| Subject: | Problem with connecting to MYSQL using CA certificate |
| Date: | Mon, 16 Jan 2017 13:51:23 +0000 |
| To: | "bug-DBD-mysql [...] rt.cpan.org" <bug-DBD-mysql [...] rt.cpan.org> |
| From: | Duje Drazin <duje.drazin [...] ericsson.com> |
I'm using perl 5.22.0 and DBD::mysql version 4.041 installed with -ssl option. I have successfully connected to remote mysql from linux shell using CA file:
mysql -h database_host -u username --password=password --ssl-ca=/path_to_CA_file/ca-cert.pem
Only CA file is used for connection to database, X509 CA cert and X509 CA key are not required.
I'm trying to connect using following command:
my $dbhost = "database_host";
my $dbuser = "username";
my $dbpw = "password";
my $cafile = "/path_to_CA_file/ca-cert.pem";
#my $key = undef;
#my $cert = undef;
my $dbname = "dbname";
my $dbtable = "dbtable";
my $dbh = DBI->connect("DBI:mysql:database=$dbname;host=$dbhost;mysql_ssl=1;mysql_ssl_ca_file=$cafile","$dbuser", "$dbpw",{'RaiseError' => 1})
or die "Error in connecting to database";
An I have SSL connection error 2016
-> DBI->connect(DBI:mysql:database=dbname;host=database_host;mysql_ssl=1;mysql_ssl_ca_file=/path_to_CA_file/ca-cert.pem, username, ****, HASH(0x7c9080))
-> DBI->install_driver(mysql) for linux perl=5.022000 pid=20099 ruid=83598 euid=83598
install_driver: DBD::mysql version 4.041 loaded from /app/vbuild/SLED11-x86_64/perl/5.22-addons-secure_mysql/x86_64-linux-thread-multi/DBD/mysql.pm
New 'DBI::dr' (for DBD::mysql::dr, parent='', id=undef)
dbih_setup_handle(DBI::dr=HASH(0x10c5738)=>DBI::dr=HASH(0x10bbe80), DBD::mysql::dr, 0, Null!)
dbih_make_com(Null!, 0, DBD::mysql::dr, 152, 0) thr#7c6010
dbih_setup_attrib(DBI::dr=HASH(0x10bbe80), Err, Null!) SCALAR(0xf9a938) (already defined)
dbih_setup_attrib(DBI::dr=HASH(0x10bbe80), State, Null!) SCALAR(0xadc370) (already defined)
dbih_setup_attrib(DBI::dr=HASH(0x10bbe80), Errstr, Null!) SCALAR(0xfab6c8) (already defined)
dbih_setup_attrib(DBI::dr=HASH(0x10bbe80), TraceLevel, Null!) 0 (already defined)
dbih_setup_attrib(DBI::dr=HASH(0x10bbe80), FetchHashKeyName, Null!) 'NAME' (already defined)
install_method DBI::db::mysql_fd
install_method DBI::db::mysql_async_result
install_method DBI::db::mysql_async_ready
install_method DBI::st::mysql_async_result
install_method DBI::st::mysql_async_ready
<- install_driver= DBI::dr=HASH(0x10c5738)
Show quoted text
>> connect DISPATCH (DBI::dr=HASH(0x10c5738) rc2/3 @5 g2 ima8001 pid#20099) at /app/vbuild/SLED11-x86_64/perl/5.22-addons-secure_mysql/x86_64-linux-thread-multi/DBI.pm line 684
!! The warn '0' was CLEARED by call to connect method
-> connect for DBD::mysql::dr (DBI::dr=HASH(0x10c5738)~0x10bbe80 'database=dbname;host=database_host;mysql_ssl=1;mysql_ssl_ca_file=/path_to_CA_file/ca-cert.pem' 'username' **** HASH(0xa63c98)) thr#7c6010
New 'DBI::db' (for DBD::mysql::db, parent=DBI::dr=HASH(0x10bbe80), id=HASH(0x10ce280))
dbih_setup_handle(DBI::db=HASH(0x10ce5e0)=>DBI::db=HASH(0x10ce370), DBD::mysql::db, adc628, HASH(0x10ce280))
dbih_make_com(DBI::dr=HASH(0x10bbe80), 1012500, DBD::mysql::db, 192, 10ce298) thr#7c6010
dbih_setup_attrib(DBI::db=HASH(0x10ce370), Err, DBI::dr=HASH(0x10bbe80)) SCALAR(0xadc850) (already defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), State, DBI::dr=HASH(0x10bbe80)) SCALAR(0xadc8b0) (already defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), Errstr, DBI::dr=HASH(0x10bbe80)) SCALAR(0xadc880) (already defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), TraceLevel, DBI::dr=HASH(0x10bbe80)) 0 (already defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), FetchHashKeyName, DBI::dr=HASH(0x10bbe80)) 'NAME' (already defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), HandleSetErr, DBI::dr=HASH(0x10bbe80)) undef (not defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), HandleError, DBI::dr=HASH(0x10bbe80)) undef (not defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), ReadOnly, DBI::dr=HASH(0x10bbe80)) undef (not defined)
dbih_setup_attrib(DBI::db=HASH(0x10ce370), Profile, DBI::dr=HASH(0x10bbe80)) undef (not defined)
imp_dbh->connect: dsn = database=dbname;host=database_host;mysql_ssl=1;mysql_ssl_ca_file=/path_to_CA_file/ca-cert.pem, uid = username, pwd = password
imp_dbh->my_login : dbname = dbname, uid = username, pwd = password,host = database_host, port = NULL
imp_dbh->mysql_dr_connect: host = |database_host|, port = 0, uid = username, pwd = password
imp_dbh->bind_type_guessing: 0
imp_dbh->use_server_side_prepare: 0
imp_dbh->disable_fallback_for_server_prepare: 0
imp_dbh->mysql_dr_connect: client_flags = 2050
imp_dbh->mysql_dr_connect: <- --> do_error
SSL connection error error 2026 recorded: SSL connection error
<-- do_error
I didn't find in DBD::mysql readme which flag are mandatory:
mysql_ssl
A true value turns on the CLIENT_SSL flag when connecting to the MySQL database:
mysql_ssl=1 --------> specified in command
This means that your communication with the server will be encrypted.
Please note that this can only work if you enabled SSL when compiling DBD::mysql; this is the default starting version 4.034. See DBD::mysql::INSTALL for more details.
If you turn mysql_ssl on, you might also wish to use the following flags:
mysql_ssl_client_key ----> not required for connection but I'm not sure is it mandatoray in perl
mysql_ssl_client_cert ----> not required for connection but I'm not sure is it mandatoray in perl
mysql_ssl_ca_file --------> specified in command
mysql_ssl_ca_path
mysql_ssl_cipher
These are used to specify the respective parameters of a call to mysql_ssl_set, if mysql_ssl is turned on.
Could you please help me in finding solution?