sunanda menon wrote: > > Please review the changes made to the MySQL-OpenSSL ARC writeup.
> MySQL source provides the Certificate Authority(CA) > certificate, the server public key and the server private key > to start the MySQL server so that it allows the clients to > connect via SSL. Not clear to me what you mean by "MySQL source provides ..."? It sounds as if the CA cert and server keys are embedded in the source? That can't be it though. But then what does the above paragraph mean? > * --ssl-ca identifies the Certificate Authority (CA) > certificate. > * --ssl-cert identifies the server public key. This can be > sent to the client and authenticated against the CA > certificate that it has. > * --ssl-key identifies the server private key. These are options to the /usr/bin/mysql CLI but the doc doesn't say that. That's confusing to a reader who may not know that beforehand, so call it out in the doc. Below in s.4.3 the doc should also say that these options already exist and are being listed for information only, they're not being added by this case. Otherwise it can be confusing, since this section may be interpreted to be adding new options in which case the text in s.4.3 may be seen as conflicting. > MySQL source code also provides the client key(client-key.pem) > and certificate files(client-cert.pem) or the server will > reject any SSL connection initiated. Same questions here. > 4.3. Interfaces: > > we do NOT add any new command line option. (see above) -- Jyri J. Virkki - jyri.virkki at sun.com - Sun Microsystems
