From: Warren Young Date: December 20 2008 10:25pm Subject: Re: SSL connection error List-Archive: http://lists.mysql.com/plusplus/8293 Message-Id: MIME-Version: 1.0 (Apple Message framework v930.3) Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Dec 19, 2008, at 8:05 PM, Edward Diener wrote: > a well known cipher which I will call 'MYCIPHER' ( to protect the > name of the actual cipher being used I see maybe four TLS cipher suites in OpenSSL that I'd trust for this. So, you're protecting the value of 2 or 3 bits of the overall key. This is what we call security through obscurity. :) Your real security had better be elsewhere. > mysqlpp::Option * opt(new > mysqlpp::SslOption("ck.pem","cc.pem","ca.pem","c:/ > mycertificates","MYCIPHER")); // Line 4 > conn -> set_option(opt); // Line 5 There's no need to store the pointer to the option object separately. Once you create the object and pass it to set_option(), your code has no more responsibility for it. You wouldn't want to be tempted to delete it later, as that would cause a double-delete. Call set_option() like so to make this clear: conn->set_option(new mysqlpp::SslOption(...)); > Does anyone see anything wrong with my use of SslOption, or in my > code otherwise ? No, but as you should have gathered from your lack of responses, few are apparently using this feature of MySQL, and so even fewer are using it with MySQL++. You're not exactly pioneering here, but you are out on the frontier, following poorly-marked trails. > Does anyone know of any way I can determine why the SSL connection > is failing ? Step back and try something else. I'd try the instructions here: http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html ...including the steps at the end where they test the encryption using the mysql(1) command line program. I'd do this both on your Windows box, and on a Linux box, just to eliminate the possibility that there are other platform differences at work here. I'd also try bouncing the connection off of both Windows and Linux based MySQL servers. If you don't have a Linux box, it's easy enough to set one up in a VM on your development work station. If you aren't using virtualization yet, I'd recommend getting VMWare Server, which is now free. Install a copy of Ubuntu Server 8.04 LTS into it; one of the options during setup will be to install MySQL, including setting the root password. No other Linux I've used makes setting up MySQL this easy. Having done all that, you'll have a matrix of things that work with mysql(1) and things that don't. You can't expect your MySQL++ program to do more, since the scope of functionality is limited by the common element, the MySQL C API library. When/if you get this working, I'd appreciate a writeup sent to the list, which I can turn into a chapter for the user manual. Nothing fancy, just the facts, man. :)