OpenBSD Journal

MySQL-4 with *SSL* support compiles on 3.3 -current

Contributed by jose on from the encrypted-DB dept.

Jason Dixon writes: "Thanks to help from Markus Friedl, I've managed to get MySQL-4.0.13 compiled with SSL support built in. Everything works great, tested successfully on a -current snapshot (5/25/03).

And a quick teaser...

-bash-2.05b# mysql -p mysql -e 'describe user'
Enter password:
ssl_type        enum('','ANY','X509','SPECIFIED')
ssl_cipher      blob
x509_issuer     blob
x509_subject    blob
Hey, this is pretty neat!

Jason also passes along these notes on building it: "It's a hybrid between the flags found in the current 3.x port, and the new features from 4.x:

CC=gcc CFLAGS="-felide-constructors -fno-exceptions -fno-rtti"
--enable-static --localstatedir=/var/mysql --with-libwrap=/usr 
--with-pthread --with-raid --with-mysqld-user=mysql 
--with-unix-socket-path=/var/run/mysql/mysql.sock --without-bench 
--without-debug --without-docs --without-readline --with-vio
" Thanks a lot, Jason, I didn't know you could do this.

(Comments are closed)

  1. By Lukasz Zielinski () on

    Well, btw, does 4.x work stable on OpenBSD (-current)?

    1. By Jedi/Sector One () on

      It works very well. I'm using it for 3 weeks on a loaded server with no trouble so far.

      The query cache brings substantial performance improvements, and the boolean fulltext search is something I can't live without.

    2. By Markus Ullmann () on

      No, on OpenBSD 4.0 is quite unstable if you have >40 queries / minute

  2. By Anonymous Coward () on

    Why does MySQL require SSL support? I don't understand how this works, so I can't see why it's such a big deal.

    1. By Jason Dixon () on

      It doesn't *require* it, but it's nice to have when your database isn't running on the same server as your webserver. Else, everything you send between the two hosts is plain-text and easily sniffed. SSL will encrypt your data (including user/password info) so it stays private.

      Mind you, ssh tunnels are a nice way to do it also. Unfortunately, I was looking for a way to include the encryption in my back-end code, rather than having to monitor another ssh process.


  3. By Jason Dixon () on

    I've been working with one of their developers to develop their own patch, and they've finally accepted it for merging...

    "Thank you for your patch.

    It is already applied in our source tree and should come up in some of the next 4.0 and higher versions."


    1. By Jon () on

      Fantastic. Now my Win32 MySQL client craps out, because apparently ssl_cipher won't accept nulls and ahs no default value.

Latest Articles


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]