SSL with MySQL?

[normancz]

Hello,
is SSL with MySQL possible?

In the specific options are the fields SSLCACert, SSLCert, SSLChipherList and SSLKey available, but no SSLMode.

I testet a wrong ca-cert filename with path and a wrong ca-cert file to the SSLCACert param but the connection opens without any errors.

I also inserted a MySQL.SSLMode param with smRequire value and places the libeay32.dll and ssleay32.dll to the folder. But I can't create an error.

I'm using unidac 2.50.0.6 with delphi 2007. Is SSL with MySQL in newer versions supported?

Bye,
Norman

[Plash]

You should set the Protocol specific option to mpSSL.

[[email protected]]

Hello,

I have also an error !!!
SSL_do_handshake = -1
SSL_get_err(...,r2) = 1


I have done the following steps:
1. generate a SSL CA, a server and client cert and key.
2. configure Mysql 5.1.39 for SSL
3. Test local ssl-connection on the mysql machine - working
4. test ssl-connection remote from my laptop - working
5. make a projekt with UniDac and MySql Provider
- set the SpecificOptions
-> Protokol: mpSSL
-> SSLCACert: .\ca-cert.pem
-> SSLCert: .\client-sert.pem
-> SSLKey: .\client.key.pem
All the files are generated on a windows machine and are avail in the runtime directory.

OS Windows 7 64-Bit
D2009
MySql 5.1.x

Does anyone have a solution for that?

thx. Uwe

[Dimon]

Try to set full paths to SSL certificates (SSLCACert, SSLCert, SSLKey).

4. test ssl-connection remote from my laptop - working

Please, specify how did you test SSL connection.

[[email protected]]

Hello Dimon,

1. Step MySql server. Login as normal user without SSL client

C:\web\OpenSSL-Win32\bin>..\..\MySQL\bin\mysql --user= --p=password=
Enter password: *******
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.1.34-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> \s
--------------
..\..\MySQL\bin\mysql Ver 14.14 Distrib 5.1.34, for Win32 (ia32)

Connection id: 45
Current database:
Current user: root@localhost
SSL: Not in use
Using delimiter: ;
Server version: 5.1.34-community MySQL Community Server (GPL)
Protocol version: 10
Connection: localhost via TCP/IP
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
TCP port: 130264
Uptime: 2 days 5 hours 40 min 5 sec

Threads: 2 Questions: 1463 Slow queries: 0 Opens: 22 Flush tables: 1 Open tables: 0 Queries per second avg: 0.7

2. Step MySql server. Login as normal with SSL client

D:\web\ssl>d:\web\MySQL\bin\mysql --host=chriweb001.riekerworld.com --port=130264 --user= --password= --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 40
Server version: 5.1.34-community MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> \s
--------------
..\..\MySQL\bin\mysql Ver 14.14 Distrib 5.1.34, for Win32 (ia32)

Connection id: 44
Current database:
Current user: root@localhost
SSL: Cipher in use is DHE-RSA-AES256-SHA
Using delimiter: ;
Server version: 5.1.34-community MySQL Community Server (GPL)
Protocol version: 10
Connection: localhost via TCP/IP
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
TCP port: 130264
Uptime: 2 days 5 hours 39 min 8 sec

Threads: 3 Questions: 1458 Slow queries: 0 Opens: 22 Flush tables: 1 Open tables: 0 Queries per second avg: 0.7

3. Step MySql server. Login as normal with SSL client (remote)

mysql> \s
--------------
d:\web\MySQL\bin\mysql Ver 14.14 Distrib 5.1.39, for Win64 (unknown)

Connection id: 46
SSL: Cipher in use is DHE-RSA-AES256-SHA
Using delimiter: ;
Server version: 5.1.34-community MySQL Community Server (GPL)
Protocol version: 10
Connection: chriweb001.riekerworld.com via TCP/IP
Client characterset: utf8
Server characterset: utf8
TCP port: 130264
Uptime: 2 days 5 hours 48 min 51 sec

Threads: 3 Questions: 1466 Slow queries: 0 Opens: 22 Flush tables: 1 Open tables: 0 Queries per second avg: 0.7

I tried also with fullpath inside the dbMySql (TUniConnect).
I can send you an sample if you want. The DB is reachable over internet (only test system at the moment)...

Greetings
Uwe

[Dimon]

Please send me a sample to dmitryg*devart*com.
Also specify the exact version of your libeay32.dll and ssleay32.dll libraries.

[lkzcgfvf]

Hi,

I've got the same problem (Delphi7, MyDAC 5.90.0.57, MySQL 5.1.37) and found solution on MySQL site.
The problem is that SSL certificate is expired after 30 days after creation.
Details of this problem here http://forums.mysql.com/read.php?35,39354.
Workaround - recreate certificate. To disable experation after 30 days use option "-enddate -noout" in generation process.

[alexdmatveev]

Hello,

I have the same problem with up-to-date certificates. I created them today.
Has anybody found a solution for the problem?

I use D2010 and Unidac + MySQL 5.5

Thanks,

Regards, Alex

[AndreyZ]

Most likely, you encounter this problem because your server and client certificates are signed with different Certificate Authority. To avoid the problem, you should sign your server and client certificates with the same Certificate Authority.

[alexdmatveev]

Hello

thanks for your answer,

I do not use any certificate center.
I create all certificates on my computer so as it said here:

http://chartio.com/docs/datasources/con ... /mysql-ssl

Have you other idea?

Thanks,

Regards, Alex.

[AndreyZ]

Please try to create and verify the certificates as it is described at http://dev.mysql.com/doc/refman/5.5/en/ ... certs.html . After this, please check if you can connect to your MySQL server using the MySQL command tool. For more information, please refer to http://dev.mysql.com/doc/refman/5.5/en/ ... tions.html