23 Jan
2015
23 Jan
'15
11:10 a.m.
Daniel-Constantin Mierla writes:
i don't know about page number but here is the text:
--ssl-ca=file_name
The path to a file in PEM format that contains a list of trusted SSL
certificate authorities. This option implies --ssl.
I checked the dependencies of packages on wheezy and
libmysqlclient is
not listed for mysql-client, so the later is not using the lib.
ok.
i have all
wanted options in [client] group:
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
ssl-ca=/etc/mysql/cacert.pem
according to mysql 5.5 ref man, ssl-ca option implies ssl option and
those are enough for mysql cli client to use ssl.
What page did you read? That could be for mysql client cli tool, but
appears it doesn't apply to libmysql client -- at the bottom of the next
link, it says that a specific function has to be used in c code to set
the certificates and enable connecting via tls:
- http://dev.mysql.com/doc/refman/5.5/en/using-ssl-connections.html
here is the text:
The C API enables application programs to use SSL:
To establish a secure connection, use the mysql_ssl_set() C API
function to set the appropriate certificate options before calling
mysql_real_connect(). See Section 23.8.7.67, “mysql_ssl_set()”.
so if [client] has ssl-ca option, mysql_ssl_set() should be called?
-- juha