If this is any help, sogo use the mysql library and this method to set the ssl: https://dev.mysql.com/doc/c-api/5.7/en/mysql-ssl-set.html
mysql_ssl_set(MYSQL *mysql, const char *key, -> MySQL4SSLKeyPath const char *cert, -> MySQL4SSLCertPath const char *ca, -> MySQL4SSLCaPath const char *capath, -> Null const char *cipher) -> Null Quentin -----Original Message----- From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of Thomas Gebert Sent: vendredi 7 février 2025 15:58 To: users@sogo.nu Subject: Re: [SOGo] SOGo doesn't use TLS with mariadb Hello, thanks for the fast replay. These two files would be the certificate of the sogo machine. But I haven't configured client certificates for mariadb. But I will try it ... Greetings Thomas On 2/7/25 15:53, qhivert (qhiv...@alinto.eu) wrote: > Hello, > Have you tried by adding those too? > > MySQL4SSLKeyPath = "/etc/certs/default_key.key"; MySQL4SSLCertPath = > "/etc/certs/default_cert.crt"; > > Quentin > > -----Original Message----- > From: users-requ...@sogo.nu <users-requ...@sogo.nu> On Behalf Of > Thomas Gebert > Sent: vendredi 7 février 2025 15:43 > To: users@sogo.nu > Subject: [SOGo] SOGo doesn't use TLS with mariadb > > Hello, > > If have setup a mariadb server tgt-db01.cluster.lxc (10.0.3.45) with > > ========================================= > [mariadb] > bind-address=* > port = 3306 > > max_allowed_packet = 32M > max_connections = 800 > > log-bin # enable binary logging > > ## SSL settings > ssl_cert = /etc/certs/default_cert.crt ssl_key = > /etc/certs/default_key.key ssl_ca = /etc/certs/ca_chain.crt > require_secure_transport=ON > > [client-mariadb] > ssl_ca = /etc/certs/ca_chain.crt > ssl-verify-server-cert = TRUE > ========================================= > > SOGo ist configured : > > /* Database */ > SOGoProfileURL = > "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_user_profile"; > OCSFolderInfoURL = > "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_folder_info"; > OCSSessionsFolderURL = > "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_sessions_folder"; > OCSEMailAlarmsFolderURL = > "mysql://sogo:c179eF5r43Bl=F84h1sie_F1i0tra1@10.0.3.45:3306/sogo/sogo_ > alarms_folder"; > > MySQL4SSLEnabled = YES; > MySQL4SSLCaPath = "/etc/certs/ca_chain.crt"; > > But when I test the connection with tcpdump I can only see a plain login > connection. > > Can anybody see what is wrong? > > I double checked the (selfsigned) certificates ... > > When I change the setting require_secure_transport for mariadb to OFF and > restart the instance sogo can connect. > > To make it clear, I want to set up TLS for the serverside but until now I > don't want a client certificate. > > I don't understand why it doesn't work. > > Greetings > > Thomas > > -- > Heinlein Consulting GmbH > Schwedter Str. 8/9b, 10119 Berlin > > https://www.heinlein-support.de > > Tel: 030 / 40 50 51 - 0 > Fax: 030 / 40 50 51 - 19 > > Amtsgericht Berlin-Charlottenburg - HRB 220009 B > Geschäftsführer: Peer Heinlein - Sitz: Berlin > -- Heinlein Consulting GmbH Schwedter Str. 8/9b, 10119 Berlin https://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19 Amtsgericht Berlin-Charlottenburg - HRB 220009 B Geschäftsführer: Peer Heinlein - Sitz: Berlin