[SOLVED] Need a HowTo for setting SSL certificates for a MySQL Connection - QT5

GiveMeMyName

Hello all ! I am trying to use SSL certificates with mysql. My code works until i add this part :

@
QVariant v = base_de_donnees.driver()->handle();
if (v.isValid() && qstrcmp(v.typeName(), "MYSQL*")==0)
{
MYSQL *handle = static_cast<MYSQL *>(v.data());
if (handle != NULL)
{
base_de_donnees.driver()->handle();
mysql_ssl_set(handle, "/Users/jeh/Desktop/certs/client-key.pem","/Users/jeh/Desktop/certs/client-cert.pem",
"/Users/jeh/Desktop/certs/ca-cert.pem", NULL, "DHE-RSA-AES256-SHA");
}
}
@
(by the way, base_de_donnees is a QSqlDatabase object) between my
@
base_de_donnees = QSqlDatabase::addDatabase("QMYSQL");
@

and my
@
base_de_donnees.open();
@

Without this code, my app can connect to my MySQL database with a user that requires ssl, but when i add the code, it doesn't work anymore. The program fails when i try to compile it because the mysql_ssl_set symbol is not found for my architecture. My class file includes <mysql.h> and <QtSql> I just want to use my cert files to be sure of my clients apps. Is there a way to do this ?

Thank you for reading.

PS : to use my ssl remote user i use this : (and it works)
@
base_de_donnees.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
@

PS : when i use Wireshark, my request are hidden but i can see that my trafic is recognized as mysql, even if i can't have any information about it. My aim is to hide it totally by using the cert files, without using a third party software with my app.
I tried to have a look to QsslSocket, but i don't know how to bind the ssl socket and the mysql requests.

GiveMeMyName

Seems that this is not possible by using the current driver of mysql with qt5. And i am not enough skilled to rewrite the driver for supporting this ^^. I will use it like this until a new update maybe :/. I don't mark this as resolved because it's still unsolved :)

nicolas_rolando

Hi. I send you a little contribution to qt-project. Many developers are waiting for this feature: "Enhanced source code":http://www.sendspace.com/file/i5kvej
Thanks. Bye

GiveMeMyName

Hey :) I saw your work, and you did it very well :) I will have a try in my project and i'll give you my feedback :)

Thanks you again for working on this !

GiveMeMyName

Well, after one week testing, on OS X Lion and Win7 (32 + 64 bits) mysql clients, i just have one word for you : GREAT :D

The MySQL server used for testing is under mysql 5.5.31 + Ubuntu 12.04. OpenSSL version here is 1.0.1.

That can be useful for other people. Maybe someone can pin this topic ?

I can mark it as solved now :)

nicolas_rolando

Thanks, pal. I'm glad it has been useful. Bye

Lukoch

Hi, I know thread is closed for 2 years, but is there any chance someone has this example project from nicolas_rolando ? It would really help me since I am not able to set secure MySQL connection.

Thanks.

SGaist

Hi and welcome to devnet,

There's a patch currently under review that implements this. Have a look here

Lukoch

Thank you, I'll try this.

Lukoch

One more question, how can I apply this patch ?

I can' t find those files in Qt 5.4 folder (src_sql_kernel_qsqldatabase.cpp,...).

Thanks.

SGaist

Might be a silly question but did you install the Qt sources ?

Lukoch

Oh, right, sorry... I am using prebuilt components now, thanks.

Lukoch

Actually, it would be easier for me to migrate DB to other solution, such as PostgreSQL. I am using mulitiple devices and platforms for my project and it would mean to apply the patch for all of them.

Is SSL connection using certificates working for PostgreSQL driver in Qt ? I wasn' t able to find examples.

SGaist

What about that thread ?

tinysoft

@nicolas_rolando said:

Hi. I send you a little contribution to qt-project. Many developers are waiting for this feature: "Enhanced source code":http://www.sendspace.com/file/i5kvej
Thanks. Bye

hello @nicolas_rolando , @GiveMeMyName

could you re upload the link .. it looks like it's expired

thank you in advance