httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <>
Subject RE: SSL-enabled interaction with MySQL
Date Mon, 30 Apr 2007 10:11:31 GMT
Hi Naveen,
> A standalone client is working perfect to provide the SSL layer with the
> database, and it is using the same client lib (libmysqlclient). I used
> common ethereal tool to ensure that everything it does is encrypted. I
> used
> the same mysql_ssl_set() prior to establishing the connection. I simply
> did
> the following :

> mysql_handle=mysql_init(NULL);
> static my_bool opt_ssl_verify_server_cert= 0;

> mysql_ssl_set(mysql_handle, 0, 0, "/root/DIGI_DEPS/newcerts/ca-cert.pem",
> 0,
> 0);
> mysql_options(&mysql_conn,MYSQL_OPT_SSL_VERIFY_SERVER_CERT,(char*)&opt_ssl
> _v
> erify_server_cert);

> mysql_handle=mysql_real_connect(&mysql_conn,db_host,
>   conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0);
> .
Since everything you posted sounds perfect, here a shot in the dark: 
I see you have a path to the /root directory for the certs. Apache changes indentity when
starting, and it might be a simple access problem perhaps? I would do two things:
- move the certs below a place you make worldwide readable for testing
- insert apr_stat() calls before you try to use the certs, and bail out and write info to
the error log if the certs cant be accessed for whatever reason.

good luck! Guenter.

View raw message