[SOLVED] Need a HowTo for setting SSL certificates for a MySQL Connection - QT5



  • Hello all ! I am trying to use SSL certificates with mysql. My code works until i add this part :

    @
    QVariant v = base_de_donnees.driver()->handle();
    if (v.isValid() && qstrcmp(v.typeName(), "MYSQL*")==0)
    {
    MYSQL *handle = static_cast<MYSQL *>(v.data());
    if (handle != NULL)
    {
    base_de_donnees.driver()->handle();
    mysql_ssl_set(handle, "/Users/jeh/Desktop/certs/client-key.pem","/Users/jeh/Desktop/certs/client-cert.pem",
    "/Users/jeh/Desktop/certs/ca-cert.pem", NULL, "DHE-RSA-AES256-SHA");
    }
    }
    @
    (by the way, base_de_donnees is a QSqlDatabase object) between my
    @
    base_de_donnees = QSqlDatabase::addDatabase("QMYSQL");
    @

    and my
    @
    base_de_donnees.open();
    @

    Without this code, my app can connect to my MySQL database with a user that requires ssl, but when i add the code, it doesn't work anymore. The program fails when i try to compile it because the mysql_ssl_set symbol is not found for my architecture. My class file includes <mysql.h> and <QtSql> I just want to use my cert files to be sure of my clients apps. Is there a way to do this ?

    Thank you for reading.

    PS : to use my ssl remote user i use this : (and it works)
    @
    base_de_donnees.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
    @

    PS : when i use Wireshark, my request are hidden but i can see that my trafic is recognized as mysql, even if i can't have any information about it. My aim is to hide it totally by using the cert files, without using a third party software with my app.
    I tried to have a look to QsslSocket, but i don't know how to bind the ssl socket and the mysql requests.



  • Seems that this is not possible by using the current driver of mysql with qt5. And i am not enough skilled to rewrite the driver for supporting this ^^. I will use it like this until a new update maybe :/. I don't mark this as resolved because it's still unsolved :)



  • Hi. I send you a little contribution to qt-project. Many developers are waiting for this feature: "Enhanced source code":http://www.sendspace.com/file/i5kvej
    Thanks. Bye



  • Hey :) I saw your work, and you did it very well :) I will have a try in my project and i'll give you my feedback :)

    Thanks you again for working on this !



  • Well, after one week testing, on OS X Lion and Win7 (32 + 64 bits) mysql clients, i just have one word for you : GREAT :D

    The MySQL server used for testing is under mysql 5.5.31 + Ubuntu 12.04. OpenSSL version here is 1.0.1.

    That can be useful for other people. Maybe someone can pin this topic ?

    I can mark it as solved now :)



  • Thanks, pal. I'm glad it has been useful. Bye



  • Hi, I know thread is closed for 2 years, but is there any chance someone has this example project from nicolas_rolando ? It would really help me since I am not able to set secure MySQL connection.

    Thanks.


  • Lifetime Qt Champion

    Hi and welcome to devnet,

    There's a patch currently under review that implements this. Have a look here



  • Thank you, I'll try this.



  • One more question, how can I apply this patch ?

    I can' t find those files in Qt 5.4 folder (src_sql_kernel_qsqldatabase.cpp,...).

    Thanks.


  • Lifetime Qt Champion

    Might be a silly question but did you install the Qt sources ?



  • Oh, right, sorry... I am using prebuilt components now, thanks.



  • Actually, it would be easier for me to migrate DB to other solution, such as PostgreSQL. I am using mulitiple devices and platforms for my project and it would mean to apply the patch for all of them.

    Is SSL connection using certificates working for PostgreSQL driver in Qt ? I wasn' t able to find examples.


  • Lifetime Qt Champion

    What about that thread ?



  • @nicolas_rolando said:

    Hi. I send you a little contribution to qt-project. Many developers are waiting for this feature: "Enhanced source code":http://www.sendspace.com/file/i5kvej
    Thanks. Bye

    hello @nicolas_rolando , @GiveMeMyName

    could you re upload the link .. it looks like it's expired

    thank you in advance


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.