Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
bf10717a
Commit
bf10717a
authored
Sep 01, 2001
by
unknown
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OpenSSL fixes
SSL/NOTES: Comments added
parent
3e899543
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
27 additions
and
13 deletions
+27
-13
SSL/NOTES
SSL/NOTES
+21
-6
mysql-test/include/have_openssl.inc
mysql-test/include/have_openssl.inc
+2
-2
mysql-test/t/openssl_2.test
mysql-test/t/openssl_2.test
+1
-2
sql/mysqld.cc
sql/mysqld.cc
+3
-3
No files found.
SSL/NOTES
View file @
bf10717a
Quick notes:
--------------------------------------------
[tonu@x153 mysql-4.0]$ cat /etc/my.cnf
[mysqld]
ssl-ca=SSL/cacert.pem
ssl-cert=SSL/server-cert.pem
ssl-key=SSL/server-key.pem
[mysql]
ssl-ca=SSL/cacert.pem
ssl-cert=SSL/client-cert.pem
ssl-key=SSL/client-key.pem
[mysqldump]
ssl-ca=SSL/cacert.pem
ssl-cert=SSL/client-cert.pem
ssl-key=SSL/client-key.pem
[tonu@x153 mysql-4.0]$
--------------------------------------------
To remove passwords from keyfiles:
[tonu@x153 SSL]$ openssl rsa -inform pem < server-req.pem > server-key.pem
read RSA key
Enter PEM pass phrase:
...
...
@@ -12,12 +28,10 @@ writing RSA key
To run server:
sql/mysqld --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --skip-grant --debug='d:t:O,-' > /tmp/mysqld.trace
--------------------------------------------
To run client:
client/mysql --ssl-ca=SSL/cacert.pem --ssl-cert=SSL/server-cert.pem --ssl-key=SSL/server-key.pem --debug='d:t:O,/tmp/client.trace' -h 127.0.0.1
--------------------------------------------
openssl s_client -host 127.0.0.1 -port 1111 -debug -verify 1 -cert ../SSL/client-cert.pem -key ../SSL/client-key.pem -CAfile ../SSL/cacert.pem -pause -showcerts -state
...
...
@@ -27,8 +41,9 @@ openssl s_server -port 1111 -cert ../SSL/server-cert.pem -key ../SSL/server-key.
--------------------------------------------
CA stuff:
[tonu@x153 bin]$ pwd
/usr/local/ssl/bin
...
...
mysql-test/include/have_openssl.inc
View file @
bf10717a
--
require
r
/
have_ssl
.
require
show
variables
like
"have_ssl"
;
--
require
r
/
have_
open
ssl
.
require
show
variables
like
"have_
open
ssl"
;
mysql-test/t/openssl_2.test
View file @
bf10717a
--
source
include
/
have_openssl
.
inc
# We want to test everything with SSL turned on.
--
source
include
/
have_openssl
.
inc
SHOW
STATUS
LIKE
'SSL%'
;
sql/mysqld.cc
View file @
bf10717a
...
...
@@ -202,9 +202,9 @@ SHOW_COMP_OPTION have_raid=SHOW_OPTION_YES;
SHOW_COMP_OPTION
have_raid
=
SHOW_OPTION_NO
;
#endif
#ifdef HAVE_OPENSSL
SHOW_COMP_OPTION
have_ssl
=
SHOW_OPTION_YES
;
SHOW_COMP_OPTION
have_
open
ssl
=
SHOW_OPTION_YES
;
#else
SHOW_COMP_OPTION
have_ssl
=
SHOW_OPTION_NO
;
SHOW_COMP_OPTION
have_
open
ssl
=
SHOW_OPTION_NO
;
#endif
SHOW_COMP_OPTION
have_symlink
=
SHOW_OPTION_YES
;
...
...
@@ -2894,7 +2894,7 @@ struct show_var_st init_vars[]= {
{
"have_isam"
,
(
char
*
)
&
have_isam
,
SHOW_HAVE
},
{
"have_raid"
,
(
char
*
)
&
have_raid
,
SHOW_HAVE
},
{
"have_symlink"
,
(
char
*
)
&
have_symlink
,
SHOW_HAVE
},
{
"have_
ssl"
,
(
char
*
)
&
have_
ssl
,
SHOW_HAVE
},
{
"have_
openssl"
,
(
char
*
)
&
have_open
ssl
,
SHOW_HAVE
},
{
"init_file"
,
(
char
*
)
&
opt_init_file
,
SHOW_CHAR_PTR
},
#ifdef HAVE_INNOBASE_DB
{
"innodb_data_file_path"
,
(
char
*
)
&
innobase_data_file_path
,
SHOW_CHAR_PTR
},
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment