Hi!
I looked into the code of mysql driver and QSqlDatabase to make sure that mysql_real_connect() is executed only in the driver->open() function and not before.
So, I used this code to connect to the DB:
if (v.isValid() && qstrcmp(v.typeName(), "MYSQL*")==0)
{
MYSQL *handle = static_cast<MYSQL *>(v.data());
if (handle != NULL)
{
mysql_ssl_set(handle, "client-key.pem",
"client-cert.pem", "ca-cert.pem",
NULL, "DHE-RSA-AES256-SHA");
}
}
db.setHostName(settings.value("database/host").toString());
db.setDatabaseName(settings.value("database/databaseName").toString());
db.setUserName(settings.value("database/userName").toString());
db.setPassword(crypto.decryptToString(settings.value("database/password").toString()));
db.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
db.open();
QSqlDatabase db = QSqlDatabase::addDatabase("QMYSQL");
QVariant v = db.driver()->handle();
if (v.isValid() && qstrcmp(v.typeName(), "MYSQL*")==0)
{
MYSQL *handle = static_cast<MYSQL *>(v.data());
if (handle != NULL)
{
mysql_ssl_set(handle, "client-key.pem",
"client-cert.pem", "ca-cert.pem",
NULL, "DHE-RSA-AES256-SHA");
}
}
db.setHostName(settings.value("database/host").toString());
db.setDatabaseName(settings.value("database/databaseName").toString());
db.setUserName(settings.value("database/userName").toString());
db.setPassword(crypto.decryptToString(settings.value("database/password").toString()));
db.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
db.open();
To copy to clipboard, switch view to plain text mode
Well, it works somehow. First, I had problems with certs on the side of the server (at first, apparmor blocked the access to the cert files, then this problem occured. So, the last time I generated the new certs by tinyca, exported it to zip (key+cert), then removed the pass from the key, and only then it finally works.
The user is set up with REQUIRE SSL option, for some reason the server doesn't accept the user when REQUIRE X509 is selected. The strange thing - it connects even when i change all the parameters to NULL. If I call "mysql --ssl -u test -h 192.168.1.8 -p" it does not authorize.
Server runs on Ubuntu Server 11.10, client - on Mint 12, Qt version 4.7.4, MySQL - 5.1.58-1ubuntu1, OpenSSL 1.0.0e.
Bookmarks