If this is any help, sogo use the mysql library and this method to set the ssl:
https://dev.mysql.com/doc/c-api/5.7/en/mysql-ssl-set.html

mysql_ssl_set(MYSQL *mysql,
              const char *key,       -> MySQL4SSLKeyPath
              const char *cert,      -> MySQL4SSLCertPath
              const char *ca,         -> MySQL4SSLCaPath
              const char *capath,  -> Null
              const char *cipher)   -> Null

Quentin

-----Original Message-----
From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of Thomas Gebert
Sent: vendredi 7 février 2025 15:58
To: users@sogo.nu
Subject: Re: [SOGo] SOGo doesn't use TLS with mariadb

Hello,

thanks for the fast replay.

These two files would be the certificate of the sogo machine.
But I haven't configured client certificates for mariadb.

But I will try it ...

Greetings

Thomas

On 2/7/25 15:53, qhivert (qhiv...@alinto.eu) wrote:
> Hello,
> Have you tried by adding those too?
>
> MySQL4SSLKeyPath = "/etc/certs/default_key.key"; MySQL4SSLCertPath = 
> "/etc/certs/default_cert.crt";
>
> Quentin
>
> -----Original Message-----
> From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of 
> Thomas Gebert
> Sent: vendredi 7 février 2025 15:43
> To: users@sogo.nu
> Subject: [SOGo] SOGo doesn't use TLS with mariadb
>
> Hello,
>
> If have setup a mariadb server tgt-db01.cluster.lxc (10.0.3.45) with
>
> =========================================
> [mariadb]
> bind-address=*
> port = 3306
>
> max_allowed_packet = 32M
> max_connections = 800
>
> log-bin                         # enable binary logging
>
> ## SSL settings
> ssl_cert = /etc/certs/default_cert.crt ssl_key = 
> /etc/certs/default_key.key ssl_ca = /etc/certs/ca_chain.crt 
> require_secure_transport=ON
>
> [client-mariadb]
> ssl_ca = /etc/certs/ca_chain.crt
> ssl-verify-server-cert = TRUE
> =========================================
>
> SOGo ist configured :
>
>     /* Database */
>     SOGoProfileURL =
> "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_user_profile";
>     OCSFolderInfoURL =
> "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_folder_info";
>     OCSSessionsFolderURL =
> "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_sessions_folder";
>     OCSEMailAlarmsFolderURL =
> "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_
> alarms_folder";
>
>     MySQL4SSLEnabled = YES;
>     MySQL4SSLCaPath = "/etc/certs/ca_chain.crt";
>
> But when I test the connection with tcpdump I can only see a plain login 
> connection.
>
> Can anybody see what is wrong?
>
> I double checked the (selfsigned) certificates ...
>
> When I change the setting require_secure_transport for mariadb to OFF and 
> restart the instance sogo can connect.
>
> To make it clear, I want to set up TLS for the serverside but until now I 
> don't want a client certificate.
>
> I don't understand why it doesn't work.
>
> Greetings
>
> Thomas
>
> --
> Heinlein Consulting GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>     
> https://www.heinlein-support.de
>    
> Tel: 030 / 40 50 51 - 0
> Fax: 030 / 40 50 51 - 19
>     
> Amtsgericht Berlin-Charlottenburg - HRB 220009 B
> Geschäftsführer: Peer Heinlein - Sitz: Berlin
>
--
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
   
https://www.heinlein-support.de
  
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
   
Amtsgericht Berlin-Charlottenburg - HRB 220009 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin

Reply via email to