sunanda menon wrote: > Jyri Virkki wrote: >> sunanda menon wrote: >>> Please review the changes made to the MySQL-OpenSSL ARC writeup. >> >> >>> MySQL source provides the Certificate Authority(CA) certificate, the >>> server public key and the server private key to start the MySQL >>> server so that it allows the clients to connect via SSL. >> >> Not clear to me what you mean by "MySQL source provides ..."? >> It sounds as if the CA cert and server keys are embedded in the source? >> That can't be it though. But then what does the above paragraph mean? > It actually means the keys+certificates are embedded in the source and > they are usually placed in mysql-test/std_data.I'm showing here the > bits of mysql-5.0.67 ,but the same is true for 5.0.77 > ./mysql-5.0.67/mysql-test/std_data/cacert.pem > ./mysql-5.0.67/mysql-test/std_data/server8k-key.pem ...
Aren't these keys/certificates just for the test suite to use? If SSL connections are desired, the MySQL administrator needs to provide appropriate replacements for production use, following the usual SSL considerations.
