MySQL replication SSL
Dear All, I'm trying to get SSL connections for all mysql slave and masters. I have one box that will not use SSL for some reason. When I start this slave it can not connect because it's not using SSL. show slave status\G *** 1. row *** Slave_IO_State: Connecting to master Master_Host: myhost Master_User: rep_user Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.95 Read_Master_Log_Pos: 1095 Relay_Log_File: slave-relay.04 Relay_Log_Pos: 98 Relay_Master_Log_File: mysql-bin.95 Slave_IO_Running: No Slave_SQL_Running: Yes Replicate_Do_DB: crm Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 1095 Relay_Log_Space: 98 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No --- Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: NULL Here is a portion of my.cnf. [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old_passwords=1 max_connections=500 max_connect_errors = 0 # replication server-id = 1 replicate-same-server-id = 0 auto-increment-increment =3 auto-increment-offset =1 master-host = myHost master-user = rep_user master-password = rep_passwd master-connect-retry = 60 replicate-do-db = crm log-bin= /var/log/mysql/mysql-bin.log binlog-do-db = crm relay-log = /var/lib/mysql/slave-relay.log relay-log-index = /var/lib/mysql/slave-relay-log.index expire_logs_days = 10 max_binlog_size = 500M # end replication # SSL for replication ssl ssl-key=/etc/mysql/ssl/server-key.pem ssl-cert=/etc/mysql/ssl/server-cert.pem ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-capath=/etc/mysql/ssl/ ssl-cipher=DHE-RSA-AES256-SHA [client] ssl port = 3306 socket = /var/lib/mysql/mysql.sock ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-key=/etc/mysql/ssl/client-key.pem ssl-cert=/etc/mysql/ssl/client-cert.pem ssl-cipher=DHE-RSA-AES256-SHA Anyone see any issues with this? Thank you, Paul -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Mysql with SSL connections
Hello. The fact is that I cant start mysql with ssl support using the /etc/ec/d/init.d/mysql script. But the interesting thing is that if I copy First of all, you should find the error log. See: http://dev.mysql.com/doc/refman/4.1/en/error-log.html Israel Fern$ndez Cabrera [EMAIL PROTECTED] wrote: Hi folk! I'm new to mysql and to databases... I'm using Fedora Core 4 with mysql 4.1.11-2 I need some application clients to connect the server using SSL connections. I've created and tested x509 certificates using the way mysql documentation explain, I've modified the /etc/my.cnf [mysqld] and [client] sections with the certificates that are located in /etc/pki (I've made some test with the certificates in /usr/pki too). The fact is that I cant start mysql with ssl support using the /etc/ec/d/init.d/mysql script. But the interesting thing is that if I copy the same script to any different folder it works. If it is in the init.dfolder I always get an SSL connection error. running mysqld, mysqld_safe by hand work perfectly and SSL works too. This is annoying I'll appreciate any help in respect. thanks in advance and best regards... -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.NET http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Gleb Paharenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.NET ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Mysql with SSL connections
Hi folk! I'm new to mysql and to databases... I'm using Fedora Core 4 with mysql 4.1.11-2 I need some application clients to connect the server using SSL connections. I've created and tested x509 certificates using the way mysql documentation explain, I've modified the /etc/my.cnf [mysqld] and [client] sections with the certificates that are located in /etc/pki (I've made some test with the certificates in /usr/pki too). The fact is that I cant start mysql with ssl support using the /etc/ec/d/init.d/mysql script. But the interesting thing is that if I copy the same script to any different folder it works. If it is in the init.dfolder I always get an SSL connection error. running mysqld, mysqld_safe by hand work perfectly and SSL works too. This is annoying I'll appreciate any help in respect. thanks in advance and best regards... -- Israel Fdez. Cabrera [EMAIL PROTECTED]
Fwd: Mysql with SSL connections
Well I've done more than that I wrote a custom init script with the simplest possible start function containig just the following line: /usr/bin/mysqld_safe and SSL does not work eather... please help... best regards Israel -- Forwarded message -- From: RedRed!com IT Department [EMAIL PROTECTED] Date: Oct 13, 2005 10:16 AM Subject: Re: Mysql with SSL connections To: Israel Fernández Cabrera [EMAIL PROTECTED] Israel Fernández Cabrera wrote: Hi folk! I'm new to mysql and to databases... I'm using Fedora Core 4 with mysql 4.1.11-2 I need some application clients to connect the server using SSL connections. I've created and tested x509 certificates using the way mysql documentation explain, I've modified the /etc/my.cnf [mysqld] and [client] sections with the certificates that are located in /etc/pki (I've made some test with the certificates in /usr/pki too). The fact is that I cant start mysql with ssl support using the /etc/ec/d/init.d/mysql script. But the interesting thing is that if I copy the same script to any different folder it works. If it is in the init.dfolder I always get an SSL connection error. running mysqld, mysqld_safe by hand work perfectly and SSL works too. This is annoying I'll appreciate any help in respect. thanks in advance and best regards... -- Israel Fdez. Cabrera [EMAIL PROTECTED] You might want to check the mysql init.d script to make sure that all of the paths in there are correct. Sean -- Israel Fdez. Cabrera [EMAIL PROTECTED]
Re: Fwd: Mysql with SSL connections
I'm using the default Fedora Core 4 Linux mysql RPM package... I just create x509 certificates and modify the /etc/my.cnf file to use these certificates. The default mysqld init script doesn't work in its normal' location, just moving it to a different folder make it works. MySQL daemon runs by the way, but without SSL support, mysqladmin tests return SSL connection error too... On 10/13/05, RedRed!com IT Department [EMAIL PROTECTED] wrote: Israel Fernández Cabrera wrote: Well I've done more than that I wrote a custom init script with the simplest possible start function containig just the following line: /usr/bin/mysqld_safe and SSL does not work eather... please help... best regards Israel Are you sure your starting the correct binary? When you installed mysql did you install to the default /usr/local or did you specifically tell it to install to /usr ? If you look in the error file in /usr/var or /usr/local/var, does it give you any useful information? It may have a reason for the failure in there. I'm not an expert, but those are some of the steps that I would take to figure this out. Sean -- Israel Fdez. Cabrera [EMAIL PROTECTED]
Re: MySQL and SSL
Wolfgang Riedel [EMAIL PROTECTED] wrote: could someone please tell me which versions of mysql support SSL connections for both clients and replication slaves? The -Max build. i'd installed MySQL-Max-4.0.20-0.i386.rpm from download area of www.mysql.org, but the server doesn't start with --ssl option: in mysqld-err.log: /usr/sbin/mysqld-max: ERROR: unknown variable 'ssl-ca=/usr/share/ssl/certs/ca-bundle.crt' (the certificate exists) with my self-compiled version of mysql-4.0.20 it runs Oops, I lied. :) -Max was built with SSL a long time ago (if I remember right), and now it's not. Sorry. -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL and SSL
Egor Egorov schrieb: Michael Dykman [EMAIL PROTECTED] wrote: could someone please tell me which versions of mysql support SSL connections for both clients and replication slaves? The -Max build. i'd installed MySQL-Max-4.0.20-0.i386.rpm from download area of www.mysql.org, but the server doesn't start with --ssl option: in mysqld-err.log: /usr/sbin/mysqld-max: ERROR: unknown variable 'ssl-ca=/usr/share/ssl/certs/ca-bundle.crt' (the certificate exists) with my self-compiled version of mysql-4.0.20 it runs Regards, Wolfgang -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL and SSL
Michael Dykman [EMAIL PROTECTED] wrote: could someone please tell me which versions of mysql support SSL connections for both clients and replication slaves? The -Max build. -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL and SSL
Michael Dykman wrote: could someone please tell me which versions of mysql support SSL connections for both clients and replication slaves? As far as I understand SSL was introduced in 4.0 and SSL-replication was introduced in 4.1.1. http://dev.mysql.com/doc/mysql/en/SSL_options.html http://dev.mysql.com/doc/mysql/en/Replication_Options.html We've started using replication over the Internet in 2001 using SSH-Tunnels (SSH-Port-Forwarding) which works fine, too. We haven't had any problems. regards Jan Kirchhoff -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
MySQL and SSL
could someone please tell me which versions of mysql support SSL connections for both clients and replication slaves? thank you. -- - michael dykman - [EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Issue compiling mysql with ssl on solaris
Ok i worked out a possible bug with mysql 4.1 compiling openssl on solaris i keep getting this error gcc -DDEFAULT_CHARSET_HOME=\/usr/local/mysql\ -DDATADIR=\/usr/local/mysql /var \ -DSHAREDIR=\/usr/local/mysql/share/mysql\ -DDONT_USE_RAID -I. -I. -I.. -I.. /include /opt/csw/include/openssl -O3 -DDBUG_OFF -D_FILE_OFFSET_BITS=64 -DHAVE_R WLOCK_T -c libmysql.c -MT libmysql.lo -MD -MP -MF .deps/libmysql.TPlo -fPIC -DP IC -o .libs/libmysql.lo sparc-sn-solaris2.8-gcc: cannot specif -o with -c or -S and multiple compilation s *** Error code 1 make: Fatal error: Command failed for target `libmysql.lo' Current working directory /usr/share/src/mysql-4.1.1-alpha/libmysql_r *** Error code 1 make: Fatal error: Command failed for target `all-recursive' Current working directory /usr/share/src/mysql-4.1.1-alpha *** Error code 1 make: Fatal error: Command failed for target `all' my configure is ./configure --prefix=/usr/local/mysql --with-openssl-includes=/opt/cs w/include/openssl --with-openssl-libs=/opt/csw --without-docs --with-libwrap =/us r --with-mysqld-user=mysql -with-pstack --enable-thread-safe-client what seems to be the problem ? -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Mysql status SSL: Not in use
Hi buddies, i need some help with Mysql Openssl. I compiled sucessfully Mysql with the option openssl and i had created new CA permission. Every is fine at the moment, but when i look mysql status i see SSL: not in used. I check, /etc/my.cnf [mysqld] ssl ssl-ca = /opt/OpenSSL/ssl/openssl/cacert.pem ssl-cert= /opt/OpenSSL/ssl/openssl/server-cert.pem ssl-key = /opt/OpenSSL/ssl/openssl/server-key.pem [client] port = 3306 socket = /var/lib/mysql/mysql.sock I don't know what to do?, i need some advice about it, can someone give me an help!!! regards Cion -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: compiling mysql with ssl
I have Redhat 9 with openssl-0.9.7a-20 tring to re-compiling mysql-4.0.17 again with the options: ./configure --with-openssl --with-openssl-includes=/usr/include/openssl --wi th-openssl-libs=/usr/lib --with-vio --prefix=/usr/local/compiled There is messages that is coming: checking if we should build MySQLFS... no checking for OpenSSL... Could not find an installation of OpenSSL Looks like you've forgotten to install OpenSSL development RPM I had to double-check to make sure, but I thought they were already installed: [EMAIL PROTECTED] local]# rpm -qa | grep -i openssl openssl-0.9.7a-20 openssl-devel-0.9.7a-20 pyOpenSSL-0.5.1-8 Where is the path that ./configure is searching ?? where i can change it? Someone with Any other ideas? Thanks in Advance, Cion - Original Message - From: Greg G [EMAIL PROTECTED] To: Cion Chen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 9:35 AM Subject: Re: compiling mysql with ssl This is a known bug. You'll have to create a link in /usr/local/include/openssl. Also, you'll want to use this configure: $ ./configure --with-openssl --with-openssl-includes=/usr/local/ssl/include --with-openssl-libs=/usr/local/ssl/lib --with-vio Doing --with-openssl=/path/to/openssl seems to confuse configure. You also don't want to specify the particular .a file, just the directory. -Greg G Cion Chen wrote: Hi! I have some trouble tring to compile Mysql 4.0.17 with de options: --with-vio --with-openssl, I try with some recomedation about it but none successful. Compiling with: ./configure --with-vio --with-openssl=/path/to/openssl --with-openssl-inclu d e=/path/to/include/ssl.h --with-openssl-lib=/path/to/lib/libssl.a Everything is fine during de compilation but when i install the new database, it's show my variable have_openssl=no and the showing Status SSL=not in use *When i compile with: ./configure --with-vio --with-openssl --with-openssl-include=/path/to/inclu d e/ssl.h --with-openssl-lib=/path/to/lib/libssl.a during the compilation i get the following error: ../lib/mysql/.libs/libmysqlclient.so: undefined reference to openssl_add_all_algorithms collect 2: ld returned 1 exit status Can someone help me?, I don't know that to do or what i should do for now?? Thanks in advance, Cion -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: compiling mysql with ssl
You'll want this: --with-openssl-libs=/usr/local/ssl/lib (not /usr/lib) -Greg G Cion Chen wrote: I have Redhat 9 with openssl-0.9.7a-20 tring to re-compiling mysql-4.0.17 again with the options: ./configure --with-openssl --with-openssl-includes=/usr/include/openssl --wi th-openssl-libs=/usr/lib --with-vio --prefix=/usr/local/compiled There is messages that is coming: checking if we should build MySQLFS... no checking for OpenSSL... Could not find an installation of OpenSSL Looks like you've forgotten to install OpenSSL development RPM I had to double-check to make sure, but I thought they were already installed: [EMAIL PROTECTED] local]# rpm -qa | grep -i openssl openssl-0.9.7a-20 openssl-devel-0.9.7a-20 pyOpenSSL-0.5.1-8 Where is the path that ./configure is searching ?? where i can change it? Someone with Any other ideas? Thanks in Advance, Cion - Original Message - From: Greg G [EMAIL PROTECTED] To: Cion Chen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 9:35 AM Subject: Re: compiling mysql with ssl This is a known bug. You'll have to create a link in /usr/local/include/openssl. Also, you'll want to use this configure: $ ./configure --with-openssl --with-openssl-includes=/usr/local/ssl/include --with-openssl-libs=/usr/local/ssl/lib --with-vio Doing --with-openssl=/path/to/openssl seems to confuse configure. You also don't want to specify the particular .a file, just the directory. -Greg G Cion Chen wrote: Hi! I have some trouble tring to compile Mysql 4.0.17 with de options: --with-vio --with-openssl, I try with some recomedation about it but none successful. Compiling with: ./configure --with-vio --with-openssl=/path/to/openssl --with-openssl-inclu d e=/path/to/include/ssl.h --with-openssl-lib=/path/to/lib/libssl.a Everything is fine during de compilation but when i install the new database, it's show my variable have_openssl=no and the showing Status SSL=not in use *When i compile with: ./configure --with-vio --with-openssl --with-openssl-include=/path/to/inclu d e/ssl.h --with-openssl-lib=/path/to/lib/libssl.a during the compilation i get the following error: ../lib/mysql/.libs/libmysqlclient.so: undefined reference to openssl_add_all_algorithms collect 2: ld returned 1 exit status Can someone help me?, I don't know that to do or what i should do for now?? Thanks in advance, Cion
Re: compiling mysql with ssl
I had the same problem, just don't know what is wrong with the red hat ssl packages. I did this: 1.- download a fresh copy of openssl, configure with --prefix=/opt/OpenSSL, compile and install, everything will go to /optOpenSSL, so, the new version won't conflict with the red hat's 2.- compile mysql with: --with-openssl-libs=/opt/OpenSSL/lib --with-openssl-include=/opt/OpenSSL/include --prefix=/opt/MySQL I like to keep control with what i compile and install, it is quite hard to find whats installed with MAKE INSTALL under /usr, changing the default prefix is somehow easier to manage, every thing will go to /opt This is how i did it, I have copies of 4.0, 4.1 and 5 running on the same machine like this Hope this helps! Best Regards from venezuela -- |...| | _ _|Victor Medina M | |\ \ \| | _ \ / \ |Linux - Java - MySQL | | \ \ \ _| | |_) / _ \ |Dpto. Sistemas - Ferreteria EPA | | / / / |___| __/ ___ \ |[EMAIL PROTECTED] | |/_/_/|_|_| /_/ \_\|ext. 325 | ||geek by nature - linux by choice | |...|
Re: compiling mysql with ssl
Thanks for your reply, I do that but it's was unsuccesful. With theses options i get the following error when i do MAKE: ../readline/libreadline.a -lncurses ../libmysql/.libs/libmysqlclient.so -L/usr/lib -lz -lcrypt -lnsl -lm -lssl -lcrypto -Wl,--rpath -Wl,/usr/local/compiled/lib/mysql ../libmysql/.libs/libmysqlclient.so: undefined reference to `OpenSSL_add_all_algorithms' collect2: ld returned 1 exit status if something could missing here? or some other bugs?? i'm getting hysteria. tranks in advance, Cion - Original Message - From: Victor Medina To: Greg G Cc: Cion Chen ; [EMAIL PROTECTED] Sent: Friday, January 09, 2004 12:32 PM Subject: Re: compiling mysql with ssl I had the same problem, just don't know what is wrong with the red hat ssl packages. I did this: 1.- download a fresh copy of openssl, configure with --prefix=/opt/OpenSSL, compile and install, everything will go to /optOpenSSL, so, the new version won't conflict with the red hat's 2.- compile mysql with: --with-openssl-libs=/opt/OpenSSL/lib --with-openssl-include=/opt/OpenSSL/include --prefix=/opt/MySQL I like to keep control with what i compile and install, it is quite hard to find whats installed with MAKE INSTALL under /usr, changing the default prefix is somehow easier to manage, every thing will go to /opt This is how i did it, I have copies of 4.0, 4.1 and 5 running on the same machine like this Hope this helps! Best Regards from venezuela | _ _|Victor Medina M | |\ |...| \ \| | _ \ / \ |Linux - Java - MySQL | | \ \ \ _| | |_) / _ \ |Dpto. Sistemas - Ferreteria EPA | | / / / |___| __/ ___ \ |[EMAIL PROTECTED] | |/_/_/|_|_| /_/ \_\|ext. 325 | ||geek by nature - linux by choice | |...| - Original Message - From: Greg G To: Cion Chen Cc: [EMAIL PROTECTED] Sent: Friday, January 09, 2004 12:25 PMSubject: Re: compiling mysql with sslYou'll want this: --with-openssl-libs=/usr/local/ssl/lib (not /usr/lib)-Greg G
Re: compiling mysql with ssl
This is a known bug. You'll have to create a link in /usr/local/include/openssl. Also, you'll want to use this configure: $ ./configure --with-openssl --with-openssl-includes=/usr/local/ssl/include --with-openssl-libs=/usr/local/ssl/lib --with-vio Doing --with-openssl=/path/to/openssl seems to confuse configure. You also don't want to specify the particular .a file, just the directory. -Greg G Cion Chen wrote: Hi! I have some trouble tring to compile Mysql 4.0.17 with de options: --with-vio --with-openssl, I try with some recomedation about it but none successful. Compiling with: ./configure --with-vio --with-openssl=/path/to/openssl --with-openssl-includ e=/path/to/include/ssl.h --with-openssl-lib=/path/to/lib/libssl.a Everything is fine during de compilation but when i install the new database, it's show my variable have_openssl=no and the showing Status SSL=not in use *When i compile with: ./configure --with-vio --with-openssl --with-openssl-include=/path/to/includ e/ssl.h --with-openssl-lib=/path/to/lib/libssl.a during the compilation i get the following error: ../lib/mysql/.libs/libmysqlclient.so: undefined reference to openssl_add_all_algorithms collect 2: ld returned 1 exit status Can someone help me?, I don't know that to do or what i should do for now?? Thanks in advance, Cion
compiling mysql with ssl
Hi! I have some trouble tring to compile Mysql 4.0.17 with de options: --with-vio --with-openssl, I try with some recomedation about it but none successful. Compiling with: ./configure --with-vio --with-openssl=/path/to/openssl --with-openssl-includ e=/path/to/include/ssl.h --with-openssl-lib=/path/to/lib/libssl.a Everything is fine during de compilation but when i install the new database, it's show my variable have_openssl=no and the showing Status SSL=not in use *When i compile with: ./configure --with-vio --with-openssl --with-openssl-include=/path/to/includ e/ssl.h --with-openssl-lib=/path/to/lib/libssl.a during the compilation i get the following error: ../lib/mysql/.libs/libmysqlclient.so: undefined reference to openssl_add_all_algorithms collect 2: ld returned 1 exit status Can someone help me?, I don't know that to do or what i should do for now?? Thanks in advance, Cion -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
compiling mysql with ssl
Hi! I have some trouble tring to compile Mysql 4.0.16 with de options: --with-vio --with-openssl, I try with some recomedation about it but none successful. Compiling with: ./configure --with-vio --with-openssl=/path/to/openssl --with-openssl-includ e=/path/to/include/ssl.h --with-openssl-lib=/path/to/lib/libssl.a Everything is fine during de compilation but when i install the new database, it's show my variable have_openssl=no and the showing Status SSL=not in use *When i compile with: ./configure --with-vio --with-openssl --with-openssl-include=/path/to/includ e/ssl.h --with-openssl-lib=/path/to/lib/libssl.a during the compilation i get the following error: ../lib/mysql/.libs/libmysqlclient.so: undefined reference to openssl_add_all_algorithms collect 2: ld returned 1 exit status Can someone help me?, I don't know that to do or what i should do for now?? Thanks in advance, Cion -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL with SSL enabled
rmck [EMAIL PROTECTED] wrote: I am in the process of installing Mysql 4.0.17. I need to have Mysql with SSL enabled. Does this feature come enabled with the binary download? Or do I need to download the source and compile it? Official binaries are compiled without SSL support. Any good links ot setting up MySQL with SSL enabled? Check MySQL manual: http://www.mysql.com/doc/en/Secure_connections.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
MySQL with SSL enabled
Hello, I am in the process of installing Mysql 4.0.17. I need to have Mysql with SSL enabled. Does this feature come enabled with the binary download? Or do I need to download the source and compile it? Any good links ot setting up MySQL with SSL enabled? Thanks Rob -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL with SSL enabled
rmck wrote: Hello, I am in the process of installing Mysql 4.0.17. I need to have Mysql with SSL enabled. Does this feature come enabled with the binary download? Or do I need to download the source and compile it? Any good links ot setting up MySQL with SSL enabled? Good luck. Let me know if you manage to get SSL working during the compile phase. I found an open bug ( http://bugs.mysql.com/bug.php?id=1915 ) which pretty much indicates that you're not going to be able to build in SSL support. -Greg G -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL with SSL enabled
On Wed, 2003-12-17 at 09:39, rmck wrote: Hello, I am in the process of installing Mysql 4.0.17. I need to have Mysql with SSL enabled. Does this feature come enabled with the binary download? Or do I need to download the source and compile it? Any good links ot setting up MySQL with SSL enabled? Hi Rob, I'm not sure about SSL capabilities of MySQL, but there's a SSL wrapper called Stunnel at http://www.stunnel.org that will wrap any ports connection in SSL with OpenSSL and SSLeay libaries. Very cool for securing email connections with regular POP3 accounts. Should be just as easy with any other port. HTH, Kevin -- Kevin Old [EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL with SSL enabled
On Wed, 2003-12-17 at 09:39, rmck wrote: Hello, I am in the process of installing Mysql 4.0.17. I need to have Mysql with SSL enabled. Does this feature come enabled with the binary download? Or do I need to download the source and compile it? Any good links ot setting up MySQL with SSL enabled? Thanks Rob Also, this article about 11 SSH Tricks might help. http://www.linuxjournal.com/article.php?sid=6602 HTH, Kevin -- Kevin Old [EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Compiling MySQL with SSL support
Hi, I am attempting to install mySQL with SSL support but keep getting build errors. I have openSSL 0.9.7c install into /usr/local/ssl I am attempting to install mySQL 4.0.16 I am using the following configure options CFLAGS=-O3 -mcpu=pentiumpro -I/usr/local/ssl/include CXX=gcc CXXFLAGS=-O3 -mcpu=pentiumpro -felide-constructors ./configure --prefix=/usr/local/mysql --with-extra-charsets=complex --enable -thread-safe-client --enable-local-infile --enable-assembler --disable-share d --with-vio --with-openssl --with-openssl-includes=/usr/local/ssl/include - -with-openssl-libs=/usr/local/ssl/lib and I am getting this error ../include/my_global.h:271: warning: this is the location of the previous definition In file included from bfill.c:32: ../include/my_global.h:1109: openssl/opensslv.h: No such file or directory The file openssl/opensslv.h does exist. Does anyone have any ideas how to fix this problem? Thanks, Adam --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.543 / Virus Database: 337 - Release Date: 21/11/2003 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: RE: Compiling MySQL with SSL support
Well, I have been playing around some, partly in the files, other times with other ccommands see what happens. Well I decided to delete the entire directory, and try again. As I was watching the configure to go through it's thing, I got a interesting error at 21985 - unknown command and at 21988 in the configure file. Well, I decided to find out what was causing this error, and noticed at 21985, is a test to see if it should use libedit or not. I never did define anything in the command line for it, and on it's false statement it puts a variable for with_libedit to undefined. Well just happens at 21988, theres a test to see if it should use both libedit and libread together. Just playing around I decided to try compiling with the libedit, and I get 4 new errors at 21988 - test: =: unary operator expected; at 21985 - command not found; at 21981 - command not found; and lastly at 21986 - command not found. Just looking above and below, I find it is right at the openssl section. What I am thinking, is that either the test expressions are incorrectly done, or the value of with_libedit that is being defined for tue isn't what is needed. I will post more when I find more out. Chris - Original Message - From: Fortuno, Adam [EMAIL PROTECTED] To: 'Chris Torske' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 09, 2003 10:59 AM Subject: [spam] RE: Compiling MySQL with SSL support I don't have an answer for you, but Hong might. He's compiled MySQL with SSL support. Perhaps he could answer your question. Regards, Adam -Original Message- From: Chris Torske [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 11:36 AM To: [EMAIL PROTECTED] Subject: Compiling MySQL with SSL support Hopefuly someone will be able to save me, before I destroy my system too bad. I am trying to compile mysql 4.1.0 alpha with openssl support. I know I have everything needed installed on my system, gcc 3.2.2, and two copies of openssl. I originaly tried installing with the rpm, to hopefuly be less of a head ache, but ended up being more of one. So I am going through and just compile from source code. From what I found out the hard way, this version only wants 0.9.6, won't accept 0.9.7 shared files. So I installed 0.9.6 in a different location and made the shared files, but I am unable to get the compiler to use the correct location for openssl. It always goes back to the default location which has 0.9.7 and fails. Right now 0.9.7 is installed in it's default location, and I installed 0.9.6 in /usr/local/openssl096. Is there a command or some commands that will tell the compiler use the new location over default? Thanks, Chris -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Re: RE: Compiling MySQL with SSL support
Updating on my progress on getting it to work. I did get the errors fixed, there were 3 in the end that needed to be fixed. Pretty much I had to remove a space in 2 spots, I think at 21985 and 21986 if I am correct, more of there was a space on the lines assigning a value to a varable. The other error at I think 21988, I just need to give the function/statement something to use. I am not using my linux machine to write these, so I been having to switch back and forth a lot of the time. I haven't got it to make yet, but I know what the problem on that it, I just need to find a way to either get the library it wants, or find a way to install the new gcc 3.3.1. How I am going to do that, I have no idea, but I will work on that tomorrow, after I get home from work. If you haven't noticed, I am not one who cares for waiting if I don't need to. I may not be the best in linux, or even know half of what I am doing, but I will figure it out one way or another. Chris - Original Message - From: Chris Torske [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 2:58 PM Subject: [mysql] Re: RE: Compiling MySQL with SSL support Well, I have been playing around some, partly in the files, other times with other ccommands see what happens. Well I decided to delete the entire directory, and try again. As I was watching the configure to go through it's thing, I got a interesting error at 21985 - unknown command and at 21988 in the configure file. Well, I decided to find out what was causing this error, and noticed at 21985, is a test to see if it should use libedit or not. I never did define anything in the command line for it, and on it's false statement it puts a variable for with_libedit to undefined. Well just happens at 21988, theres a test to see if it should use both libedit and libread together. Just playing around I decided to try compiling with the libedit, and I get 4 new errors at 21988 - test: =: unary operator expected; at 21985 - command not found; at 21981 - command not found; and lastly at 21986 - command not found. Just looking above and below, I find it is right at the openssl section. What I am thinking, is that either the test expressions are incorrectly done, or the value of with_libedit that is being defined for tue isn't what is needed. I will post more when I find more out. Chris - Original Message - From: Fortuno, Adam [EMAIL PROTECTED] To: 'Chris Torske' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 09, 2003 10:59 AM Subject: [spam] RE: Compiling MySQL with SSL support I don't have an answer for you, but Hong might. He's compiled MySQL with SSL support. Perhaps he could answer your question. Regards, Adam -Original Message- From: Chris Torske [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 11:36 AM To: [EMAIL PROTECTED] Subject: Compiling MySQL with SSL support Hopefuly someone will be able to save me, before I destroy my system too bad. I am trying to compile mysql 4.1.0 alpha with openssl support. I know I have everything needed installed on my system, gcc 3.2.2, and two copies of openssl. I originaly tried installing with the rpm, to hopefuly be less of a head ache, but ended up being more of one. So I am going through and just compile from source code. From what I found out the hard way, this version only wants 0.9.6, won't accept 0.9.7 shared files. So I installed 0.9.6 in a different location and made the shared files, but I am unable to get the compiler to use the correct location for openssl. It always goes back to the default location which has 0.9.7 and fails. Right now 0.9.7 is installed in it's default location, and I installed 0.9.6 in /usr/local/openssl096. Is there a command or some commands that will tell the compiler use the new location over default? Thanks, Chris -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Compiling MySQL with SSL support
Hopefuly someone will be able to save me, before I destroy my system too bad. I am trying to compile mysql 4.1.0 alpha with openssl support. I know I have everything needed installed on my system, gcc 3.2.2, and two copies of openssl. I originaly tried installing with the rpm, to hopefuly be less of a head ache, but ended up being more of one. So I am going through and just compile from source code. From what I found out the hard way, this version only wants 0.9.6, won't accept 0.9.7 shared files. So I installed 0.9.6 in a different location and made the shared files, but I am unable to get the compiler to use the correct location for openssl. It always goes back to the default location which has 0.9.7 and fails. Right now 0.9.7 is installed in it's default location, and I installed 0.9.6 in /usr/local/openssl096. Is there a command or some commands that will tell the compiler use the new location over default? Thanks, Chris
Re: Starting MySQL with SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Karam Chand wrote: Greetings I have MySQL 4.0.13 installed on WinXP machine. From the DOCS I read that support for SSL is provided with MySQL 4.x. The doc says that I need to install the library from openssl.org ( which I did ) and then configure mysql with --with-vio and --with-openssl? Does it mean that I have compile MySQL from the source, or what with option do I need to start mysqld-nt-max? Thanks in advance. Due to licensing issues with OpenSSL, MySQL does not ship SSL-enabled binaries for Windows. If you want to use SSL with MySQL on Windows, you will have to compile it yourself at this time. We are looking at ways to fix this licensing issue. -Mark - -- For technical support contracts, visit https://order.mysql.com/?ref=mmma __ ___ ___ __ / |/ /_ __/ __/ __ \/ / Mark Matthews [EMAIL PROTECTED] / /|_/ / // /\ \/ /_/ / /__ MySQL AB, SW Dev. Manager - J2EE/Windows /_/ /_/\_, /___/\___\_\___/ Flossmoor (Chicago), IL USA ___/ www.mysql.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+4zqftvXNTca6JD8RAkejAJwKUEhigiYIkF9vAu+0+keS93jP2gCgmYEl 2aqR4pis3quQw9WreBeMbAE= =40HH -END PGP SIGNATURE- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Starting MySQL with SSL
Greetings I have MySQL 4.0.13 installed on WinXP machine. From the DOCS I read that support for SSL is provided with MySQL 4.x. The doc says that I need to install the library from openssl.org ( which I did ) and then configure mysql with --with-vio and --with-openssl? Does it mean that I have compile MySQL from the source, or what with option do I need to start mysqld-nt-max? Thanks in advance. Karam __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Problem using DBI with MySQL and SSL
On Mon, 24 Mar 2003, Casella, Richard A wrote: I am having a problem getting this to work and the documentation I have found doesn't seem to be helping, hopefully someone out there can help me. I am using MySQL 4.01-Gamma on a Debian Linux box. I have configured MySQL exactly as the manual shows in Section 4.3.9 - Using Secure Connections, including 4.3.9.3 - Setting up SSL Certificates. This all works as advertised if I access mysql from the command line. I have a short Perl program which I have included which uses DBI 1.32. I can not get the authentication to work whether I include $password or not. I get the following error... Did you compile DBD::mysql to use SSL? As in: perl Makefile.PL -ssl [EMAIL PROTECTED]:rac$ dbtest.pl DBI connect('menagerie:localhost;mysql_read_default_file=/home/rac/.my.cnf','rac ',...) Why bother with ssl when connecting to localhost? Rudy -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Problem using DBI with MySQL and SSL
I am having a problem getting this to work and the documentation I have found doesn't seem to be helping, hopefully someone out there can help me. I am using MySQL 4.01-Gamma on a Debian Linux box. I have configured MySQL exactly as the manual shows in Section 4.3.9 - Using Secure Connections, including 4.3.9.3 - Setting up SSL Certificates. This all works as advertised if I access mysql from the command line. I have a short Perl program which I have included which uses DBI 1.32. I can not get the authentication to work whether I include $password or not. I get the following error... [EMAIL PROTECTED]:rac$ dbtest.pl DBI connect('menagerie:localhost;mysql_read_default_file=/home/rac/.my.cnf','rac ',...) failed: Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) at /home/rac/perl/src/dbtest.pl line 7 Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) at /home/rac/perl/src/dbtest.pl line 7. [EMAIL PROTECTED]:rac$ Here's the code... #!/usr/bin/perl -w # use DBI; my $query; my $user = rac; my $password = testpass; my $dbh = DBI-connect(DBI:mysql:menagerie:localhost;mysql_read_default_file=/home/ra c/.my.cnf, $user, $password) || die $DBI::errstr; $query=$dbh-prepare(select * from pet) || die prepare- $DBI::errstr; $query-execute; while ((@userinfo)=$query-fetchrow) { print $userinfo[0]\n; } $query-finish; $dbh-disconnect; exit 1; Any help will be greatly appreciated, Rich Emerging Software Technology A man of genius makes no mistakes.| Brookhaven National Laboratory His errors are volitional and are | ITD Bldg 515, Upton, NY 11973 USA the portals of discovery | http://www.buoy.com/~rac - James Joyce | mailto:[EMAIL PROTECTED] (631) 344-7975 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MySQL 4.0.1 SSL config - a shot in the dark
Hello, From the sound of Tonu's original response, he's pretty busy right now ... If anyone else has an idea based on experience with SSL MySQL, or just with openssl in general, can offer an opinion on this, I would be grateful. I've ordered a book on OpenSSL in an effort to learn more about it for this application as well as others, but it hasn't gotten here yet. I would appreciate any insight before I get around to just guessing! Thanks, Clay From: Clay Loveless [EMAIL PROTECTED] Date: Sat, 15 Jun 2002 21:30:31 -0700 To: MySQL [EMAIL PROTECTED] Subject: Re: MySQL 4.0.1 SSL config - a shot in the dark Tonu, Thank you, thank you! The formal documentation effort is apparently still underway based on your notes ... The link you included eliminates a lot of guesswork! : ) This part of MySQL is written by me and I am sure it worked :) I'm sure it does -- what I meant was that the way I had it configured (my best guess last night) wasn't working. No wonder! 3. EDIT my.cnf ON CLIENT SERVER I added these values to my.cnf: [ssl] key = (LONG public key value - 394 chars - copied from server.crt) cert = ca.crt ca = (Organization Name answer from the Q A session while doing the first ca.key generation) capath = /usr/local/etc/mysqlssl nono, a lot of errors here. I am pretty sleepy and can do smaller mistakes right now but mistakes I see: section [ssl] is wrong. MySQL server uses [mysqld] section, command line - client [client] but nobody read [ssl] section! Everything should be added under those common sections - values key and ca are wrong. Should be ssl-key, ssl-ca and so on... Makes sense. I went through the procedures with CA.sh logged in your notes, and was left with these files in my working directory: newcert.pem newreq.pem demoCA/ newcerts/ 01.pem private/ cakey.pem Can you tell me which of those files translates into the files you used in your configuration? [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem [mysql] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [mysqldump] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem Your notes don't include the steps where you renamed the output .pem files to the filenames used in your example my.cnf entries. Page 390 of the new Managing Using MySQL (O'Reilly) book provided some clues for doing this ... In reference to C functions, it says: 'key' contains an SSL public key 'cert' contains the filename of a certificate 'ca' contians the name of the certificate authority 'capath' contains the directory containing the certificate Hmm this is not the first time when O'Reilly publishes bad and misguiding book about MySQL. I personally suggest to avoid them. Paul DuBois one is good example. Could be that I was just making the wrong assumption. I've read a good chunk of the rest of that O'Reilly book today, and it was all pretty good. The section I quoted wasn't specifically documenting the SSL functionality, but just listing a C function for reading SSL-related values from the .cnf file. So, it was probably just the author's shorthand for that function, and I leapt to the wrong conclusion. There is a file in MySQL source tree I wrote about using SSL connections with MySQL: http://www.mysqldeveloper.com/4.x-bk_tree/SSL/NOTES I hope they work for you. There are some pregenerated example key/certificate files included. You may try with then first to ensure that your command-line stuff works first. Thanks again for posting this link! This really helps a lot. I would be happy to write all this up for use as a FAQ answer on mysqldeveloper.com, as I'm sure this has (or will) come up often. Regards, Clay - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL 4.0.1 SSL config - a shot in the dark
A little more information on this problem ... - Tonu's notes state that there are sample SSL keys certs for testing purposes in the SSL directory of the mysql tarball. There is no SSL directory in the mysql-4.0.1-alpha.tar.gz file. Does anyone know which tarball he may be referring to? - In Tonu's notes, there is an example my.cnf entry of: [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem Further in the notes, there's an example of a command-line switch for mysqld: mysqld --ssl-cert=SSL/server-cert.pem --ssl-ca=SSL/cacert.pem --ssl-key=SSL/server-req.pem In other words, one example shows ssl-key pointing to the server-key.pem file, another example shows ssl-key pointing to server-req.pem. I'm looking through the files I created by doing these commands (extracted from Tonu's notes): From the /usr/local/ssl/apps directory ./CA.sh -newca ./CA.sh -newreq ./CA.sh -sign As I mentioned previously, those commands leave me with the following structure: newcert.pem newreq.pem demoCA/ newcerts/ 01.pem private/ cakey.pem newcert.pem and demoCA/newcerts/01.pem are identical. Tonu's notes indicate that passwords should be removed from the key files like this: openssl rsa -inform pem server-req.pem server-key.pem I'm *assuming* that server-req.pem is the same as newreq.pem ... But the leap in file names isn't documented, and the two contradictory examples of ssl-key usage (mentioned above) are confusing. - Is there an estimate for when the documentation on MySQL's SSL functionality will be completed? I would love to be able to set this up without having to guess at how it's done. : ) I'm going to start experimenting with the files I've got to see what works ... I'll report what I find. Meanwhile, the general idea of guessing at how to configure the secure connection is killing the notion of security for me to some extent. - Has anyone successfully set this up on their servers? If so, I would be grateful for your tips! Thanks, Clay From: Clay Loveless [EMAIL PROTECTED] Date: Tue, 18 Jun 2002 12:00:51 -0700 To: MySQL [EMAIL PROTECTED] Subject: Re: MySQL 4.0.1 SSL config - a shot in the dark Hello, From the sound of Tonu's original response, he's pretty busy right now ... If anyone else has an idea based on experience with SSL MySQL, or just with openssl in general, can offer an opinion on this, I would be grateful. I've ordered a book on OpenSSL in an effort to learn more about it for this application as well as others, but it hasn't gotten here yet. I would appreciate any insight before I get around to just guessing! Thanks, Clay From: Clay Loveless [EMAIL PROTECTED] Date: Sat, 15 Jun 2002 21:30:31 -0700 To: MySQL [EMAIL PROTECTED] Subject: Re: MySQL 4.0.1 SSL config - a shot in the dark Tonu, Thank you, thank you! The formal documentation effort is apparently still underway based on your notes ... The link you included eliminates a lot of guesswork! : ) This part of MySQL is written by me and I am sure it worked :) I'm sure it does -- what I meant was that the way I had it configured (my best guess last night) wasn't working. No wonder! 3. EDIT my.cnf ON CLIENT SERVER I added these values to my.cnf: [ssl] key = (LONG public key value - 394 chars - copied from server.crt) cert = ca.crt ca = (Organization Name answer from the Q A session while doing the first ca.key generation) capath = /usr/local/etc/mysqlssl nono, a lot of errors here. I am pretty sleepy and can do smaller mistakes right now but mistakes I see: section [ssl] is wrong. MySQL server uses [mysqld] section, command line - client [client] but nobody read [ssl] section! Everything should be added under those common sections - values key and ca are wrong. Should be ssl-key, ssl-ca and so on... Makes sense. I went through the procedures with CA.sh logged in your notes, and was left with these files in my working directory: newcert.pem newreq.pem demoCA/ newcerts/ 01.pem private/ cakey.pem Can you tell me which of those files translates into the files you used in your configuration? [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem [mysql] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [mysqldump] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem Your notes don't include the steps where you renamed the output .pem files to the filenames used in your example my.cnf entries. Page 390 of the new Managing Using MySQL (O'Reilly) book provided some clues for doing this ... In reference to C functions, it says: 'key' contains an SSL public key 'cert' contains the filename of a certificate 'ca' contians the name of the certificate authority 'capath' contains
Re: MySQL 4.0.1 SSL config - a shot in the dark
[replying to my own thread yet again ... Sorry about that] Thought that anyone silently following my experiments on this may be interested to know: Using the /usr/local/ssl/apps/CA.sh script (part of the openssl installation) as follows: ./CA.sh -newca ./CA.sh -newreq ./CA.sh -sign Then copying files like this: cp newcert.pem /usr/local/etc/mysqlssl/server-cert.pem cp demoCA/cacert.pem /usr/local/etc/mysqlssl/cacert.pem And running: openssl rsa -inform pem newreq.pem /usr/local/etc/mysqlssl/server-key.pem (And doing it all over again with client- for the client machine files) Then adding: ssl-ca=/usr/local/etc/mysqlssl/cacert.pem ssl-cert=/usr/local/etc/mysqlssl/server-cert.pem ssl-key=/usr/local/etc/mysqlssl/server-key.pem ... To your [mysqld] section of my.cnf THEN (finally) adding: ssl-ca=/usr/local/etc/mysqlssl/cacert.pem ssl-cert=/usr/local/etc/mysqlssl/client-cert.pem ssl-key=/usr/local/etc/mysqlssl/client-key.pem ... To your [mysql] section of my.cnf on your client connection machine ... Does the trick. In addition to doing all this, you need to use the GRANT command to allow access to MySQL over SSL as described here: http://www.mysql.com/doc/S/e/Secure_GRANT.html It all works. (Working for me, anyway.) Connecting via the command-line MySQL client now gets me: SSL cipher in use is EDH-RSA-DES-CBC3-SHA Instead of: SSL not in use. Good times! Now if I can just figure out how to get the mysql client embedded in PHP to pick up these [mysql] client values, I'll be all set. Hope this has been helpful to someone! -Clay From: Clay Loveless [EMAIL PROTECTED] Date: Tue, 18 Jun 2002 18:03:02 -0700 To: MySQL [EMAIL PROTECTED] Subject: Re: MySQL 4.0.1 SSL config - a shot in the dark A little more information on this problem ... - Tonu's notes state that there are sample SSL keys certs for testing purposes in the SSL directory of the mysql tarball. There is no SSL directory in the mysql-4.0.1-alpha.tar.gz file. Does anyone know which tarball he may be referring to? - In Tonu's notes, there is an example my.cnf entry of: [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem Further in the notes, there's an example of a command-line switch for mysqld: mysqld --ssl-cert=SSL/server-cert.pem --ssl-ca=SSL/cacert.pem --ssl-key=SSL/server-req.pem In other words, one example shows ssl-key pointing to the server-key.pem file, another example shows ssl-key pointing to server-req.pem. I'm looking through the files I created by doing these commands (extracted from Tonu's notes): From the /usr/local/ssl/apps directory ./CA.sh -newca ./CA.sh -newreq ./CA.sh -sign As I mentioned previously, those commands leave me with the following structure: newcert.pem newreq.pem demoCA/ newcerts/ 01.pem private/ cakey.pem newcert.pem and demoCA/newcerts/01.pem are identical. Tonu's notes indicate that passwords should be removed from the key files like this: openssl rsa -inform pem server-req.pem server-key.pem I'm *assuming* that server-req.pem is the same as newreq.pem ... But the leap in file names isn't documented, and the two contradictory examples of ssl-key usage (mentioned above) are confusing. - Is there an estimate for when the documentation on MySQL's SSL functionality will be completed? I would love to be able to set this up without having to guess at how it's done. : ) I'm going to start experimenting with the files I've got to see what works ... I'll report what I find. Meanwhile, the general idea of guessing at how to configure the secure connection is killing the notion of security for me to some extent. - Has anyone successfully set this up on their servers? If so, I would be grateful for your tips! Thanks, Clay From: Clay Loveless [EMAIL PROTECTED] Date: Tue, 18 Jun 2002 12:00:51 -0700 To: MySQL [EMAIL PROTECTED] Subject: Re: MySQL 4.0.1 SSL config - a shot in the dark Hello, From the sound of Tonu's original response, he's pretty busy right now ... If anyone else has an idea based on experience with SSL MySQL, or just with openssl in general, can offer an opinion on this, I would be grateful. I've ordered a book on OpenSSL in an effort to learn more about it for this application as well as others, but it hasn't gotten here yet. I would appreciate any insight before I get around to just guessing! Thanks, Clay From: Clay Loveless [EMAIL PROTECTED] Date: Sat, 15 Jun 2002 21:30:31 -0700 To: MySQL [EMAIL PROTECTED] Subject: Re: MySQL 4.0.1 SSL config - a shot in the dark Tonu, Thank you, thank you! The formal documentation effort is apparently still underway based on your notes ... The link you included eliminates a lot of guesswork! : ) This part of MySQL is written by me and I am sure it worked :) I'm sure it does -- what I meant was that the way I had it configured (my
Re: MySQL 4.0.1 SSL config - a shot in the dark
Tonu, Thank you, thank you! The formal documentation effort is apparently still underway based on your notes ... The link you included eliminates a lot of guesswork! : ) This part of MySQL is written by me and I am sure it worked :) I'm sure it does -- what I meant was that the way I had it configured (my best guess last night) wasn't working. No wonder! 3. EDIT my.cnf ON CLIENT SERVER I added these values to my.cnf: [ssl] key = (LONG public key value - 394 chars - copied from server.crt) cert = ca.crt ca = (Organization Name answer from the Q A session while doing the first ca.key generation) capath = /usr/local/etc/mysqlssl nono, a lot of errors here. I am pretty sleepy and can do smaller mistakes right now but mistakes I see: section [ssl] is wrong. MySQL server uses [mysqld] section, command line - client [client] but nobody read [ssl] section! Everything should be added under those common sections - values key and ca are wrong. Should be ssl-key, ssl-ca and so on... Makes sense. I went through the procedures with CA.sh logged in your notes, and was left with these files in my working directory: newcert.pem newreq.pem demoCA/ newcerts/ 01.pem private/ cakey.pem Can you tell me which of those files translates into the files you used in your configuration? [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem [mysql] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [mysqldump] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem Your notes don't include the steps where you renamed the output .pem files to the filenames used in your example my.cnf entries. Page 390 of the new Managing Using MySQL (O'Reilly) book provided some clues for doing this ... In reference to C functions, it says: 'key' contains an SSL public key 'cert' contains the filename of a certificate 'ca' contians the name of the certificate authority 'capath' contains the directory containing the certificate Hmm this is not the first time when O'Reilly publishes bad and misguiding book about MySQL. I personally suggest to avoid them. Paul DuBois one is good example. Could be that I was just making the wrong assumption. I've read a good chunk of the rest of that O'Reilly book today, and it was all pretty good. The section I quoted wasn't specifically documenting the SSL functionality, but just listing a C function for reading SSL-related values from the .cnf file. So, it was probably just the author's shorthand for that function, and I leapt to the wrong conclusion. There is a file in MySQL source tree I wrote about using SSL connections with MySQL: http://www.mysqldeveloper.com/4.x-bk_tree/SSL/NOTES I hope they work for you. There are some pregenerated example key/certificate files included. You may try with then first to ensure that your command-line stuff works first. Thanks again for posting this link! This really helps a lot. I would be happy to write all this up for use as a FAQ answer on mysqldeveloper.com, as I'm sure this has (or will) come up often. Regards, Clay - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MySQL 4.0.1 SSL config - a shot in the dark
I've been trying to figure out how to set up SSL support in mysql-4.0.1 ... The online documentation is pretty sparse on the subject. Here's what I've got so far -- and so far this is *NOT* working. I'm putting it out here so that someone else may be able to fiddle around on their end and help figure out how to get this working. OBJECTIVE Get mysql client and mysql server talking to each other over SSL connection. ASSUMES Both MySQL client server were built with these options: --with-vio --with-openssl As described here: http://www.mysql.com/doc/S/e/Secure_requirements.html QUESTION How to configure client server certificates to ensure successful SSL connection? DISCLAIMER I'm no expert on OpenSSL. :-) 1. CREATE A SELF-SIGNED CERTIFICATE Going off of instructions posted here: http://www.coruscant.demon.co.uk/mike/imap/security.html I did this: shell openssl genrsa -des3 -out /path/to/cadir/ca.key 1024 shell openssl req -new -x509 -days 365 -key /path/to/cadir/ca.key \ -out /path/to/cadir/ca.crt shell openssl req -new -key /path/to/cadir/ca.key \ -out /path/to/cadir/server.csr Then I grabbed the mod_ssl package from www.modssl.org, moved the sign.sh script from pkg.contrib into /path/to/cadir Then: shell ./sign.sh server.csr 2. PLACE CERTIFICATE FILES IN APPROPRIATE PLACES On both my client machine and server machine, I copied the contents of /path/to/cadir to /usr/local/etc/mysqlssl 3. EDIT my.cnf ON CLIENT SERVER I added these values to my.cnf: [ssl] key = (LONG public key value - 394 chars - copied from server.crt) cert = ca.crt ca = (Organization Name answer from the Q A session while doing the first ca.key generation) capath = /usr/local/etc/mysqlssl So far, this hasn't worked ... But at least MySQL runs without errors, so I believe I've got the my.cnf variable names correct. Page 390 of the new Managing Using MySQL (O'Reilly) book provided some clues for doing this ... In reference to C functions, it says: 'key' contains an SSL public key 'cert' contains the filename of a certificate 'ca' contians the name of the certificate authority 'capath' contains the directory containing the certificate Like I said, this hasn't worked yet -- I'm still getting SSL is not in use when I connect via the mysql client. No errors appear in the error log. Has anyone else tried this? Any luck? - Clay - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL 4.0.1 SSL config - a shot in the dark
On Sat, 15 Jun 2002, Clay Loveless wrote: I've been trying to figure out how to set up SSL support in mysql-4.0.1 ... The online documentation is pretty sparse on the subject. Here's what I've got so far -- and so far this is *NOT* working. I'm putting it out here so that someone else may be able to fiddle around on their end and help figure out how to get this working. This part of MySQL is written by me and I am sure it worked :) 3. EDIT my.cnf ON CLIENT SERVER I added these values to my.cnf: [ssl] key = (LONG public key value - 394 chars - copied from server.crt) cert = ca.crt ca = (Organization Name answer from the Q A session while doing the first ca.key generation) capath = /usr/local/etc/mysqlssl nono, a lot of errors here. I am pretty sleepy and can do smaller mistakes right now but mistakes I see: section [ssl] is wrong. MySQL server uses [mysqld] section, command line - client [client] but nobody read [ssl] section! Everything should be added under those common sections - values key and ca are wrong. Should be ssl-key, ssl-ca and so on... So far, this hasn't worked ... But at least MySQL runs without errors, so I believe I've got the my.cnf variable names correct. Page 390 of the new Managing Using MySQL (O'Reilly) book provided some clues for doing this ... In reference to C functions, it says: 'key' contains an SSL public key 'cert' contains the filename of a certificate 'ca' contians the name of the certificate authority 'capath' contains the directory containing the certificate Hmm this is not the first time when O'Reilly publishes bad and misguiding book about MySQL. I personally suggest to avoid them. Paul DuBois one is good example. There is a file in MySQL source tree I wrote about using SSL connections with MySQL: http://www.mysqldeveloper.com/4.x-bk_tree/SSL/NOTES I hope they work for you. There are some pregenerated example key/certificate files included. You may try with then first to ensure that your command-line stuff works first. Like I said, this hasn't worked yet -- I'm still getting SSL is not in use when I connect via the mysql client. No errors appear in the error log. Any questions more which I can help to solve - please ask but keep discussion Cc:-d in this list. Also any sponsorship offers for developing SSL around replication are welcome. I am sure someone needs it :) Tonu - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MySQL with SSL support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, Need: Communicate securely using PKI from a DBI perl script to MySQL where dozens of clients connect from multiple sites around the country (stunnel is not an option :( If I issue a grant command like such GRANT ALL PRIVILEGES ON test.* TO [EMAIL PROTECTED] IDENTIFIED BY goodsecret REQUIRE SUBJECT C=EE, ST=Some-State, L=Tallinn, O=MySQL demo client certificate, CN=Tonu [EMAIL PROTECTED] AND ISSUER C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu [EMAIL PROTECTED] AND CIPHER EDH-RSA-DES-CBC3-SHA I am assuming that in order to make something like this work that you would also need to present your client certificate then the mysqld would check the issuer and the cn for the client, but reading through the documentation, and the change log for DBD:MYSQL I don't see anything that would allow me to specify the client certificate. Searching through google I did find http:[EMAIL PROTECTED]/msg00050.html which specs that you are supposed to use mysql_ssl=1 in the DSN but that only gets me half way there. I was wondering if any of you guys out there have found a way around this tid bit of a problem. Background: I have version 4.01 running on a Linux 7.1 machine the environment variables for SSL show up. Thanks in Advance, JC -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBPHMOqnX+hJvt5DtWEQIFFgCfQDNuz4buG7JQp1iDVkGIzZIfAM0AnivJ t1do+xjkRMJiJVzoQl8PeBxC =P9HK -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL with SSL support
Hi JC I know you said stunnel is not an option but how about SSLwrap? http://www.quiltaholic.com/rickk/sslwrap/ james At 18:49 19/02/2002 -0800, JC wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, Need: Communicate securely using PKI from a DBI perl script to MySQL where dozens of clients connect from multiple sites around the country (stunnel is not an option :( If I issue a grant command like such GRANT ALL PRIVILEGES ON test.* TO [EMAIL PROTECTED] IDENTIFIED BY goodsecret REQUIRE SUBJECT C=EE, ST=Some-State, L=Tallinn, O=MySQL demo client certificate, CN=Tonu [EMAIL PROTECTED] AND ISSUER C=FI, ST=Some-State, L=Helsinki, O=MySQL Finland AB, CN=Tonu [EMAIL PROTECTED] AND CIPHER EDH-RSA-DES-CBC3-SHA I am assuming that in order to make something like this work that you would also need to present your client certificate then the mysqld would check the issuer and the cn for the client, but reading through the documentation, and the change log for DBD:MYSQL I don't see anything that would allow me to specify the client certificate. Searching through google I did find http:[EMAIL PROTECTED]/msg00050.html which specs that you are supposed to use mysql_ssl=1 in the DSN but that only gets me half way there. I was wondering if any of you guys out there have found a way around this tid bit of a problem. Background: I have version 4.01 running on a Linux 7.1 machine the environment variables for SSL show up. Thanks in Advance, JC -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBPHMOqnX+hJvt5DtWEQIFFgCfQDNuz4buG7JQp1iDVkGIzZIfAM0AnivJ t1do+xjkRMJiJVzoQl8PeBxC =P9HK -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php James Carrier Bullet Online :: Aim Higher [http://www.bulletonline.com] 41b Beavor Lane, London W6 9BL Tel +44 (0) 20 8834 3442 Fax +44 (0) 20 8741 2790 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
problem with mySQL using SSL
Hello all. I downloaded the mysql v4.0.1 source and openssl 0.9.6c source. I built openssl OK I built mysql as follows: ./configure --with-vio --with-openssl make make install The build went well all the way. The mysql server seem to start ok. When I try to connect with mysql client after a few seconds I get the following error message mysqlshow databases; ERROR 2006: MySQL server has gone away No connection. Trying to reconnect... Connection id:8 Current database: *** NONE *** when I do a show status I get the following. mysql show status; ++---+ | Variable_name | Value | ++---+ | Aborted_clients| 8 | | Aborted_connects | 0 | | Bytes_received | 529 | | Bytes_sent | 1049 | | Com_admin_commands | 0 | | Com_alter_table| 0 | | Com_analyze| 0 | | Com_backup_table | 0 | | Com_begin | 0 | | Com_change_db | 0 | | Com_change_master | 0 | | Com_check | 0 | | Com_commit | 0 | | Com_create_db | 0 | | Com_create_function| 0 | | Com_create_index | 0 | | Com_create_table | 0 | | Com_delete | 0 | | Com_delete_multi | 0 | | Com_drop_db| 0 | | Com_drop_function | 0 | | Com_drop_index | 0 | | Com_drop_table | 0 | | Com_flush | 0 | | Com_grant | 2 | | Com_ha_close | 0 | | Com_ha_open| 0 | | Com_ha_read| 0 | | Com_insert | 0 | | Com_insert_select | 0 | | Com_kill | 0 | | Com_load | 0 | | Com_load_master_data | 0 | | Com_load_master_table | 0 | | Com_lock_tables| 0 | | Com_optimize | 0 | | Com_purge | 0 | | Com_rename_table | 0 | | Com_repair | 0 | | Com_replace| 0 | | Com_replace_select | 0 | | Com_reset | 0 | | Com_restore_table | 0 | | Com_revoke | 0 | | Com_rollback | 0 | | Com_select | 0 | | Com_set_option | 0 | | Com_show_binlog_events | 0 | | Com_show_binlogs | 0 | | Com_show_create| 0 | | Com_show_databases | 10| | Com_show_fields| 0 | | Com_show_grants| 0 | | Com_show_keys | 0 | | Com_show_logs | 0 | | Com_show_master_stat | 0 | | Com_show_new_master| 0 | | Com_show_open_tables | 0 | | Com_show_processlist | 0 | | Com_show_slave_hosts | 0 | | Com_show_slave_stat| 0 | | Com_show_status| 2 | | Com_show_tables| 0 | | Com_show_variables | 0 | | Com_slave_start| 0 | | Com_slave_stop | 0 | | Com_truncate | 0 | | Com_unlock_tables | 0 | | Com_update | 0 | | Connections| 10| | Created_tmp_disk_tables| 0 | | Created_tmp_tables | 0 | | Created_tmp_files | 0 | | Delayed_insert_threads | 0 | | Delayed_writes | 0 | | Delayed_errors | 0 | | Flush_commands | 1 | | Handler_delete | 0 | | Handler_read_first | 1 | | Handler_read_key | 1 | | Handler_read_next | 0 | | Handler_read_prev | 0 | | Handler_read_rnd | 0 | | Handler_read_rnd_next | 11| | Handler_update | 0 | | Handler_write | 1 | | Key_blocks_used| 1 | | Key_read_requests | 2 | | Key_reads | 1 | | Key_write_requests | 1 | | Key_writes | 1 | | Max_used_connections | 0 | | Not_flushed_key_blocks | 0 | | Not_flushed_delayed_rows | 0 | | Open_tables| 2 | | Open_files | 6 | | Open_streams | 0 | | Opened_tables | 8 | | Questions | 8 | | Qcache_queries_in_cache| 0 | |
problem with mySQL using SSL
Hello all. I downloaded the mysql v4.0.1 source and openssl 0.9.6c source. I built openssl OK I built mysql as follows: ./configure --with-vio --with-openssl make make install The build went well all the way. The mysql server seem to start ok. When I try to connect with mysql client after a few seconds I get the following error message mysqlshow databases; ERROR 2006: MySQL server has gone away No connection. Trying to reconnect... Connection id:8 Current database: *** NONE *** a show variables; mysql show variables like 'have%'; ERROR 2006: MySQL server has gone away No connection. Trying to reconnect... Connection id:15 Current database: *** NONE *** +---+---+ | Variable_name | Value | +---+---+ | have_bdb | NO| | have_innodb | YES | | have_isam | YES | | have_raid | NO| | have_symlink | YES | | have_openssl | YES | +---+---+ 6 rows in set (0.14 sec) I can see that ipenssl is running, but the server keeps loosing the connection. If I buld mysql without the --with-vio --with-openssl options all works ok, except of course I have no ssl. Has anyone gotten 4.0.1 to run with openssl? If so, please let me know what you did to make it work. Should I use an older version of openssl? Maybe 0.9.6b or 0.9.6a? Thanks, Jorge - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
problem with mySQL using SSL
Hello all. I downloaded the mysql v4.0.1 source and openssl 0.9.6c source. I built openssl OK I built mysql as follows: ./configure --with-vio --with-openssl make make install The build went well all the way. The mysql server seem to start ok. When I try to connect with mysql client after a few seconds I get the following error message mysqlshow databases; ERROR 2006: MySQL server has gone away No connection. Trying to reconnect... Connection id:8 Current database: *** NONE *** a show variables; mysql show variables like 'have%'; ERROR 2006: MySQL server has gone away No connection. Trying to reconnect... Connection id:15 Current database: *** NONE *** +---+---+ | Variable_name | Value | +---+---+ | have_bdb | NO| | have_innodb | YES | | have_isam | YES | | have_raid | NO| | have_symlink | YES | | have_openssl | YES | +---+---+ 6 rows in set (0.14 sec) I can see that ipenssl is running, but the server keeps loosing the connection. If I buld mysql without the --with-vio --with-openssl options all works ok, except of course I have no ssl. Has anyone gotten 4.0.1 to run with openssl? If so, please let me know what you did to make it work. Should I use an older version of openssl? Maybe 0.9.6b or 0.9.6a? Thanks, Jorge - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MySQL and SSL
I think it would be possible to use MySQL with SSL in the following way: I know of a program called sslwrap, based on openssl. It can be found at sourceforge.net. It is a wrapper that will act like a tunnel end of a ssl connection and then forward the unencrypted data to another port on your local machine. You will also need openssl or ssleay and to create a certificate. Self signed is acceptable. Example: MySQL runs on port 3306 and accepts connections only from localhost. sslwrap runs on port 3305 and forwards to local port 3306. = ing. Andrei Boros Centrul pt. Tehnologia Informatiei Societatea Romana de Radiodifuziune __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
mysql w/SSL support howto?..
Is it possible for mysql 3.23.40 to support SSL. hm, how? i guess.. i will download, openssl? first. then ./configure -- etc make make install then, download the mysql source. then.. ./configure --prefix=/usr/local/mysql --enable-assembler --with-mysqld-ldfla gs=-all-static --with-ssl=../openssl-ver# make make install am i correct? or better yet try and download the mysql 4 ? hehe, hope someone could help me out here.. ty louie miranda --- (axishift.ath.cx) PGPID: 0xDABA60C7 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: mysql w/SSL support howto?..
On 07 Aug 2001 16:21:13 +0800, louie miranda wrote: Is it possible for mysql 3.23.40 to support SSL. hm, how? No, from MySQL 4.0 only. -- For technical support contracts, goto https://order.mysql.com/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Mr. Tonu Samuel [EMAIL PROTECTED] / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Security Administrator /_/ /_/\_, /___/\___\_\___/ Hong Kong, China ___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: ODBC for MySql with SSL
Tonu Samuel wrote: On 09 May 2001 09:43:59 +0100, Eugénio Veiga wrote: Hi Does any body if is possible in windows 9x to implement odbc for MySql with ssl ? There exists any driver for this ? Well, I do not know much about ODBC. But anyway if you tell MySQL with SSL then you mean my work on SSL support for MySQL which is in my laptop mostly ready and will be included in MySQL 4.0 soon. After that we will have MySQL with SSL and all client applications can use facilities of SSL. I personally do not know about ODBC driver and when this will be coded to use SSL. Anyway this can't be done before MySQL itself is ready for this. Will this code be used by the replication slave code ? Ie. have slaves connecting over ssl ? Looking forward to SSL clients though, thanks ! Greg - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: ODBC for MySql with SSL
On 09 May 2001 09:43:59 +0100, Eugénio Veiga wrote: Hi Does any body if is possible in windows 9x to implement odbc for MySql with ssl ? There exists any driver for this ? Well, I do not know much about ODBC. But anyway if you tell MySQL with SSL then you mean my work on SSL support for MySQL which is in my laptop mostly ready and will be included in MySQL 4.0 soon. After that we will have MySQL with SSL and all client applications can use facilities of SSL. I personally do not know about ODBC driver and when this will be coded to use SSL. Anyway this can't be done before MySQL itself is ready for this. For curious people who ask why there are so big delay in SSL support - there were problems which can be identified as force majeure, and yes there is no SSL support in MySQL while there are some excertps of code inside beginning from 3.23.8. Tõnu - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
ODBC for MySql with SSL
Hi Does any body if is possible in windows 9x to implement odbc for MySql with ssl ? There exists any driver for this ? Thanks Eugénio Veiga - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: ODBC for MySql with SSL
On Wed, May 09, 2001 at 09:43:59AM +0100, Eugénio Veiga wrote: Hi Does any body if is possible in windows 9x to implement odbc for MySql with ssl ? There exists any driver for this ? Not sure about that. But if you don't get any good leads, you might consider using an SSH tunnel between the Windows box and the MySQL server. You'll get benefits similar to SSL. Jeremy -- Jeremy D. Zawodny, [EMAIL PROTECTED] Technical Yahoo - Yahoo Finance Desk: (408) 349-7878Fax: (408) 349-5454Cell: (408) 439-9951 MySQL 3.23.29: up 126 days, processed 780,402,003 queries (71/sec. avg) - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Re: ODBC for MySql with SSL
- Original Message - From: [EMAIL PROTECTED] To: La Rocca Network [EMAIL PROTECTED] Sent: Wednesday, May 09, 2001 2:06 PM Subject: Re: Re: ODBC for MySql with SSL Your message cannot be posted because it appears to be either spam or simply off topic to our filter. To bypass the filter you must include one of the following words in your message: database,sql,query If you just reply to this message, and include the entire text of it in the reply, your reply will go through. However, you should first review the text of the message to make sure it has something to do with MySQL. You have written the following: where do I find the SSH software ? regards, Nelson - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: ODBC for MySql with SSL
If you want to check ssh for use with mysql, check out openssh.com. La Rocca Network wrote: - Original Message - From: [EMAIL PROTECTED] To: La Rocca Network [EMAIL PROTECTED] Sent: Wednesday, May 09, 2001 2:06 PM Subject: Re: Re: ODBC for MySql with SSL Your message cannot be posted because it appears to be either spam or simply off topic to our filter. To bypass the filter you must include one of the following words in your message: database,sql,query If you just reply to this message, and include the entire text of it in the reply, your reply will go through. However, you should first review the text of the message to make sure it has something to do with MySQL. You have written the following: where do I find the SSH software ? regards, Nelson - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php -- Gerald L. Clark [EMAIL PROTECTED] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php