Daniel-Constantin Mierla writes:
I checked the dependencies of packages on wheezy and libmysqlclient is not listed for mysql-client, so the later is not using the lib.
ok.
i have all wanted options in [client] group:
[client] port = 3306 socket = /var/run/mysqld/mysqld.sock ssl-ca=/etc/mysql/cacert.pem
according to mysql 5.5 ref man, ssl-ca option implies ssl option and those are enough for mysql cli client to use ssl.
What page did you read?
i don't know about page number but here is the text:
--ssl-ca=file_name
The path to a file in PEM format that contains a list of trusted SSL certificate authorities. This option implies --ssl.
That could be for mysql client cli tool, but appears it doesn't apply to libmysql client -- at the bottom of the next link, it says that a specific function has to be used in c code to set the certificates and enable connecting via tls:
here is the text:
The C API enables application programs to use SSL:
To establish a secure connection, use the mysql_ssl_set() C API function to set the appropriate certificate options before calling mysql_real_connect(). See Section 23.8.7.67, “mysql_ssl_set()”.
so if [client] has ssl-ca option, mysql_ssl_set() should be called?
-- juha