[rt-users] Implementing SSL MySQL Backend

Guy Dickinson guy.dickinson at nyu.edu
Fri Nov 28 13:47:38 EST 2008


Jesse Vincent wrote:

>> I took inspiration for the implementation from a rt-users mailing list
>> post by Mike Friedman
>> (http://lists.bestpractical.com/pipermail/rt-users/2007-April/045347.html).
>>  In patch syntax, the precise change I made to RT::Handle was
> 
> 
> So, isn't there an environment variable one can set to have DBD::mysql
> pick this up?

To my knowledge, there are two ways to get DBD::mysql to issue the
appropriate C calls to initiate an SSL-encrypted connection:

1) Define the relevant parameters in the DSN, a la:

my $dsn =
"DBI:mysql:database=$database;host=$hostname;port=$port;mysql_ssl_ca_file
=/etc/mysqlcerts/ca.pem";

my $dbh = DBI->connect($dsn, $user, $password);

and so on...

2) Define the SSL CA file in the [client] portion of /etc/my.cnf and
then explicitly tell DBI::mysql to read the config file. From the
DBD::mysql documentation
(http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm):

***

By default MySQL's C client library doesn't use any config files unlike
the client programs (mysql, mysqladmin, ...) that do, but outside of the
C client library. Thus you need to explicitly request reading a config
file, as in

    $dsn = "DBI:mysql:test;mysql_read_default_file=/home/joe/my.cnf";
    $dbh = DBI->connect($dsn, $user, $password)

***


Cheers,
Guy



More information about the rt-users mailing list