{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《MySQL connection using ODBC (5.1) with SSL》','https://www.manongdao.com/q-576346.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We've got a client application that connects to our online MySQL database (5.1.44-community-log) thru a ODBC connector (the server is a managed* dedicated webserver). This works very nice. However I can't get it to work using SSL. This is what I've done so far:
1. MySQL server
I've got the server manager* set up MySQL with SSL, this is 'proven by':
mysql> SHOW VARIABLES LIKE '%ssl%';
which results is this response:
+---------------+---------------------------------+
| Variable_name | Value |
+---------------+---------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /***/mysql-cert/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /***/mysql-cert/server-cert.pem |
| ssl_cipher | |
| ssl_key | /***/mysql-cert/server-key.pem |
+---------------+---------------------------------+
Question: is the server configured right? I'm guessing it is...
2. Certificates
I've purchased real certificates (via my server manager). These are in the directory shown above. I've also downloaded the client-cert.pem, client-key.pem and ca-cert.pem from that directory.
3. MySQL user with REQUIRE [SSL|X509]
I've created a new user and then granted it access from any location (for testing) with SSL:
GRANT USAGE ON *.* TO 'somevaliduser'@'%' IDENTIFIED BY PASSWORD 'somevalidpass' REQUIRE X509
4. ODBC Client
I've (just downloaded and) installed : mysql-connector-odbc-5.1.8-winx64.msi (64-bit) as my machine is a 64-bit Windows 7 machine (so that's not what's wrong).
And I've created a User DSN configuring it like this (no options set on tabs), which shows it connecting to the server (however not using - nor requesting to do so - SSL) successfully (using some valid user which doesn't requires SSL):
So the connection is able to establish, now try using SSL.
This is configured like this, which is like I've read about on MySQL.com. So I'm not 100% sure the options set are right.
As you can see it results in a error HY000. Turning on tracing (within the ODBC configuration) also shows this error.
Can anyone give me a hint on how to make this work? Even if you know about just a part of the solution?
I solved the problem. Because I tried several things at a time I don't know what did the trick:
Please note:
I am using Ubuntu 12.04 LTS with MySQL Ver 5.5.22-0ubuntu1 for debian-linux-gnu on x86_64 ((Ubuntu)) and OpenSSL OpenSSL 1.0.1 14 Mar 2012
I created the certificates following the tutorial on http://www.thomas-krenn.com/de/wiki/MySQL_Verbindungen_mit_SSL_verschl%C3%BCsseln (The tutorial is in German, but this is not important here).
When trying to connect with
I always got an error message SSL connection error: protocol version mismatch
This lead me to the site http://bugs.mysql.com/bug.php?id=64870 which confirms (for me) that there is a bug.
To make a long story short. In the end I created all certificates using my MacOS X Lion, copied the certificates to the server and client and it worked immediately!
When I got the Linux side working, Windows worked immediatly, too! As mentioned above, you just have to set client-key, client-cert and ca-cert!