Does SSL really work in mysql 4.0.21?

Does SSL really work in mysql 4.0.21?

am 16.06.2006 09:06:09 von Dragonphoenix

bash-2.05b# ldd mysql
libcurses.so.1 => /usr/lib/libcurses.so.1
libmysqlclient.so.12 =>
/sandbox/mysql-4.0.21/lib/mysql/libmysqlclient.so.12
libz.so.1 => /usr/lib/libz.so.1
librt.so.1 => /usr/lib/librt.so.1
libcrypt_i.so.1 => /usr/lib/libcrypt_i.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libssl.so.0.9.8 => /sandbox/openssl/lib/libssl.so.0.9.8
libcrypto.so.0.9.8 =>
/sandbox/openssl/lib/libcrypto.so.0.9.8
libm.so.1 => /usr/lib/libm.so.1
libgcc_s.so.1 => /opt/gcc-3.0.4/lib//libgcc_s.so.1
libc.so.1 => /usr/lib/libc.so.1
libaio.so.1 => /usr/lib/libaio.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libmp.so.2 => /usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
bash-2.05b#

bash-2.05b# ldd ../libexec/mysqld
librt.so.1 => /usr/lib/librt.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libssl.so.0.9.8 => /sandbox/openssl/lib/libssl.so.0.9.8
libcrypto.so.0.9.8 =>
/sandbox/openssl/lib/libcrypto.so.0.9.8
libpthread.so.1 => /usr/lib/libpthread.so.1
libthread.so.1 => /usr/lib/libthread.so.1
libz.so.1 => /usr/lib/libz.so.1
libcrypt_i.so.1 => /usr/lib/libcrypt_i.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libm.so.1 => /usr/lib/libm.so.1
libgcc_s.so.1 => /opt/gcc-3.0.4/lib//libgcc_s.so.1
libc.so.1 => /usr/lib/libc.so.1
libaio.so.1 => /usr/lib/libaio.so.1
libmp.so.2 => /usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
bash-2.05b#


mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
+---------------+-------+
1 row in set (0.01 sec)

mysql>

[mysqld]
ssl-ca = /sandbox/mysql-4.0.21/ca-cert.pem
ssl-cert = /sandbox/mysql-4.0.21/server-cert.pem
ssl-key = /sandbox/mysql-4.0.21/server-key.pem

client is built with ssl as well.

using it as mysql --ssl-ca=cacert.pem --ssl-cert=client-cert.pem
--ssl-key=ssl-key.pem -u test -h trojanhorse

ran command

"GRANT ALL PRIVILEGES on *.* to test@'%' REQUIRE SSL;

flush privileges.





Only thing I get is error 1045 access denied, it doesn't indicate
what/where/why.

I can connect no problem if I remove the require SSL;

Anyone have any idea? The log doesn't say anything except denied. Very
informative.

I'm starting to think this is not suppose to work, everything is setup
just like all the docs.