How to set x509 on a QSqlDatabase Connection?

[wysota]

Can we see complete code of yours used for establishing the connection using mysql_ssl_set?

Ok, I have analyzed Qt's code regarding connecting to MySql. With current implementation you won't be able to call mysql_ssl_set between mysql_init and mysql_real_connect. You should probably report it as a bug. mysql_init() should be called earlier (probably as a result to QSqlDatabase::addDatabase()) so that one can manipulate the structure before opening the connection.

[m3rlin]

Wow beyond expectation, I like you will-never-give-up mentality! Of course I will post my code. Be it tomorrow - having guests now...
Thanks so much!

[wysota]

Before I forget... What I think you should do is that you should either subclass the MySql driver Qt has and reimplement the method for opening the database (which is a bit of work) or you should copy the source code for the plugin, rename the classes and modify the open() routine so that you have the ability to call mysql_ssl_set between mysql_init and mysql_real_connect. Then you can build the new plugin --- either as a plugin (and then deploy it in the proper directory) or as part of your application (and then call QSqlDatabase::registerSqlDriver() to register it). Of course these are only workarounds, the real solution is to modify Qt's MySql driver directly.

[m3rlin]

I have dug deeper into plugins and "all" there is to do to make it work... seems to me like a nice project for Nokia, or for me in a somewhat quite week. You are right, QSqlDriver should be programmed for more flexibility. Is Nokia reading this?
Thanks for all the help.

[aleyer]

Hi!
I looked into the code of mysql driver and QSqlDatabase to make sure that mysql_real_connect() is executed only in the driver->open() function and not before.
So, I used this code to connect to the DB:

Qt Code:

Switch view

QSqlDatabase db = QSqlDatabase::addDatabase("QMYSQL");
    QVariant v = db.driver()->handle();
    if (v.isValid() && qstrcmp(v.typeName(), "MYSQL*")==0)
    {
        MYSQL *handle = static_cast<MYSQL *>(v.data());
        if (handle != NULL)
        {
            mysql_ssl_set(handle, "client-key.pem",
                          "client-cert.pem", "ca-cert.pem",
                          NULL, "DHE-RSA-AES256-SHA");
        }
    }
 
    db.setHostName(settings.value("database/host").toString());
    db.setDatabaseName(settings.value("database/databaseName").toString());
    db.setUserName(settings.value("database/userName").toString());
    db.setPassword(crypto.decryptToString(settings.value("database/password").toString()));
    db.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
    db.open();

QSqlDatabase db = QSqlDatabase::addDatabase("QMYSQL");
    QVariant v = db.driver()->handle();
    if (v.isValid() && qstrcmp(v.typeName(), "MYSQL*")==0)
    {
        MYSQL *handle = static_cast<MYSQL *>(v.data());
        if (handle != NULL)
        {
            mysql_ssl_set(handle, "client-key.pem",
                          "client-cert.pem", "ca-cert.pem",
                          NULL, "DHE-RSA-AES256-SHA");
        }
    }
    
    db.setHostName(settings.value("database/host").toString());
    db.setDatabaseName(settings.value("database/databaseName").toString());
    db.setUserName(settings.value("database/userName").toString());
    db.setPassword(crypto.decryptToString(settings.value("database/password").toString()));
    db.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
    db.open();

To copy to clipboard, switch view to plain text mode 

Well, it works somehow. First, I had problems with certs on the side of the server (at first, apparmor blocked the access to the cert files, then this problem occured. So, the last time I generated the new certs by tinyca, exported it to zip (key+cert), then removed the pass from the key, and only then it finally works.
The user is set up with REQUIRE SSL option, for some reason the server doesn't accept the user when REQUIRE X509 is selected. The strange thing - it connects even when i change all the parameters to NULL. If I call "mysql --ssl -u test -h 192.168.1.8 -p" it does not authorize.
Server runs on Ubuntu Server 11.10, client - on Mint 12, Qt version 4.7.4, MySQL - 5.1.58-1ubuntu1, OpenSSL 1.0.0e.