Can't connect with SSL

mdraca · Post by **mdraca** » Mon 26 Sep 2011 12:14

Hi.
I'm using Devart dotConnect for MySql version 6.30.165.0 and i have trouble connecting with SSL.
If I use CaCert, Cert and Key properties of MySqlConnection.SslOptions MySql responds with

Code: Select all

SSL connection error (2026):
Verification check of remote certificate failed.

if I skip CaCert and use only Cert and Key, connection is successful.

This is a code snippet that doesn't work

Code: Select all

static void Main(string[] args)
		{
			var myConn = new MySqlConnection("host=localhost;protocol=SSL;user=ssluser;password=localusrpass;database=testssl");
			myConn.SslOptions.CACert = "file://c:\certs\CA-cert.pem";
			myConn.SslOptions.Cert = "file://c:\Certs\client-cert.pem";
			myConn.SslOptions.Key = "file://c:\Certs\client-key.pem";
			var myCommand = new MySqlCommand("select count(*) from tbl1", myConn);
			try
			{
				myConn.Open();
				Int64 count = Convert.ToInt64(myCommand.ExecuteScalar());
				Console.WriteLine(count);
				myConn.Close();
			}
			catch (Exception ex)
			{
				Console.WriteLine(ex.Message);
			}
			Console.ReadLine();
		}

and this works

Code: Select all

static void Main(string[] args)
		{
			var myConn = new MySqlConnection("host=localhost;protocol=SSL;user=ssluser;password=localusrpass;database=testssl");
			//myConn.SslOptions.CACert = "file://c:\certs\CA-cert.pem";
			myConn.SslOptions.Cert = "file://c:\Certs\client-cert.pem";
			myConn.SslOptions.Key = "file://c:\Certs\client-key.pem";
			var myCommand = new MySqlCommand("select count(*) from tbl1", myConn);
			try
			{
				myConn.Open();
				Int64 count = Convert.ToInt64(myCommand.ExecuteScalar());
				Console.WriteLine(count);
				myConn.Close();
			}
			catch (Exception ex)
			{
				Console.WriteLine(ex.Message);
			}
			Console.ReadLine();
		}

What am I doing wrong?

Certificates are valid, using all of the three files works well when connecting directly to mysql from console.

Thanks.

Shalex · Post by **Shalex** » Fri 30 Sep 2011 10:35

If you are using CaCert, Cert, and Key properties, there is a double protection:
- server validates Cert and Key, which are set in the connection string, and returns its response (1);
- our provider validates server's Cert and Key basing on the CACert from the connection string (2).

If you skip CaCert and use only Cert and Key, there will be only the check (1).

mdraca wrote:

Code: Select all

SSL connection error (2026):
Verification check of remote certificate failed.

This means that the check (2) failed. As a workaround, please use only the check (1).
We cannot reproduce the problem with CaCert in our environment using our test certificates. If possible, send us the following information:
1) your test certificates. If you cannot give us your current certificates, please generate the test ones, with which the problem persists as well;
2) the version of your MySQL server;
3) the version, edition, capacity of operating system where you are running the program.

mdraca · Post by **mdraca** » Mon 03 Oct 2011 20:15

MySql is as follows:
version: 5.5.11
version_comment: MySQL Community Server (GPL)
version_compile_machine: x86
version_compile_os: Win64

OS is Windows 7 Ultimate 64 bit (ver 6.1.7600).

Certs (no option to attach so...):
CA cert

Code: Select all

client cert

Code: Select all

client key

Code: Select all

server cert

Code: Select all

server key

Code: Select all

Shalex · Post by **Shalex** » Fri 07 Oct 2011 16:48

Please visit http://www.devart.com/company/contact.html and attach your certificates (and mention the link to this thread).

I am getting "SSL connection error (2026): Cannot load client private key. [Invalid PEM header.]" with these certificates.