ssl questions

2009-09-08 Thread qt4x11 
I'm trying to set up my mysql 5.1 server to work over ssl, I'm following the
directions at http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html.
 I've confirmed that my server supports ssl

mysql SHOW VARIABLES LIKE 'have_ssl';
+---+---+
| Variable_name | Value |
+---+---+
| have_ssl  | YES   |
+---+---+

set up certs according to
http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html

bash-3.2# ls -l newcerts/
total 20
-rwxrwxrwx 1 root root 1761 Sep  8 14:01 ca-cert.pem
-rwxrwxrwx 1 root root 1675 Sep  8 14:00 ca-key.pem
-rwxrwxrwx 1 root root 1371 Sep  8 14:02 server-cert.pem
-rwxrwxrwx 1 root root 1675 Sep  8 14:01 server-key.pem
-rwxrwxrwx 1 root root 1094 Sep  8 14:01 server-req.pem

and that mysql is started with the appropriate --ssl-xxx options (I set 777
permissions on the newcerts directory to insure that permissions wouldn't be
a problem during testing but was planning on tightening permissions once I
got ssl working)

bash-3.2# ps aux | grep mysql
root 13326  0.0  0.2  63848  1332 pts/0S15:25   0:00 /bin/sh
/usr/bin/mysqld_safe --datadir=/var/lib/mysql
--pid-file=/var/lib/mysql/mysql.example.com.pid
--ssl-ca=/var/lib/mysql/newcerts/ca-cert.pem
--ssl-cert=/var/lib/mysql/newcerts/server-cert.pem
--ssl-key=/var/lib/mysql/newcerts/server-key.pem
mysql13399  0.1  3.4 138488 17676 pts/0Sl   15:25   0:00
/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql
--ssl-ca=/var/lib/mysql/newcerts/ca-cert.pem
--ssl-cert=/var/lib/mysql/newcerts/server-cert.pem
--ssl-key=/var/lib/mysql/newcerts/server-key.pem
--log-error=/var/lib/mysql/mysql.example.com.err
--pid-file=/var/lib/mysql/mysql.example.com.pid
root 13430  0.0  0.1  61164   768 pts/0R+   15:25   0:00 grep mysql
I'm also following documentation
http://www.stunnel.org/examples/mysql.htmlhere to set up mysql with
ssl support over stunnel.  My stunnel.conf looks
like

cert = /etc/stunnel/stunnel.pem
pid = /tmp/stunnel.pid
debug = 7
output = stunnel.log
[mysqls]
accept  = 3307
connect = 3306

I've confirmed that my server is listening on 3307

[u...@mysql.example.com ~]$ netstat -anF  | grep 3306
tcp0  0 0.0.0.0:33060.0.0.0:*
LISTEN
[u...@mysql.example.com ~]$ netstat -anF  | grep 3307
tcp0  0 0.0.0.0:33070.0.0.0:*
LISTEN

and that I can connect successfully over 3306

mysql -u user -p -h mysql.example.com -P 3306

but when I try to connect over port 3307,

mysql -u user -p -h mysql.example.com -P 3307

it fails to connect (my graphical client gives an error message that reads
'connection reset').

I'm not sure what's wrong.  My mysql user was created without any specific
SSL requirements, so I'm thinking I should be able to connect over either
port without specifying any --ssl-xxx options on the client side.  I'd like
the user to be able to connect either way.  I tried looking at the mysql
error log but it didn't provide any useful information - is there a way to
increase the log level to get at the source of the problem?  Any tips would
be appreciated.

Thanks.

Problem with mysqlimport and timestamp

2007-10-18 Thread qt4x11 
Hi-
I'm using the command 'mysqlimport -u usr -ppassh -h mysqlserver -P 3306 -v
db --local $workdir/$filename'to import a table into mysql from a file
$filename.

The data in $filename looks something like:

test test

where there is a blank space between the two 'test's to represent an empty
column. This column is of type datetime NULL DEFAULT NULL in the database.
The blank space between the two 'test's gets imported as (err) instead of
NULL.


Is there a way I can import empty column data as NULL? I'd like there to be
a NULL for every row for which this column is empty.  I'm not sure how to do
this given the format of my $filename.  As a check, I tried inserting a row
at the top of $filename like

test

The row was imported correctly, as in there was a NULL in the timestamp
column in the database, as well as a NULL in the next column in the
database.  So, this may have something to do with the format of the
$filename, but I may not be able to control the format of that file.

Thanks.