List:MySQL++« Previous MessageNext Message »
From:Warren Young Date:December 20 2008 10:25pm
Subject:Re: SSL connection error
View as plain text  
On Dec 19, 2008, at 8:05 PM, Edward Diener wrote:

> a well known cipher which I will call 'MYCIPHER' ( to protect the  
> name of the actual cipher being used

I see maybe four TLS cipher suites in OpenSSL that I'd trust for  
this.  So, you're protecting the value of 2 or 3 bits of the overall  
key.  This is what we call security through obscurity. :)  Your real  
security had better be elsewhere.

> mysqlpp::Option * opt(new  
> mysqlpp::SslOption("ck.pem","cc.pem","ca.pem","c:/ 
> mycertificates","MYCIPHER")); // Line 4
> conn -> set_option(opt); // Line 5

There's no need to store the pointer to the option object separately.   
Once you create the object and pass it to set_option(), your code has  
no more responsibility for it.  You wouldn't want to be tempted to  
delete it later, as that would cause a double-delete.  Call  
set_option() like so to make this clear:

	conn->set_option(new mysqlpp::SslOption(...));

> Does anyone see anything wrong with my use of SslOption, or in my  
> code otherwise ?

No, but as you should have gathered from your lack of responses, few  
are apparently using this feature of MySQL, and so even fewer are  
using it with MySQL++.  You're not exactly pioneering here, but you  
are out on the frontier, following poorly-marked trails.

> Does anyone know of any way I can determine why the SSL connection  
> is failing ?

Step back and try something else.  I'd try the instructions here:

	http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html

...including the steps at the end where they test the encryption using  
the mysql(1) command line program.   I'd do this both on your Windows  
box, and on a Linux box, just to eliminate the possibility that there  
are other platform differences at work here.  I'd also try bouncing  
the connection off of both Windows and Linux based MySQL servers.

If you don't have a Linux box, it's easy enough to set one up in a VM  
on your development work station.  If you aren't using virtualization  
yet, I'd recommend getting VMWare Server, which is now free.  Install  
a copy of Ubuntu Server 8.04 LTS into it; one of the options during  
setup will be to install MySQL, including setting the root password.   
No other Linux I've used makes setting up MySQL this easy.

Having done all that, you'll have a matrix of things that work with  
mysql(1) and things that don't.  You can't expect your MySQL++ program  
to do more, since the scope of functionality is limited by the common  
element, the MySQL C API library.

When/if you get this working, I'd appreciate a writeup sent to the  
list, which I can turn into a chapter for the user manual.  Nothing  
fancy, just the facts, man. :)
Thread
SSL connection errorEdward Diener20 Dec
  • Re: SSL connection errorWarren Young20 Dec
    • Re: SSL connection errorEdward Diener21 Dec
      • Re: SSL connection errorWarren Young21 Dec
    • Re: SSL connection errorEdward Diener21 Dec