Bug#499432: libsasl2-modules-sql: SSL connection to mysql server fails
Roberto C. Sánchez
roberto at connexer.com
Fri Sep 19 21:40:19 EDT 2008
[ Please be sure to keep the Debian bug address in the CC ]
The below report was submitted as a bug against the Debian package of
cyrus-sasl2. I am not versed in MySQL at all, so I wonder if someone
else could have a look at it and provide an opinion on it or perhaps
a fix.
Regards,
-Roberto
On Thu, Sep 18, 2008 at 06:55:03PM +0200, Jochen Friedrich wrote:
> Package: libsasl2-modules-sql
> Version: 2.1.22.dfsg1-8
> Severity: normal
>
>
> When specifying "sql_usessl: 1" in the sasl configuration file, any
> authentication will fail with this error messages in auth.log:
>
> sql plugin trying to open db 'XXXX' on host 'a.b.c.d' using SSL
> sql plugin could not connect to host a.b.c.d
> sql plugin couldn't connect to any host
>
> The reason is a wrong usage of the mysql API in plugins/sql.c. This line
> sets the CLIENT_SSL flag in mysql_real_connect:
>
> return mysql_real_connect(mysql, host, user, password, database,
> port ? strtoul(port, NULL, 10) : 0, NULL,
> usessl ? CLIENT_SSL : 0);
>
> According to http://dev.mysql.com/doc/refman/5.0/en/mysql-real-connect.html,
> mysql_ssl_set() should be used instead.
>
> If I replace this line by:
>
> if (usessl)
> mysql_ssl_set(mysql, NULL, NULL, "<hardcoded path to my CA>", NULL, NULL);
>
> return mysql_real_connect(mysql, host, user, password, database,
> port ? strtoul(port, NULL, 10) : 0, NULL,
> 0);
>
> Then SSL connections work OK for me.
>
> So, the variable sql_usessl is completely unusable. It should probably
> replaced by
>
> sql_ssl_key
> sql_ssl_cert
> sql_ssl_ca
> sql_ssl_capath
> sql_ssl_cipher
>
> parameters.
>
> Thanks,
> Jochen
>
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20080919/4d17dfcf/attachment.bin
More information about the Cyrus-sasl
mailing list