5.8.7.3. Using SSL Connections with yaSSL
Using MySQL's built-in yaSSL support makes it easier to use
secure connections. You don't have to install OpenSSL and
perform the other steps described in
Section 5.8.7.2, “Using SSL Connections with OpenSSL”. Also, both MySQL and
yaSSL employ the same licensing model.
Currently, yaSSL support is available for these platforms:
To enable yaSSL when building MySQL from source, you should
configure MySQL like this:
shell> ./configure --with-yassl
Note that yaSSL support on Unix platforms requires that either
/dev/urandom or
/dev/random be installed to retrieve true
random numbers. For additional information (especially
regarding yaSSL on Solaris versions prior to 2.8 and HP-UX),
see Bug #13164.
To start the MySQL server with yaSSL support, use the same
options as with OpenSSL support and identify the certificates
needed to establish a secure connection:
shell> mysqld --ssl-ca=cacert.pem \
--ssl-cert=server-cert.pem \
--ssl-key=server-key.pem
--ssl-ca identifies the Certificate
Authority certificate.
--ssl-cert identifies the server
certificate.
--ssl-key identifies the client
certificate.
To establish a secure connection to a MySQL server with yaSSL
support, start a client like this:
shell> mysql --ssl-ca=cacert.pem \
--ssl-cert=server-cert.pem \
--ssl-key=server-key.pem
In other words, the options are the same as for the server,
and the Certificate Authority certificate has to be the same.
To establish a secure connection from an application program,
use the mysql_ssl_set() API function to set
the appropriate certificate options, before calling
mysql_real_connect(). See
Section 25.2.3.64, “mysql_ssl_set()”.
