The MySQL API never paid attention to the "ssl" option; you can still do SSL (with MySQL 4+) - you just need to configure /etc/my.cnf and the server per the usual settings.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
And when I dumping packets with ethereal I see all queries to server in plain text. But at the same time native mysql client use SSL and in ethereal I can see nothing just encrypted packets.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I thought the MySQL RPMS (or even the static tarball) would include openssl support - it appears this isn't the case? I guess I have to compile my own version to test this problem out :-(
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ChangeLog
1.1 - 1.2
* CHANGE: Removed 'ssl' config option - it's not supposed to be used by client programs.
So, is it completely removed now ?
The MySQL API never paid attention to the "ssl" option; you can still do SSL (with MySQL 4+) - you just need to configure /etc/my.cnf and the server per the usual settings.
I did it, in MySQL 4.1.7 config file I set
[client]
ssl-ca=/etc/ssl/mysql/cacert.pem
ssl-cert=/etc/ssl/mysql/client-cert.pem
ssl-key=/etc/ssl/mysql/client-key.pem
[mysqld]
ssl-ca=/etc/ssl/mysql/cacert.pem
ssl-cert=/etc/ssl/mysql/server-cert.pem
ssl-key=/etc/ssl/mysql/server-key.pem
set-variable=wait_timeout=60
set-variable=max_connections=333
And when I dumping packets with ethereal I see all queries to server in plain text. But at the same time native mysql client use SSL and in ethereal I can see nothing just encrypted packets.
That's odd. Have you restarted all the processes that load libnss_mysql or rebooted after making that change to /etc/my.cnf?
Yes, sure.
I rebooted my PC after installing libnss_mysql and making changes to my.cnf
I thought the MySQL RPMS (or even the static tarball) would include openssl support - it appears this isn't the case? I guess I have to compile my own version to test this problem out :-(
Indeed, libnss-mysql isn't reading the [client] section. I'll fix this and release version 1.4 ASAP - hopefully tonight.
Great!
Thanks.
I will try it today.
I did try to install you RPM binary to Slackware 10. It works, but doesn't use SSL again :)
as I understand libmysqlclient is compiled statically ?
root@nss:/# ldd libnss_mysql.so
libz.so.1 => /usr/lib/libz.so.1 (0x4004b000)
libdl.so.2 => /lib/libdl.so.2 (0x4005c000)
libm.so.6 => /lib/libm.so.6 (0x4005f000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40081000)
libc.so.6 => /lib/libc.so.6 (0x40097000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
Then I tried to compile from source, and got
root@nss:/# ldd libnss_mysql.so.2.0.0
libmysqlclient.so.14 => /usr/lib/mysql/libmysqlclient.so.14 (0x4001e000)
libz.so.1 => /usr/lib/libz.so.1 (0x40123000)
libdl.so.2 => /lib/libdl.so.2 (0x40134000)
libm.so.6 => /lib/libm.so.6 (0x40137000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4015a000)
libc.so.6 => /lib/libc.so.6 (0x4016f000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x4029e000)
libssl.so.0 => /usr/lib/libssl.so.0 (0x402cb000)
libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x402fc000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
Now it works !
Thanks again ;)
Ooo. interesting RPM issue .. I'll have to modify my build host to include an ssl-enabled mysql as well I guess .. anyway, glad you got it working!