dirección IP. . . . . . . . . . . . . : 192.168.10.2 Máscara de subred . . . . . . . . . . : 255.255.255.0 Puerta de enlace predeterminada . . . : 192.168.10.1 Servidores DNS. . . . . . . . . . . . : 200.51.254.238 200.51.209.22 The DNS server used by this machine are 200.51.254.238 and 200.51.209.22 which are unreachable when the ADSL down. Have you got local DNS server(s) you can use instead? John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: [SPAM]Re: e: Select distinct year from unix timestamp
From: Paul DuBois At 17:50 -0500 5/16/04, Paul DuBois wrote: Not a huge difference, I guess. But I suppose if a query that uses one or the other of these expressions processes a large number of rows, it might pay to run some comparative testing. Another interesting point is whether one timestamp format is to be preferred over the other in terms of performance of the operations to be done on it. The OP should be able to do this testing with the mechanism you demonstrated. John -- Paul DuBois, MySQL Documentation Team Madison, Wisconsin, USA MySQL AB, www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: COUNT
From: Gustavo Andrade select count(distinct membros.ID) as total_membros, count(distinct replays.ID) as total_replays, count(distinct downloads.ID) as total_downloads from membros,replays,downloads; Why join three tables to count the records in each one? I'm sure the performance will be poor once you get more data. if one of the tables have 0 records all the counts will turn to 0 the count works only if all the tables have records how can i fix that? By joining the tables you are asking for all possible combinations of the rows (cartesian product). The number of rows obtained is: (n. rows in table 1) * (n. rows in table 2) * ( n. rows in table 3) So if a table has 0 rows there are 0 possible combinations. For this reason and also for performance reasons, you should do 3 separate selects. If ID is a unique key, you can also take out the distinct, which in your query you needed because by making all possible combinations you repeated the same ID many times. John _ Quer ter um fórum para seu clan de Starcraft/BroodWar, Counter-Strike, Warcraft ou outros. entre em http://www.arena-star.com.br/forum/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Select distinct year from unix timestamp
From: T. H. Grejc Hello, I'm trying to select all distinct years from a unixtimestamp field in MySQL database (3.23.56). I have a query: SELECT DISTINCT YEAR(date_field) As theYear FROM table but PHP gives me an empty array. What am I doing wrong? TNX I think you need this function FROM_UNIXTIME(unix_timestamp,format). Year does not operate on a unix timestamp. John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Select distinct year from unix timestamp
From: T. H. Grejc How can I add more fields to query. If I write: SELECT DISTINCT FROM_UNIXTIME(created, '%Y %M'), other_field FROM table_name ORDER BY created DESC I loose distinction (all dates are displayed). TNX I don't think distinction is lost. All the rows should still be distinct (considered in their entirity). What are you expecting to see as a result? John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: [SPAM]Re: Select distinct year from unix timestamp
From: Paul DuBois At 22:27 +0200 5/16/04,
John Fawcett wrote:
Year does not operate on a unix timestamp.
Sure it does:
mysql select t, year(t) from tsdemo1;
++-+
| t | year(t) |
++-+
| 20010822133241 |2001 |
| 20010822133241 |2001 |
++-+
The problem lies elsewhere. Where that might be is difficult to
say, because no PHP code has been shown yet.
The first column doesn't look like a unix timestamp. It should be expressed
in seconds since 1970-01-01 00:00:00 GMT.
Try this to get the unix timestamp of the above date. Year shouldn't work on
it.
SELECT UNIX_TIMESTAMP('2001-08-22 13:32:41');
John
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: e: Select distinct year from unix timestamp
From: Paul DuBois You're right. You'd have to apply YEAR() to FROM_UNIXTIME(UNIX_TIMESTAMP(arg)). and you can avoid YEAR() altogether by using a format string. in FROM_UNIXTIME() John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Select distinct year from unix timestamp
From: T. H. Grejc I'm creating news archive and it should be sorted by months: January 2004 (news count is 56) February 2004 (48) ... So you need to use GROUP BY and COUNT. The format is like this: select monthandyear,count(othercolumn) from t group by monthandyear in your case monthandyear must be replaced by your function which extracts month and year from the unix timestamp column (in both the select and group by). I think that's what you needed. John -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
