#822 ✓resolved
Carl Porth

SSL support for MySQL

Reported by Carl Porth | March 25th, 2009 @ 09:09 PM | in 0.10.0

Here is a first pass at SSL support for MySQL.

To use SSL you simply pass ssl=true as a query parameter to the connection. You can also specify a cipher to use with ssl_cipher=thecipher.

Specific to MySQL, you can also pass ssl_ca=ca_cert_file, ssl_key=client_key_file, ssl_cert=client_cert_file, and ssl_capath=ca_path_dir

As per discussion with dbussink on IRC I have made my changes on the next branch and have made my examples shared (without mocking) so other connections can use it.

I also generated some SSL certificates and some helpers to use them. When you run the do_mysql tests, if you do not have the test db configured with SSL, it will (rather noisily) tell you how to configure it with the correct certificates.

I would really appreciate some feedback so we can make this as clean and as db agnostic as possible.

Some things that could be changed are:

  1. It's not really necessary to use #ifdef HAVE_MYSQL_SSL_SET because mysql_ssl_set is a noop when compiled without ssl.

  2. Currently, the SSL cipher is checked upon connecting to make sure the connection is secure. The specs could create a user with REQUIRE SSL in the test environment if developers didn't mind the test environment creating users.

  3. The shared examples use pending_if to check if the testing environment supports SSL. When SSL isn't available in the testing environment, a very long and noisy message is displayed letting you know how to set it up. Is there a best practice for making this cleaner?

You can check it out on http://github.com/badcarl/do/tre... I'd be happy to post a patch if that makes things easier.

I have tested this patch on both 5.0.77 and 5.1.32

Thanks to dbussink, dkubb and bitsweat for their help in IRC


Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »