Hi, > Huge regards for your efforts. I am wee bit taking more time as I am also > looking out for other options like using some SSL-supportive > intermediaries; hehe, you wanted a solution for the future, and I contacted already the author; he will add this extension to the module once we have verified that it works fine... but he is in same situation as I, and doesnt have a SSL-enabled mysql server yet, so will now see that I get mysql compiled on a test box so that I can self test.
> I used the updated source and now the error has become SSL connection > specific. well, that sounds good....., one step closer... > I am still using the same box to for mysql server and my accessing code. > Moreover I am using my box's IP in conf->db_host. > conf->db_host = "192.168.x.x"; > Will not this allow a TCPIP connection? yes, from the code I guess so - at least the SSL part seems invoked for you - otherwise MySQL couldnt return the SSL error. > What would you suggest, should I really have to access mysql from some > other host? as long as you use the host's IP I think you force to use TCPIP. > The updates contain 5 new directives for SSL and ciphers. How these new > directives can be set in httpd.conf like other AuthMySql* directives ? yes, see INSTALL. The three cert directives are mandatory if you want to use SSL, cipher is optional and can be left unset (at least I think so from what I've read in the client docs). As it currently is you can set every directive anywhere - however I believe that in reality this cant work from the code, at least not when keepalive is on because then the mysql_handle is re-used; but what if the connection data is set per directory from .htaccess..? I think the connection data should be set at common server-level only....; however at the moment this doesnt affect if it works or not as long as you use only one setting for one directory to secure. >> and then I found a bug report related to this option: >> http://bugs.mysql.com/bug.php?id=24121 > I suppose this fixing at my end would need me to recompile my mysql. AM I > RIGHT HERE? yes, but I think this is not so important; it should work also without the mysql_options() call; only latest mysql 5.0.x and 5.1.x have the MYSQL_OPT_SSL_VERIFY_SERVER_CERT option in the headers - but all mysql versions from 4.0.x and up have mysql_ssl_set(), so it should really be possible to establish a SSL connection without that; probably even that setting now is the problem?? Take a look at the code - there I've blocked this part already so that it gets only compiled with latest mysql headers; just surround it with '#if 0 / #endif' to block it completely, re-compile and test again... Guenter.
