Loading SSL/NOTES +21 −6 Original line number Diff line number Diff line Quick notes: -------------------------------------------- [tonu@x153 mysql-4.0]$ cat /etc/my.cnf [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem [mysql] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [mysqldump] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [tonu@x153 mysql-4.0]$ -------------------------------------------- To remove passwords from keyfiles: [tonu@x153 SSL]$ openssl rsa -inform pem < server-req.pem > server-key.pem read RSA key Enter PEM pass phrase: Loading @@ -12,12 +28,10 @@ writing RSA key To run server: sql/mysqld --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,-' > /tmp/mysqld.trace -------------------------------------------- To run client: client/mysql --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 -------------------------------------------- openssl s_client -host 127.0.0.1 -port 1111 -debug -verify 1 -cert ../SSL/client-cert.pem -key ../SSL/client-key.pem -CAfile ../SSL/cacert.pem -pause -showcerts -state Loading @@ -27,8 +41,9 @@ openssl s_server -port 1111 -cert ../SSL/server-cert.pem -key ../SSL/server-key. -------------------------------------------- CA stuff: [tonu@x153 bin]$ pwd /usr/local/ssl/bin Loading mysql-test/include/have_openssl.inc +2 −2 Original line number Diff line number Diff line -- require r/have_ssl.require show variables like "have_ssl"; -- require r/have_openssl.require show variables like "have_openssl"; mysql-test/t/openssl_2.test +1 −2 Original line number Diff line number Diff line -- source include/have_openssl.inc # We want to test everything with SSL turned on. -- source include/have_openssl.inc SHOW STATUS LIKE 'SSL%'; sql/mysqld.cc +3 −3 Original line number Diff line number Diff line Loading @@ -202,9 +202,9 @@ SHOW_COMP_OPTION have_raid=SHOW_OPTION_YES; SHOW_COMP_OPTION have_raid=SHOW_OPTION_NO; #endif #ifdef HAVE_OPENSSL SHOW_COMP_OPTION have_ssl=SHOW_OPTION_YES; SHOW_COMP_OPTION have_openssl=SHOW_OPTION_YES; #else SHOW_COMP_OPTION have_ssl=SHOW_OPTION_NO; SHOW_COMP_OPTION have_openssl=SHOW_OPTION_NO; #endif SHOW_COMP_OPTION have_symlink=SHOW_OPTION_YES; Loading Loading @@ -2894,7 +2894,7 @@ struct show_var_st init_vars[]= { {"have_isam", (char*) &have_isam, SHOW_HAVE}, {"have_raid", (char*) &have_raid, SHOW_HAVE}, {"have_symlink", (char*) &have_symlink, SHOW_HAVE}, {"have_ssl", (char*) &have_ssl, SHOW_HAVE}, {"have_openssl", (char*) &have_openssl, SHOW_HAVE}, {"init_file", (char*) &opt_init_file, SHOW_CHAR_PTR}, #ifdef HAVE_INNOBASE_DB {"innodb_data_file_path", (char*) &innobase_data_file_path, SHOW_CHAR_PTR}, Loading Loading
SSL/NOTES +21 −6 Original line number Diff line number Diff line Quick notes: -------------------------------------------- [tonu@x153 mysql-4.0]$ cat /etc/my.cnf [mysqld] ssl-ca=SSL/cacert.pem ssl-cert=SSL/server-cert.pem ssl-key=SSL/server-key.pem [mysql] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [mysqldump] ssl-ca=SSL/cacert.pem ssl-cert=SSL/client-cert.pem ssl-key=SSL/client-key.pem [tonu@x153 mysql-4.0]$ -------------------------------------------- To remove passwords from keyfiles: [tonu@x153 SSL]$ openssl rsa -inform pem < server-req.pem > server-key.pem read RSA key Enter PEM pass phrase: Loading @@ -12,12 +28,10 @@ writing RSA key To run server: sql/mysqld --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,-' > /tmp/mysqld.trace -------------------------------------------- To run client: client/mysql --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1 -------------------------------------------- openssl s_client -host 127.0.0.1 -port 1111 -debug -verify 1 -cert ../SSL/client-cert.pem -key ../SSL/client-key.pem -CAfile ../SSL/cacert.pem -pause -showcerts -state Loading @@ -27,8 +41,9 @@ openssl s_server -port 1111 -cert ../SSL/server-cert.pem -key ../SSL/server-key. -------------------------------------------- CA stuff: [tonu@x153 bin]$ pwd /usr/local/ssl/bin Loading
mysql-test/include/have_openssl.inc +2 −2 Original line number Diff line number Diff line -- require r/have_ssl.require show variables like "have_ssl"; -- require r/have_openssl.require show variables like "have_openssl";
mysql-test/t/openssl_2.test +1 −2 Original line number Diff line number Diff line -- source include/have_openssl.inc # We want to test everything with SSL turned on. -- source include/have_openssl.inc SHOW STATUS LIKE 'SSL%';
sql/mysqld.cc +3 −3 Original line number Diff line number Diff line Loading @@ -202,9 +202,9 @@ SHOW_COMP_OPTION have_raid=SHOW_OPTION_YES; SHOW_COMP_OPTION have_raid=SHOW_OPTION_NO; #endif #ifdef HAVE_OPENSSL SHOW_COMP_OPTION have_ssl=SHOW_OPTION_YES; SHOW_COMP_OPTION have_openssl=SHOW_OPTION_YES; #else SHOW_COMP_OPTION have_ssl=SHOW_OPTION_NO; SHOW_COMP_OPTION have_openssl=SHOW_OPTION_NO; #endif SHOW_COMP_OPTION have_symlink=SHOW_OPTION_YES; Loading Loading @@ -2894,7 +2894,7 @@ struct show_var_st init_vars[]= { {"have_isam", (char*) &have_isam, SHOW_HAVE}, {"have_raid", (char*) &have_raid, SHOW_HAVE}, {"have_symlink", (char*) &have_symlink, SHOW_HAVE}, {"have_ssl", (char*) &have_ssl, SHOW_HAVE}, {"have_openssl", (char*) &have_openssl, SHOW_HAVE}, {"init_file", (char*) &opt_init_file, SHOW_CHAR_PTR}, #ifdef HAVE_INNOBASE_DB {"innodb_data_file_path", (char*) &innobase_data_file_path, SHOW_CHAR_PTR}, Loading
