On Dec 19, 2008, at 8:05 PM, Edward Diener wrote:
> a well known cipher which I will call 'MYCIPHER' ( to protect the
> name of the actual cipher being used
I see maybe four TLS cipher suites in OpenSSL that I'd trust for
this. So, you're protecting the value of 2 or 3 bits of the overall
key. This is what we call security through obscurity. :) Your real
security had better be elsewhere.
> mysqlpp::Option * opt(new
> mysqlpp::SslOption("ck.pem","cc.pem","ca.pem","c:/
> mycertificates","MYCIPHER")); // Line 4
> conn -> set_option(opt); // Line 5
There's no need to store the pointer to the option object separately.
Once you create the object and pass it to set_option(), your code has
no more responsibility for it. You wouldn't want to be tempted to
delete it later, as that would cause a double-delete. Call
set_option() like so to make this clear:
conn->set_option(new mysqlpp::SslOption(...));
> Does anyone see anything wrong with my use of SslOption, or in my
> code otherwise ?
No, but as you should have gathered from your lack of responses, few
are apparently using this feature of MySQL, and so even fewer are
using it with MySQL++. You're not exactly pioneering here, but you
are out on the frontier, following poorly-marked trails.
> Does anyone know of any way I can determine why the SSL connection
> is failing ?
Step back and try something else. I'd try the instructions here:
http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html
...including the steps at the end where they test the encryption using
the mysql(1) command line program. I'd do this both on your Windows
box, and on a Linux box, just to eliminate the possibility that there
are other platform differences at work here. I'd also try bouncing
the connection off of both Windows and Linux based MySQL servers.
If you don't have a Linux box, it's easy enough to set one up in a VM
on your development work station. If you aren't using virtualization
yet, I'd recommend getting VMWare Server, which is now free. Install
a copy of Ubuntu Server 8.04 LTS into it; one of the options during
setup will be to install MySQL, including setting the root password.
No other Linux I've used makes setting up MySQL this easy.
Having done all that, you'll have a matrix of things that work with
mysql(1) and things that don't. You can't expect your MySQL++ program
to do more, since the scope of functionality is limited by the common
element, the MySQL C API library.
When/if you get this working, I'd appreciate a writeup sent to the
list, which I can turn into a chapter for the user manual. Nothing
fancy, just the facts, man. :)
